ANCR WG 20221012

Roll

@Mark Lizar

@Salvatore D'Agostino

Sharon Polsky

IPR

acknowledged

Minutes

approved 10/5 minutes

Agenda

ok

Work Group Effort Discussion

  1. Top Line - why we are doing this work - open international digital infrastructure

    1. Digital Magna Carta

    2. Put balance back in the power relationship online

    3. Provide the mechanism to assert control

      1. See the current state of that control

      2. Address the gaps to be able to assert control

        1. Use the legal privacy state

  2. What is the publication going to cover (short term work group effort)

    1. Notice Record Framework for Legal Justification

      1. includes extensions

        1. Making the Record for any legal justification

          1. Specifying the purpose for the justification

            1. Mapped to 27560

          2. Data treatment and Identification of legal rights (contextual to purpose and jurisdictions)

          3. Extension by Code of Practice

    2. Tasks

      1. Split out

    3. What is the rest of work and roadmap

  3. What will be done in this WG (and elsewhere) and charter update

  4. How do we do outreach to support that effort

    1. Blog Topic Items

      1. regulating digital identity with inclusion

      2. top line - promoting the work - to get sponsors and members

        1. Kantara Community

        2. Want the advocate support

        3. ToiP

ANCR Record

See above on how to break it up

ISO Update

No further

Auth C Framework

Data Control impact assessment that focuses on the transparency requirements in laws and standards.

Trust is relative to the stakeholder

WHiSSPRr (White Hat Identity, Surveillance, Security, and Privacy , Risk Report) is a way to measure this

Start with DPIA (get an example)

Does the person going through the privacy impact assessment actually understand the “checklist”

An example is Body Worn Camera report in camera, and the limited privacy impact assessment (8 pages out of 300+).

Add 2FN to 2FA for identity management (as a way to show an actual consent flow)

Work this at the top level (legal) and use GDPR language

Answer the Why? question.

Is privacy shield update adequate?

Does this change anything?

Related Activity

https://www.osano.com/articles/what-is-a-ropa-gdpr-requirements-for-record-of-processing-activities

 

Any Other Business

Michel, Ontario SSI effort, need something more than we have now.

Direction on how to use these (ANCR) tools.

Senator Wyden