ANCR-Record: Notice Conformance Profile

Owned by Mark Lizar (Unlicensed)
Last updated: Mar 18, 2023 by Mark Lizar
5 min read

Spec for ANCR Record - For Security 

  • here is a record for identifying if there is enough security for privacy 
  • who is the controller, 
  • what are the applicable laws, and rights 
  • and how are these accessed. 


Here are fieilds

  • to create this security audit record, including locations of people and processing sufficient to provide jurisdiction

PASP - Privacy Access Service Point - defines digital service contact point and information for proportionate access to rights information 

  • there are different performance levels for privacy information access and rights which is captured in this assessment, 
    • Performance 
      • if online and access is provided with a PASP which is an api access fore in conxt privacy then privacy information and controls can be dynamic
        • this field has dynamic,
        • out-of-band,
        • static
      • Access Conformance 
        • access to information in the information according to context
          • linked data - 
    • Confromance 
      • a) if using standards, information access has a higher level of transparency 
        • a person, 
        • self-service
        • bot 
        • mailbox
        • answering machine
        • email 

Consent Type  Defaults 

Consent Types refers to the context of Notice which covers the array of concentric engagement points in which humans provide permissions to generate digital identifiers. 

Normally a static permission, or more frequently an online interaction context in which a relationship to consent is inferred or expressed in some manner.   

  • Other: Not Consent, 
  • delegated
  • Implied
  • implicit
  • expressed
  • explicit
  • directed 
  • altruistic 

****

Here is how to use it →

Audit / use for conformance 

Objective

This ANCR Record specification provides a methodology to audit a notice to produce a Notice Record for generating a  Consent Receipt.  The objective of this documents is to

  1. Provide a set of instructions for recording a notice in a consent(ric) record information structure derived for a Consent Receipt (ref)
  2. To then compare the conformance of the record with a control from ISO/IEC 29183 (a set of rules set by regulations for notice & consent transparency)  

Methodology

This method describes, how to audit a notice to generate an ANCR- Notice Record using ISO/IEC 29100 derived receipt format, which is now published in the ISO/IEC 29184 Annex D, 

The resulting audit is then used for assessing conformance with an ISO/IEC 29184 Online Privacy Notice and Consent control.  In order to demonstrate how the ANCR Notice Record for assessing conformance when creating a digital identifier and processing personal data.

New Field - name, description, reference  



*****************

Field Glossary

(Note: all terms refer to ISO/IEC 29100 and ISO/IEC 29184, Kantara Consent Receipt, adopted for -  for terms, unless they are specified here to further extend terms or definitions in a more granular manner,


This refers to the initial state or context of processing, and data's subject knowledge and or expectation,  prior to the notice or notification. 

Other is used to indicate that the context is not consent, as there is not enough information in the notice, or a data processing context doesn't include consent or a choice for the individual.  These context may be predetermined to be a notice for a different legal justification, exemption, derogation, and the purpose for this.  e.g. your data if you continue, will be processed for security purposes - a) to check for fraud, 

This can be included in the consent context, or the context might be for public surveillance and security where people have no choice. e.g. at the airport. 

Notice

in this document  a) refers broadly to any privacy or surveillance notice, notification or disclosure,  b) a notice that is  presented or represented in a layered information fashion and a linked manner according to context 

Layered/Linked Notice

  • Notice Information Layers
    • ISO/IEC References for Notice 
      • ISO 29184 
    • Notice Signal
      • Privacy as Expected Consent Gateway - a project to produce a privacy notice signal in this work group
    • Notice pop-up
    • notice statement 
    • notice privacy overview
    • notice policy 
    • notice policy clause




Instructions 

  1. Read a notice 
    1. capture the name of the notice provider and enter this into the PII Controller field
    2. collect down the PII Controller Address
    3. collect contact information 
      1. what type - use appendix to indicate dynamic, out-of band, static, in person active
    4. collect link to privacy policy 
    5. collect any links to privacy access information 
  2. Indicate in which concentric manner data has been 
  3. Capture the legal justifications for processing 
  4.  Capture the Notice
    1.  indicate what the expected consent type is  prior to the notice
    2. indicate if personal identifiers are collected prior to presenting the notice
  5. Indicate the legal justification from the 6 categories - 
  6. indicate the personal data is sensitive 
  7. capture purpose description 
  8. capture the authorization scope
    1. frequency 
    2. duration


Q's to add to instructions

  • is the notice linked
  • is there a notice of  risks or possible  harms?
  • is there a privacy information service point / api for dynamic data controls?


