Introductions to the ANCR Notice Record v0.8.9

Owned by Mark Lizar
Last updated: Mar 18, 2023
2 min read

Proposed as an international standard for human data control interoperability and data security.

An open notice and consent receipt architecture and a schema structure for extending it.

In this specification the vectors of data control and co-governance provide a common landscape for mutliparty digital interactions.

The Anchored Notice Record (ANCR Record) bridges the operational transparency gap by measuring the PII Controller's transparency performance: not only as an international data exchange baseline, but more importantly as a transparency and data control pulse with invisible service providers.

The ANCR Record provides a global standard for operational transparency and offered as a contribution to ISO/IEC from the ANCR WG, at the Kantara Initiative. This proposed stanadard specifies transparency performance indicators, to make transparent, privacy risk, on a session by session basis, much like bank accounts, to produce a record capturing the presentation of notice. The notice focuses on transparency in data control relationships, including transparency over beneficial ownership.

  1. PII Controller Identifying Credential

    1. Who controls personal data? 

  2. PII Controller Privacy Contact

    1. Is privacy accessible? 

  3. PII Controller Security

    1. Transparency Integrity 

      1. Coherent authority supply chain, policy, data, cryptography 

An annex, is the notice record schema, defined as the base record for the consent receipt schema. The record is relational to a database container, while the receipt is relational to a json consent receipt or json web-token. A token further extends decentralized data control that scales with defaults for service permission/preference architecture for the ANCR’s Record which support the extension of operational transparency for operational privacy management.  Not consent management which is not semantically or technically interoperable with this specification,

The Annex are presented in sequence.

Annex A – the ANCR Record ‘Core’ Schema - specified for the PII Principal to see who control their personal data, for consented data control exchange.

Annex B - Two Factor Surveillance Notice (2FN) (for differential transparency) 

  • A notice that is used to generate granular consent receipts using standards that specify purpose in the same way.  Those generated with the same schema based can be compared to automate notice for operational transparency over changes to privacy state.  

Annex C- Concentric Notice Types 

  • To simplify understanding of what rights and privacy controls are applicable in context, per processing purpose.   Label to facilitate transparency autonomy, for independent access to rights to negotiate data controls with the accountable PII-Controller 

Annex  D – ANCR Record Extensions 

  • Consent is required for the purpose of digital identity management, as well as any additional purpose(s).  

  • The record is structured according to the protocol of first creating a private record of who is in control and accountable.  Before then using this record to track purpose specification, data treatment, and detailed processing practice. 

Annex E -  Purpose Specification –ANCR Mapped with 27560 Schema. 

  • The ANCR Notice Record Schema, is mapped in accordance to the directions provide by ISO/IEC 27560 WD5. Illustrated in the appendix to help support critical flaws in the security considerations and understanding of the requirements for a human centric schema.