ISO/IEC 27560 WD5 Consent Record Information Structure Contribution - ISO Liaison

The ANCR WG delivered a readout that focused on a critical security flaw in the existing working draft whereby the PII Principal's identifier is being unnecessarily exposed in the consent record and is no longer under the control of the PII Principal. The readout points to the ongoing efforts at Kantara on the evolution of the Consent Receipt and the current workgroup draft of the ANCR Notice Record which addresses this issue and shows how to make receipts by and for people and under their control independently of service providers. The record uses the open 29100 Framework and the Consent Receipt v1.1. (ISO/IEC 29184 Online privacy notices and consent Annex B.) and maps to the General Data Protection Regulation (GDPR) as well as the Council of Europe 108+ and the 27560 record structure.

The WG also provided 6 comments targeted primarily at security and privacy considerations in the draft. The comments are located here.