Transparency Performance Reporting (TPR) is a novel approach to make transparent digital privacy and data control (sovereignty) is in review as a Kantara Recommendation for public comment by the Anchored Notice and Consent Receipts (ANCR) Work Group.

TPR uses 4 (four) transparency performance indicators (TPIs) to measure the transparency of the PII Controller identification, the indicators are captured in a PII Controller record. (see appendix) In order to capture the compulsory attributes in st indicate the privacy risk to the digital identification of PII Principal.

TPR was developed through three years of multi-stakeholder collaboration and represents a means to make transparent ubiquitous surveillance. The ANCR WG, contributes to implementation of ‘glass-box AI governance’ (ref )by requiring a digitally twinned consent records and receipts for, safety, privacy, security and copyright governance.

ANCR TPR incorporates the International Treaty Convention 108+ adequacy baseline as the international standard for valid consent, by implementing a common methodology applying the ISO/IEC 29100 Framework, generating a controller record used to measure performance of transparency in terms of conformance and security, privacy compliance. (Note: See appendix of TPP specification for mapping the use of the report to measure performance to laws in other jurisdictions)

The ANCR WG, transparency and consent has a 'bottom-up' history, working closely with the W3C Data Privacy Vocabulary Controls CG. Developing from the 2019 Consent Receipt v1.1 specification appearing in the appendix ISO/IEC 29184:2020 Online privacy notice and consent, and since been adopted into the ISO/IEC 27560 TS Consent record information structure, published in 2023.

How Does it Work?

The initial Transparency Performance Report is focused on evaluating the validity, security, sovereignty, and accountability of digital consent. It is a tool to expose dark patterns and secret surveillance. It builds on the consent receipt specification and 27560 standard with a transparency performance report that benchmarks the consent validity and sovereignty in conjunction with digital identification system using 4 Transparency Performance Indicators

Diagram of 4 Indicators

Open

The four TPIs used in reporting measure:

1. Timing of notice

   1. Regarding the initiation of surveillance

2. Content of notice

   1. PII Controller required disclosures (.. Controller Record)

   2. PII Controller Reverse Cookie (could be captured in a receipt and record for the PII Principal)

      1. Who, where, what, why, how, when

3. Access and usefulness of notice

   1. Taste of the Cookie

      1. How good were the answers including their veracity to the above

4. Sovereignty of authority and security

   1. Jurisdictions (Legal) of Principal and Controller

   2. Cryptographic (Technical)

   3. Linked by policy (objects)

This specification includes in the appendix a mapping of roles between privacy instruments including Convention 108+, the international treaty for 56 countries and 2.5 billion people.

Conclusion

Transparency Performance Reporting is a critical step forward for implementing ISO/IEC 27560 and is set to explode into the digital identification industry, it may have taken awhile for laws and standards to catch up, but with transparency performance reporting, surveillance risk and liability can be made transparent. Enabling individuals to control digital identity in context.