ANCR PII Controller Identification Record v0.8 (for 27560 Profile)
ANCR PII Controller Identification Record v0.8.4 (for 27560 Profile)
By: Mark Lizar
Framing (concise)
The PII Controller Notice Identification Record is a common public format containing legally required controller attributes, so the information is operationally usable.
This information is required to be provided consistently such that it is Provided, Open, Accessible, Verifiable, and proportionate and fit for purpose.
This is public transparency infrastructure. It is the bedrock upon which information can be trust-capable.
Reference: ISTPA (p.64) operational privacy principles.
Background (why notice comes first)
Through deep research conducted through the development of the Minimum Viable Notice Consent Receipt for digital-id technologies, we discovered that notice is technically the governance vehicle for digital consent.
All jurisdictions and laws require notice. In fair systems, notice must come before an individual is required to make a decision. This is because transparency requires both notice and awareness.
The research behind this is extensive. Add an appendix or a link to Global Privacy Rights Controls.
Prelude
This PII Controller identification record is the security part of the minimum viable consent receipt, which is the original work. It is now 4th generation record. It is in the appendix of 29184. It was the basis for the Kantara Consent receipt v1.1, and then ISO/IEC 27560 Consent record information structure.
It was first published as 0PN Schema, in semantics workshop, and is the record that is used to capture PII Controller identification information in the ANCR WG Transparency Performance Report. The fields are referenced to an internationally interoperable legal and technical standard.
This specification provides mapping of the controller credential role in multiple jurisdictions, and guidance on extending the record to generate a notice and consent receipt.
Normative
MVCR Consent Receipt
PR Option
This ANCR WG Recommendation is open and can be used royalty-free under the ANCR WG IP license, patent and copyright (see: Reciprocal Royalty Free with Opt-out to Reasonable and Non-discriminatory (RAND) license agreement at the Kantara Initiative for its use and contribution to ISO/IEC SC 27 WG 5).
Any derivative use of this specification must not create any dependency that limits or restricts the use, accessibility, and availability of the specification and/or its use to measure the performance of transparency and/or the ability for the PII Principal to receive a notice receipt, or to manage or present a notice receipt as a record of and for the authoritative use of PII Principal consent.
Suggested Citation (upon WG approval):
Kantara Initiative, 2025: ANCR Transparency Performance Report v 1.0
Conditions for use
License Condition:
This document has been prepared by participants of Kantara Initiative Inc. ANCR-WG. No rights are granted to prepare derivative works of this ANCR Scheme outside of the ANCR WG. Entities seeking permission to reproduce this document, in whole or in part, for other uses must contact the Kantara Initiative to determine whether an appropriate license for such use is available.
Implementation or use of this document may require licenses under third party intellectual property rights, including without limitation, patent rights. The participants and any other contributors to the specification are not and shall not be held responsible in any manner for identifying or failing to identify any or all such third-party intellectual property rights. This Specification is provided "AS IS," and no Participant in Kantara Initiative makes any warranty of any kind, express or implied, including any warranties of merchantability, non-infringement of third-party intellectual property rights, or fitness for a particular purpose. Implementers of this Transparency Performance Indicators specification are advised to review the Kantara Initiative’s website (Kantara Initiative: Trust through ID Assurance) for information concerning any Necessary Claims Disclosure Notices that have been received by the Kantara Initiative Board of Directors.
Dear reader,
Thank you for reviewing this specification in its preparation for publication and contribution. The Kantara Initiative is a global non-profit dedicated to improving secure, private and trustworthy use of digital identifier surveillance through innovation, standardisation, and good practice.
The Kantara Initiative, known internationally for incubating innovative governance technologies, operates Identification Trust Assurance Frameworks to assure digital identification practices are developed with community-led best practices and specifications. Its efforts are acknowledged by OECD ITAC, UNCITRAL, ISO SC27, and other consortia and governments around the world. “Nurture, Develop, Operate” captures the rhythm of Kantara in consolidating an inclusive, equitable digital economy offering value and benefit to all.
Every publication, in every domain, is capable of improvement. Kantara Initiative ANCR WG welcomes and values your contribution through membership, sponsorship and active participation in community driven working groups that drive all endeavors so that Kantara can reflect its value back to you and your organization.
Copyright: The content of this document is copyright of Kantara Initiative, Inc. © 2025 Kantara Initiative, Inc.
Introduction
The PII Controller Identification record is specified here as its own specification, along with how it can be used to generate a notice record and consent record and receipt, in line with (proposed changes to 27560) for consent-capable notice and consent records and receipt.
This specification recommends the use of this core identification record as the preferred stand format for this scheme, so as to interoperate with the ANCR Transparency Performance Reporting PII Controller identification record, which also requires a publically required and open identifier.
