ANCR WG 20220216

Roll

Paul Knowlese

(quorate)

IPR

Notice Conformance Fields for Specifying ANCR Record Spec

Purpose

ANCR Specification, provides instructions to audit a notice with these fields.

How to audit a notice to make an ANCR Record using ISO/IEC 29100 receipt format, which is published in the ISO/IEC 29184 Annex D,

The resulting audit can be used for ISO/IEC 29184

What are the Purpose of Auditing a Notice and creating an ANCR Record ?

conformance measurement

ANCR - Specification a record of notice and application of a conformance scheme (containing a profile and a test) . e.g. GDPR or ISO/IEC 29184 -

This audits a notice for information that is required if information is processed in a way that is processed digitally/remotely

Field Name	Type	PII(Y)	Field Label	Description	Required/Optional
version	string		Schema Version	The version of specification used to which the receipt conforms. To refer to this version of the specification, the string "v1" or the IRI "https://w3id.org/OPN/v1" should be used.	Required
profile	string		OPN Privacy Profile URI	Link to the controller's profile in the OPN registry.	Required
Notice Receipt	string		Type of Notice Receipt	Label Notice Receipt	Required
id	string		Receipt ID	A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122].	Required
timestamp	integer		Timestamp	Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch).	Required
key	string		Signing Key	The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance.	Optional
language	string		Language	Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'.	Required
controllerID	string		Controller Identity	The identity (legal name) of the controller.	Required
			Controller Address
jurisdiction	string		Legal Jurisdiction	The jurisdiction(s) applicable to this notice	Required
controllerContact	string		Controller Contact	Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle.	Required
notice	string		Link to Notice	Link to the notice the receipt is for	Optional
policy	string		Link to Policy	Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided	Required
context	string		Context	Method of notice presentation, sign, website pop-up etc	Optional
			Receipt Type	The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls
			Notice Text
			Accountable Person Role

TASKS

Write ANCR Spec
Things to do next
- mapping to ISO standards - can be done with an OCA - mapping overlay.
- Example Case Study for GNAP and OpenIDConnect
  - Childrens Surveillance Sign for Classrooms - Recording for YouTube in school - etc. (audit the notice for eLearning, and use on YouTube)
    - Read the sign the and collect the information and add to this form - made with OCA from these fields
    - Name of the Controller
    - research
- Person interaction with ANCR Record (fields required for access to privacy rights)
  - Rights

1. 1. Right to be heard and complain
    1. Privacy Rights Information Request
    2. Audit #2 - Individual - audit and use of the notice
    3. receipt is created
2. Questions: Location of the Privacy Notice -
  1. Where I am reading it from
  2. Digital Address for the Notice

Overlay Capture Architecture

Applies - core ANCR record is the capture base
- usable to represent in the required credential and micro-credential
- a receipt which is signed becomes a micro-credential
Subset overlay can be used for micro-credentials
Attribute Types - Ref