Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

3. Normative References

3.1 Convention 108+ Convention for the protection of individuals with regard to the processing of personal data

  1. Council of Europe, Convention 108+, an international treaty expected to be fully ratified in 2025, provides a formal global security and privacy framework.  

  1. It provides the standard instructions and requirements for the signatory countries to implement adequate interoperable privacy law and/or privacy law.

  1. The treaty, in particular transparency of processing, and notification requirements, guides and provides the logic of the performance report and its measures as referenced in the appendix.

  1. It provides an international measure of adequacy in common legal practice.

3.2 ISO/IEC 29100:2024 Security and privacy technique

This standard is open and free to access “relates to PII in all ICT environments, specifying a common privacy terminology; defining the actors and their roles in processing PII; describing privacy safeguarding requirements; and referencing known privacy principles, covering;[AG1] 

·   Actors and roles;

·   Interactions;

·   Recognizing PII;

·   Privacy safeguarding requirements;

·   Privacy policies;

·   Privacy Controls.

·   Source bibliography

3.3 Non- Normative

3.4 EUDPR 2018

·       GDPR (General Data Protection Regulation) covers private sector entities and Member State public authorities.

·       EUDPR (European Data Protection Regulation) focuses on EU institutions' internal operations, ensuring their compliance with data protection standards. While also mirroring the GDPR, the EUDPR includes specific rules for the governance of "operational personal data," which pertains to law enforcement tasks carried out by EU bodies like Europol or Eurojust. These provisions are distinct from GDPR's general framework (Article 70-94)

3.4 Kantara Initiative, Minimum Viable Consent Receipt, & Consent Receipt Specification [1]

(published in ISO/IEC 29184:2020 Online privacy notice and consent appendix, then utilized in ISO/IEC 27560  providing for a common transparency (notice and consent record) schema for Controller identification used to make the report.  

Previously presented in support of Canadian meaningful consent regulation in 2017. https://www.priv.gc.ca/en/about-the-opc/what-we-do/consultations/completed-consultations/consultation-on-online-reputation/submissions-received-for-the-consultation-on-online-reputation/or/sub_or_15/

4. Terms & Definitions

 

 

[1]  Kantara Initiative 2018 - Consent Receipt Specification  v1.1 [Online https://kantarainitiative.org/reports-recommendations/ ]

[AG1]Since a list follows, this sentence should end in a colon.  However, it doesn’t seem like it feeds directly into the list.  Can you adjust?

  • No labels