Overview: Anchored Notice and Consent Record Specifications

Owned by Mark Lizar
Last updated: Aug 24, 2023

The ANCR workgroup works on a notice record information structure with a charter specifically focused on creating an opening and interoperable digital transparency, for digital identity management technologies.

There are 3 specifications and a ANCR Trust framework under development worked on in this work group. Which are intended to be applicable to all data processing

  1. Notice Record

    1. The notice record is the minimum viable record and the core component to the trust anchor notice record and receipt transparency framework. The notice record is specified so that anyone can generate a record and use it to assess the performance and trustworthiness of PII Controller identity and contact information.

  2. Transparency Performance Indicators (TPI’s)

    1. There are 4 TPI’s that are specified here to assess the conformance of transparency with privacy law

      1. TPI 1, at what point is PII captured? Before, during or after notice and or permission is first provided?

      2. TPI 2, is the required PII Controller identity and contact information provided in the notice ?

      3. TPI 3, how accessible is this information ? first screen, link to second screen? etc

      4. TPI 4, does the SSL certificate (or public key) match the PII Controller id information, is it registered?

  3. Controller Notice Record and Credential

    1. the addition of a

      1. record id (digital identity management technology)

      2. public and privacy key pair

    2. to create a notice transparency credential that is used to create a signed and encrypted notice record (or micro-credential)

Notice Record Standards

  1. The notice record is made with the open and free to access ISO/IEC 29100 Security and Privacy Framework extension of ISO 27001 Security Framework.

2. The notice record, transparency performance indicators are designed for assessing conformance to ISO/IEC 29184 - Online privacy notice and consent standard as well as specific privacy legal requirements. This work extends to, and is interoperable with the Kantara Consent Notice Receipt, which is in Annex B of 29184.

ANCR Framework

The notice record specifications are the basis for the overarching Anchored Notice Record and Receipt Framework.