In this specification we provide security and privacy considerations for a data governance role specific to blinding the identification of the PII Controller, linked PII Principal identification information, using the international transparency (aka notice and consent record and receipt policy and technology framework as specified with the consent receipt v1.1 work).
Terminology
In the appendix there are the ISO/IEC Standards and standard bibliography that this Controller identification is interoperable with by default.
Conformance language
The key words MUST, SHOULD, and MAY in this document are to be interpreted as described in RFC 2119.
MUST: required for conformance.
SHOULD: recommended for conformance unless superseded by a documented and justified derogation.
MAY: optional.
Access Gateway
An Access Gateway is the safety, security, surveillance, privacy, and consent notice access point location and use information.
PII Controller Notice identification record
This table consists of the compulsory attributes.
PII Controller refers to the interacting party.
Data Controller refers to the controller accountable for protecting personal data, which is commonly the same or equivalent to the Data Controller.
PII Controller Identification Record attribute | Controller ID Object | Type | Field / key | Notes | Requirement |
|---|---|---|---|---|---|
PII Controller Identification Record attribute | Controller ID Object | String | controller_id_object | _ | Required |
2 | PII Controller Identity | object | [piiController_identity] |
|
|
| PII Controller Name | String | piiController_name | Company / organization name | MUST |
| PII Controller address | String | piiController_address | _ | MUST |
4 | PII Controller contact type and info | Varchar(n) | piiController_contact_email | correspondence email | MUST |
8 | PII Controller SSL Certificate | BLOB | piiController_sslcertificate | A capture Website SSL | MUST |
| means of accessing privacy rights and controls | VarChar(max) | pcpL | the end point address for privacy information and service access | MUST |
7 | Notice and Privacy Access Point | Varchar | piiController_www | URL of website (or link to controller application) | MUST |
8.1 | Controller public identifier (open, resolvable) | Varchar | controller_public_id_uri | Public, resolvable identifier for the controller, suitable for cross-domain and cross-border use. Value MAY be any URI scheme (no scheme restriction in this version). | MUST |
9 | Notice & Permission Access Point Types (pcpT) | Object |
| pcpType |
|
| Access Gateway AG_MailAddress | object |
| mailing address | MUST |
| AG-Profile | String | pcpProfile | Privacy Access Point Profile | SHOULD |
| AG-InPerson | String | pcpInperson | In-person access to privacy contact | SHOULD |
| AG-Email | Varchar | pcpEmail | PAP email | SHOULD |
| AG-Phone | char | pcpPhone | Privacy access phone | SHOULD |
| AG-PIP- URI | Varchar | pcpPip_uri | privacy info access point, URI | SHOULD |
| AG-Sform | Varchar | pcpForm | secure environment pii capture form form URI | SHOULD |
| AG-bot | String | pcpBot | privacy bot, URI | SHOULD |
| AG-cop | String | pcpCop-loc | code of practice certificate, URI of public directory with pub-key | SHOULD |
| AG-other | string | pcp_other | Other | MAY |
10 | AG Policy Meta - link, notice id, statement id, label | text | pcpn/ | the means of privacy | MUST |
11 | Derogation (exception) reference | Varchar | derogation_reference_uri | URI to the documented derogation record that supersedes one or more SHOULD requirements | SHOULD |
12 | Derogation reason | text | derogation_reason | Human-readable justification explaining why one or more SHOULD fields are not provided | SHOULD |
13 | Derogation scope | text | derogation_scope | Identifies which requirement(s) the derogation applies to (e.g., which Access Gateway subfields) | SHOULD |
14 | Derogation authority | text | derogation_authority | Authority basis for the derogation (policy, statute, order, instrument, or code of practice) | SHOULD |
15 | Derogation validity period | date | derogation_valid_until | When the derogation expires or must be reviewed (if applicable) | MAY |
Change log
Version | Date | Change summary |
|---|---|---|
v0.8 | 2025-12-17 | Published as ANCR PII Controller Identification Record v0.8 (for 27560 Profile). |
v0.8.1 | 2026-02-25 | Drafted in Notion for editing. Added framing sections, clarified intent, and began normative cleanup for implementer use. |
v0.8.2 | 2026-02-25 | Defined conformance language (MUST/SHOULD/MAY) and set Access Gateway subfields to SHOULD unless superseded by a documented derogation. |
v0.8.3 | 2026-02-26 | Added machine-auditable derogation fields to support documented exceptions to SHOULD requirements. |
v0.8.4 | 2026-02-26 | Added required controller public identifier field (open, resolvable) to support verifiability and portability. Allowed any URI scheme. |