ANCR Notice Credentials for Digital Transparency & Privacy

Overview

The ANCR WG specifications (currently in the active drafting phase) present the use of anchored notice and consent receipts as credentials for authorizing digital identity relationships and directing consent to govern the use of digital identity technologies. Operational transparency is defined by international privacy Convention 108+ utilizing the free to access ISO/IEC 21900 security and privacy framework, which is used operationally (MECE principle ) to specify roles, relationships, for security and privacy for governance interoperability online.

ANCR refers to an Anchored Notice and Consent Receipt, which are credentials anchored by human control when online. They are used to enable digital security and privacy that people can trust using records of processing activities (receipts) for digital identity and surveillance technologies.

The core concept for Anchored record control to provide transparency over trust is the core purpose of the anchored record. Which can be held by a human to control its use to share and disclose data, replacing and enhancing the ‘I Agree’ + ' Privacy Policy' check box with operational transparency and directed (standardized) electronic consent. (different than what is online today)

Key ANCR Assurance Specification documents

  1. introduction to Levels of Operational Transparency and Governance Risk Assurance,

  2. Transparency Performance Indicators - for assessing for operational governance and its performance -

  3. The Notice Receipt/Record and PII Controller Notice Credential format to identify the PII Controller (AP + Data Privacy Officer).

  4. Transparency Code of Conduct (International Convention 108+ for governance interoperability with ISO/IEC 29100 security and privacy framework for systems (as digital privacy is not valid without security)

    1. For Levels of Operational Transparency Assurance

  5. Consent Receipt v2 ANCR Credential Set (Consent Tokens)

Framework Component Specifications

  1. Differential Transparency (AuthC Protocol)

  2. Two Factor Concentric Notice

  3. Concentric Notice Labels

  4. Data Control Risk Assessment

Purpose of Use

  • Digital Privacy - Co-Regulatory Framework for all stakeholders

  • Consent for trans-boarder flows - with Consent Tokens for the individual to authorize trans-boarder flow and access control to PII Principals PII