ANCR WG 20220216
Roll
@Salvatore D'Agostino (Unlicensed)
@Mark Lizar (Unlicensed)
@vitor jesus (Unlicensed)
Paul Knowlese
(quorate)
IPR
Notice Conformance Fields for Specifying ANCR Record Spec
Related work https://wiki.trustoverip.org/display/HOME/Privacy+Controller+Credential+Specification
Purpose
ANCR Specification, provides instructions to audit a notice with these fields.
How to audit a notice to make an ANCR Record using ISO/IEC 29100 receipt format, which is published in the ISO/IEC 29184 Annex D,
The resulting audit can be used for ISO/IEC 29184
What are the Purpose of Auditing a Notice and creating an ANCR Record ?
conformance measurement
ANCR - Specification a record of notice and application of a conformance scheme (containing a profile and a test) . e.g. GDPR or ISO/IEC 29184 -
This audits a notice for information that is required if information is processed in a way that is processed digitally/remotely
Field Name | Type | PII(Y) | Field Label | Description | Required/Optional |
version | string |
| Schema Version | Required | |
profile | string |
| OPN Privacy Profile URI | Link to the controller's profile in the OPN registry. | Required |
Notice Receipt | string |
| Type of Notice Receipt | Label Notice Receipt | Required |
id | string |
| Receipt ID | A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122]. | Required |
timestamp | integer |
| Timestamp | Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch). | Required |
key | string |
| Signing Key | The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance. | Optional |
language | string |
| Language | Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'. | Required |
controllerID | string |
| Controller Identity | The identity (legal name) of the controller. | Required |
|
|
| Controller Address |
|
|
jurisdiction | string |
| Legal Jurisdiction | The jurisdiction(s) applicable to this notice | Required |
controllerContact | string |
| Controller Contact | Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle. | Required |
notice | string |
| Link to Notice | Link to the notice the receipt is for | Optional |
policy | string |
| Link to Policy | Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided | Required |
context | string |
| Context | Method of notice presentation, sign, website pop-up etc | Optional |
|
|
| Receipt Type | The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls | |
|
|
| Notice Text |
| |
|
|
| Accountable Person Role |
| |
|
|
|
|
|
TASKS
Write ANCR Spec
Things to do next
mapping to ISO standards - can be done with an OCA - mapping overlay.
Example Case Study for GNAP and OpenIDConnect
Childrens Surveillance Sign for Classrooms - Recording for YouTube in school - etc. (audit the notice for eLearning, and use on YouTube)
Read the sign the and collect the information and add to this form - made with OCA from these fields
Name of the Controller
research
Person interaction with ANCR Record (fields required for access to privacy rights)
Rights
Overlay Capture Architecture
Applies - core ANCR record is the capture base
usable to represent in the required credential and micro-credential
a receipt which is signed becomes a micro-credential
Subset overlay can be used for micro-credentials
Attribute Types - Ref