Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »


Privacy as Expected is explained technically as legal standard for human expectation used here to apply rights in Online context.    This use case for proving a general took for identity and trust governance interoperability.  E.g. the use of rights based controls
le decentralized identity and data governance semantic standards for notice and consent.  (Human centric Identity & Trust)  The ISO standardized notice and consent definition and terms provide an international basis for legal notice and consent governance semantics and interabioity.   These are used to standardize (or provider transparency over) system identity permissions and data controls, independent of the service, to provide a privacy as  expected signs.  

Simply put, standardized notice infrastructure, for messaging  (aka receipt) architectures.   These semantics standards are usable to enhance  privacy policies with semantics made with privacy law.  

As humans we are decentralized, in the physical world the trust framework is local to a person.    To extend this digitally, these set of interoperable semantic standards ( are used to provide a broadcasted identity and trust  UI) that is human 'Consent Centric" and a legal baseline for notice and consent receipts.   

This PaE signalling operates on a  public set of rules/laws that  people can use locally to see, share and communicate about data surveillance, security and privacy risks. Independently of a digital identity management system or protocol.  Another term for this, is co-regulation.

Signalling Protocol for Active State for dynamic Risk Transparency


PaECG project, implements a simple visual signal that compares the anchor receipt against the current digital notice (using the standardized notice control language) to show the active state of the digital identity in a decentralized way.

The privacy and consent is what is expected.  The first step, is display the  PII Controller's credential for a specific service and data processing context.  Privacy as Expected, can also be seen as a legal expression of the active state of notice relative to the individual, so the person can see if this the privacy they expect.  

Online, these privacy risks extend to digital identity, surveillance and the security of the surveillance.  Without transparency over these relationships, the technology is un-trustworthy.

To achieve this a first consent receipt is generated and this then provides the baseline for the active state of the controller.   This is then compared against the current state of privacy by comparing the next notice receipt state to that of the anchor receipt.   This produces a standards based active state security signal, that can scale trust to consent. This is demonstrated with the PaE:Consent Gateway project funded by the EU NGI Trust grant. 

https://privacy-as-expected.org/


In the PaE.G project we specify the use of the Active State Tranparency Risk signal for use with web browsers, and aim to show the active state of Surveillance capitalism is what people expect, and to provide a way for people to use their rights (with a receipt) independent of the website. 

What is the Challenge?

The internet is missing the active state, or context of people, and most identity management efforts are about activating the identifier for the individual. Representing the  signalling gap required to indicate a level of (trustworthiness)/transparency - independent of the service provider.  Specific to context.  An online privacy policy or static document doesn't provide active state information about the legal entity, purpose and context of use.   All of which is required in privacy legislation and security standards in one way or another. 

For this challenge we have a simple but very powerful technology called a receipt.  Which is a notice of a record for an active state, for example, a record of transaction can be capture with a receipt.  this technology was developed when shipping goods so the receiver could see if the stock received was the same as the stock shipped. 

In essence, it is this technology that is advance for active state for online services, which like money on a credit card is invisible to the person in context.  The receipt fulfils the same purpose of a record and it required an international standard so that it can be used across technical, legal and social domains. 


UI : Basic Active State - Visual Signal Specification for human Identity  and Trust 

  • a person generates  a notice receipt for an online website based interaction, and then when returning to this website,  generates another receipt.  The 2 receipts are compared for changes in the known active state.    This then provides the active state signal to indicate if privacy is as expected, (or not). 

    • if the signal is green - their is no need for a cookie notice or privacy ritual 


    • if the signal is yellow - then legally a notice is required to be provided, the person can ignore, accept, refuse these notices 
    • if the signal is red - then a notice is legally required to maintain system permissions and to manage a consent (which is technical no longer valid) for example a data breach. 
  • Extending the existing policy, security, technical laws and standards with PaeCG, is the design goal of the effort. 

 Overview Privacy as Expected : Consent Gateway

In this document there is the principle reference and any new/proposed principles for the use of receipts for Active State Transparency with Semantically Standardized Governance language. 

The aim of the PaeCG signalling protocol is to extend existing digital identity security and privacy governance schemes with an overarching privacy operator risk and liability scheme that meets legal and social, security, privacy and surveillance expectations. 

This project is named to indicate a common and standardizable path for a consent gateway for browsers and services online to display an active state of legal entity transparency the standards and law providing a common language for broadcasting. 

Simple in mechanics, the way it works, the first time a notice of the Controller identity is captured it generates an ANCR receipt, which is then linked for any additional receipts for that relationship.  The receipt is identity management/org relationship receipt.  Thisn ANCR receipt is used to provide proof of notice of legal identity, addressing key consent,  provide permission and for a person to manage their own consent.  an identifier relationship is created and tracked, this removes the need to provide the same notice of who the controller is, everytime a person access a website.  

Receipt Signal Protocol

The receipt signal is generated after the first notice is provided and a receipt is stored by the person.  (aka in a Master Identity Controller-plugin) and is usable of a proof of notice.  This first receipt becomes the ANCR receipt id for that relationship for the person and software used for personal data management. 

The next time a person comes to this website, a new notice of controller receipt is generated and then linked to the ANCR receipt ID.  If it is the same state - the signal in the icon will be green, if it is the same legal entity and same surveillance and  policy.  If there is a change, then the icon would be yellow or red, depending on how material the change in status of the legal entity (or more specifically the PII Controller) since the last time the receipt is provided.  Nominally this is defined by scope of the Surveillance and measured by the number of identity management relationships active at any one time. 

 In Context Notifications for identity system permissions

Identity Management Requires that a state change notification for privacy should at a minimum be linked to a log detailing the change using standard (semantics) so that this can automatically be understood by people.  

When combined with a receipt, this notice can be used to provide an active state signal, that is specific to the context and person (human centric) view of  the state of Controller of the online service.  This transparency is a universal notice requirement for processing personal data, as it is required in all privacy laws and is required unless there is  a specified legal exemptions and derogations.    Which should be noticed to people as a surveillance risk. 

The opposite of a cookie, it captures the identity surveillance relationship and the policy state so that people can a) the see and identify the relationship according to purpose b ) what state the relationship  is in the next time the service is used and/or wants permission to process personal information. 

This basic signalling protocol, can be further extended to the services that process personal data for notice of consent, and can then be used to manage rights and the relationship of the consent for a consent lifecycle.  For example a consent notice receipt. 

This then becomes a usable identity governance framework providing a degree of usable transparency to mitigate online service risks and is required for healthcare and medical research, contract tracing and the like. 

Where notice and consent is positive, the provider is responsible for its quality and accuracy of notices and notifications .   When active state is implemented/mandatory in an environment then people can control their information and experience in a more dynamic way directly without intermediaries for much higher trustworthiness.

As oppose to just T&C's this can be further enhanced to enable people and orgs to use privacy law as a trust framework directly, to supersede terms and conditions, with transparency independent of services and in-additions to terms and conditions.



  • No labels