Field Name

Type

PII(Y)

Field Label

Description 

Required/Optional

version

string


Schema Version

The version of specification used to which the receipt conforms. To refer to this version of the specification, the string "v1" or the IRI "https://w3id.org/OPN/v1" should be used.

Required

profile

string


Privacy Profile URI

Link to the controller's profile in its registry. 

Required

Notice Location

Array 


Notice Record

Label Notice Receipt 


Required

id

string


Receipt ID

A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122].

Required

timestamp

integer


Timestamp

Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch).

Required

key

string


Signing Key

The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance.

Optional

language

string


Language

Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'.

Required

controllerID

string


Controller Identity

The identity (legal name) of the controller.

Required




Controller Address

jurisdiction

string


Legal Jurisdiction

The jurisdiction(s) applicable to this notice

Required

controllerContact

string


Controller Contact

Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle.

Required

notice

string


Link to Notice

Link to the notice the receipt is for 

Optional

policy

string


Link to Policy

Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided

Required

context

string


Context

Method of notice  presentation, sign, website pop-up etc

Optional




Receipt TypeThe human understandable label for a record or receipt for data processing.  This is used to extend the schema with  profile for the type of legal processing - and is Used to identify data privacy rights and controls 
PASParray

Privacy access service points of contact and access, email, ph, etc. - or PaeCG signal 

  • validation endpoint
Consent Type




Payload 

Notice Text 




****

(To be Moved Later) Case Study: privacy cafe

  • Privacy Cafe Narrative
    • Scenario 1 imagine - first time to a privacy cafe
      • new country, different language, different types of coffee, different currency, different technology, different measures, different ingrediants eg. type of sugar, cream, milk and cup size measures
    • Scenario 2 - a known regular at a privacy cafe close to your home or work 
      • the user experience with high level of consensus
    • Scenario 3 - Digital Twin - Transparency - creating a record and providing receipts 
      • withdraw consent
      • access to use surveillance 
      • audit to see who benefits from personal data in the cafe, out of the cafe
      • audit of the providence of authority
  • Main functionality point is focused on  how dynamic and operational privacy performance is, in proportion to the data processing surveillance.  
    • capacity for the notice to transfer liability for data processing and access to privacy to enable people with controls to mitigate risk 
    • difference between permission for a purpose, or permission for a data base field  
      • having to go into each service and change or withdraw permission
      • or pressing one button to withdraw consent, for many services  
  • The Priavcy Cafe Experience 
    • Human XU - physical governance defaults - notice of (expected) defaults
      • in this context - there can be consent
    • Using the video surveillance in (or public camera outside) a privacy cafe to make a police report, without the need for an information request 
    • Privacy Cafe cookie (session cookies available to visitors)

Identity Governance Findings

  • people are unable to natively use digital identifiers, credentials or digital wallets.  e.g. unable to use a computer or phone to log in, take a picture, or even capture a QR code, which is from   a wide spectrum of accessibility issues, from age-range etc.  Critical is that these range from external circumstances (e.g. security)  to internal use of digital identifiers, as well as the design of the  services provided,  aka usable access to privacy information and rights or for situational, security, personal, physical, age, or simply basic knowledge of, or access to, an identifier technology.
  • this is why proof of notice, (when not in person) is a missing privacy assurance,  that can be captured with an ANCR-Record, a proof which indicates if a person has a) enough information or even b) the capacity to provide systems permissions based on consent.  especially for online services.