Editor(s)

Mark Lizar, WG Editor

Contributors

Salvatore D’Agostino, WG Chair

Gigliolla Agassini, WG Secretary

Tim Reiniger
Paul Knowles

Tim Lloyd

v. 0.8

Prelude

This PII Controller identification record, is the security part of the minimum viable consent receipt, which is the original work. Its now 4th generation record, it is in the appendix of 29184, it was the basis for the Kantara Consent receipt v1.1, and then ISO/IEC 27560 Consent record information structure.

It was first published as 0PN Schema, in semantics workshop, and is the record that is used to capture PII Controller identification information in the ANCR WG Transparency Performance Report. Wherein, the fields are referenced to an internationally interoperable legal and technical standard.

This specification provides mapping of the controller credential role in multiple jurisdictions, guidance on extending the record to generate a notice and consent receipt.

PR Option:

This ANCR WG Recommendation is open and can be used royalty-free under the ANCR WG IP license, patent and copyright (see: Reciprocal Royalty Free with Opt-out to Reasonable and Non-discriminatory (RAND) license agreement at the Kantara Initiative for its use and contribution to ISO/IEC SC 27 WG 5).

Any derivative use of this specification must not create any dependency that limits or restricts the use, accessibility, and availability of the specification and/or its use to measure the performance of transparency and/or the ability for the PII Principal to receive a notice receipt, or to manage or present a notice receipt as a record of and for the authoritative use of PII Principal consent.

Suggested Citation: (upon WG approval)

Kantara Initiative, 2025: ANCR Transparency Performance Report v 1.0

Conditions for use

License Condition:

This document has been prepared by participants of Kantara Initiative Inc. ANCR-WG. No rights are granted to prepare derivative works of this ANCR Scheme outside of the ANCR WG. Entities seeking permission to reproduce this document, in whole or in part, for other uses must contact the Kantara Initiative to determine whether an appropriate license for such use is available.

Implementation or use of this document may require licenses under third party intellectual property rights, including without limitation, patent rights. The participants and any other contributors to the specification are not and shall not be held responsible in any manner for identifying or failing to identify any or all such third-party intellectual property rights. This Specification is provided "AS IS," and no Participant in Kantara Initiative makes any warranty of any kind, express or implied, including any warranties of merchantability, non-infringement of third-party intellectual property rights, or fitness for a particular purpose. Implementers of this Transparency Performance Indicators specification are advised to review the Kantara Initiative’s website (Kantara Initiative: Trust through ID Assurance )¹ for information concerning any Necessary Claims Disclosure Notices that have been received by the Kantara Initiative Board of Directors.

Dear reader,

Thank you for reviewing this specification in its preparation for publication and contribution. The Kantara Initiative is a global non-profit dedicated to improving secure, private and trustworthy use of digital identifier surveillance through innovation, standardisation, and good practice.

The Kantara Initiative, known internationally for incubating innovative governance technologies, operates Identification Trust Assurance Frameworks to assure digital identification practices are developed with community-led best practices and specifications. Its efforts are acknowledged by OECD ITAC, UNCITRAL, ISO SC27, and other consortia and governments around the world. “Nurture, Develop, Operate” captures the rhythm of Kantara in consolidating an inclusive, equitable digital economy offering value and benefit to all.

Every publication, in every domain, is capable of improvement. Kantara Initiative ANCR WG welcomes and values your contribution through membership, sponsorship and active participation in community driven working groups² that drive all endeavors so that Kantara can reflect its value back to you and your organization.

Copyright: The content of this document is copyright of Kantara Initiative, Inc.
© 2025 Kantara Initiative, Inc.

Introduction

The PII Controller Identification record is specified here as its own specification, along with how it can be used to generate a notice record and consent record and receipt, in line with (proposed changes to 27560 -) for consent capable notice and consent records and receipt.

This specification recommends the use of this core identification record as the preferred stand format for this scheme, so as to interoperate with the ANCR Transparency Performance Reporting PII Controller identification record, which also requires a publically required and open identifier.

In this specification we provide security and privacy considerations for a data goverance role specific to blinding the identification of the PII Controller, linked PII Principal identification information, using the international transparency (aka notice and and consent record and receipt policy and technology framework as specified with the consent receipt v1.1 work)

Terminology

In the appendix there are the ISO/IEC Standards and standard bibliography that this Controller identification, as interoperable with by default.

Access Gateway

• is the safety, security, surveillance, privacy and consent notice access point location and use information

PII Controller Notice identification record

This table consists of the compulsory attributes,

PII Controller refers to the interacting party

Data Controler refers to the the controller accountable for protecting personal data, which is commonly the same or equivalent to the Data Controller;