ANCR Record Extensions
There are 3 Extension and a protocol for how to use the extensions for trustworthy. id.
Â
The anchor record is captured or generated for the explicit control of the PII Principal.  This record, standardized with ISO/IEC 29100 security and privacy technique framework, can then be used for transparency interoperability.  Â
The Anchor record and linked consent ledger is used by the PII Principal to track the state of privacy and status of consent for dynamic data controls for bilateral (peer to peer) interaction.    The anchor record is minted with the PII Controller ANCR record and in this way extended by a product or service purpose specification. Â
Privacy State (tentative)
Â
The legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller....
At any rate the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place. The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing Â
The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. Â
(GDPR Rec 47Â
Privacy State Notification Types (tentative)Â
reference the expected processing for a specified purpose in reference to common law (
Â
The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. Â
Â
Processing is ‘as expected’ NotificationÂ
unverified Â
As expected, Â
not as expected, Â
minor change in state, Â
material change in state , Â
PII Principal Â
Â
Transparency Status Â
Â
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, inter alia, as appropriate:Â Â
Â
(Conv. 108+ Art 33.1)Â
Transparency Status TypesÂ
Not-AvailableÂ
In-ActiveÂ
ActiveÂ
Active & OperationalÂ
Active & DynamicÂ
Â
Â