- Created by Mark Lizar on Dec 06, 2023
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
Version 1 Next »
This is a draft page for review
👋 Welcome to ANCR WG
This work group engineers Digital Privacy Transparency with records and receipts specifications
📈 Team metrics |
---|
ANCR: Digital Privacy Transparency Compliance and Conformity Assessment Scheme DPT Scheme Draft #1 Updated ON TRACK Notice Credential #2 Updated ON TRACK ANCR Record Structure #3 Updated ON TRACK / OFF TRACK |
✨ About ANCR |
---|
ANCR stands for (Anchored Notice and Consent Receipt) The term anchor refers to a generated notice or consent receipt record, which enables people with digital privacy transparency using law as code standards, for digital governance interoperability. |
📸 Meet the team | |
The content of this macro can only be viewed by users who have logged in. Co-Chair | The content of this macro can only be viewed by users who have logged in. Co-Chair & Editor |
The content of this macro can only be viewed by users who have logged in. WG Secretary |
📡 Our blog | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
![]() Salvatore D'Agostino posted on Jun 06, 2024
(this is a draft blog post, pending WG approval) Support Open ISO Standard to Scale Digital Privacy Transparency and make privacy and consent freeWorking Group 5, with which Kantara has had a liaison agreement since … at its most recent in-person meeting in Manchester, is taking action with regards to publicly available standards. The Anchored Notice and Consent Work Group (ANCR WG) unanimously approved a request to the Leadership Council (LC) to support efforts to restore ISO/IEC 29100 Information Technology - Security Techniques - Privacy Framework as an open standard. It incorporates basic privacy principles stemming from the 1970’s and the Fair Information Practice Principles (FIPPs). At present the standard is no longer publicly available and has been updated to a 2024 version. Action is being taken to make this open again. As a workgroup we strongly support this recommendation and action. In addition, there is an effort to make ISO/IEC 27560:2024 Consent record information structure and open standard. As a workgroup we also request support of the LC in this effort as well, and only if this is done in combination with ISO/IEC 29184:2020 Online privacy notices and consent. The notice and consent specification provides critical transparency requirements and security and privacy controls that can be used by people to manage their digital identities. These 3 standards together provide an operational transparency framework and architecture enabling security for infrastructure and services with privacy and consent by default. Why open access matters The business case for standardizing digital transparency International impact and interoperability Scaling Digital Privacy Transparency of Your Identity ANCR WG tools assess the transparency conformance and compliance of PII Controllers security, privacy and transparency. The notice record and receipts are digital identity credentials that benchmark compliance utilizing 29100, 29184, and 27560 natively. These standards when required to be open make it possible to scale standardized digital privacy transparency in the international Commonwealth. For 'Digital Identity Surveillance and Trust' this means people can see and therefore have the opportunity to trust, when personal data is processed by digital identity technologies and agents. Solving security and trust issues involved in identifying ones self for service processing personal data. The Call to Action For ISO this enhances the adoption of paid for standards, and for Kantara the opportunity to enable a 100% completely inclusive trust technology to enable the ethical and secure use of digital identity management and its society surveillance. This means in ANCR WG we are able to assess the transparency, mis-information and compliance of any identity management framework, protocol, technology or notice, for how trustworthy it is for the individual. The ANCR WG’s draft Transparency Performance Scheme for creating conformant PII Controller records are a legal record of processing that provides proof of knowledge, missing online today. Without knowledge and transparency over the choices we make online and who benefits from them, we act without truth or digital freedom. To further this work and utilize 29184 we invite Kantara Initiative to support an international standard for digital privacy transparency and digital identity that complies with consent. Lets demand notice record and consent receipts together. Support the vision of the ANCR WG, help people can see the impact their choices have on themselves, family, community and society, so that we can collectively address the challenges we face in digital identity management today. ![]() Mark Lizar posted on May 25, 2024
This year ANCR WG and 0PN Digital Transparency Lab teamed up to present a report on Canada’s Bill C 27, extending the ANCR Transparency Performance Scheme, with a Canadian Bill C27, WHiSSPR Report, referring to a White Hat iDentity, Surveillance, Security, Privacy Risk Report. With a special Jan 28 podcast with Joni Brennan, Sharon Polsky, Gigi Agassani and myslef (Mark Lizar). Incredibly, the report is quite short as Bill C27 failed basic digital privacy requirements of a) requiring the identity of the PII Controller Credential for surveillance and b) doesn’t required any records of processing activities. The report highlights some of the implications of this to the Digital Identity Industry and the security of Canadian data. It delves deeper assessing the integrity of the law in contrast to the international data privacy law framework and standards that are coming into force in 2024 or 2025. To find out more about what is going on check out the Digital Transparency Lab WHiSSPR Report News Letter. ![]() Mark Lizar posted on May 25, 2024
May 24, 2024 ANCR (Jedi Privacy Day) WG Report : For International Digital Security and Privacy Community
IntroductionDigital Transparency refers to Record and Receipt specifications for Record of Processing Activities, (contributed as 27560 Consent Record Information Structure to JTC1/SC27/WG5 after 6 years of community group development @Identity Commons, called Identity Trust WG ) The study and specification of Consent by Design has been evolving at Kantara since 2012 Call for standards collaboration at W3C - Do not Track and Beyond conference. The transparency record and receipt model mimicks secure currency exchanges by prioritizing the privacy principle of transparency and accountability over choice and consent, placing this as the first privacy principle (as opposed to the 4th in 29100) for PII Principal centric data trust and governance. The work is contributed to the commons governance framework, which in it’s latest Commonwealth iteration is the Council of Europe’s Convention 108+ as the international legal adequacy base line for transparency modalities required for security and privacy regulation. The foundation for internet based data governance technologies to interoperate, using the PII Controller Notice Record and Credential to specifically govern identity management technology. Our focus in the Kantara Initiative and the Digital Transparency Lab has been records an receipts and to demonstrate how to govern mis-information, in digital identity management standards using an ISO/IEC 29100 specified record framework. Consent by Design is specified in a number of ways,
Standardised Digital Privacy Transparency(SDPT) is conceptualized much like bank accounts, in which every personal data processing activity is recorded, and where services provide a record to the bank and the receipt to the individual when interacting with currency. SDPT, requires that all surveillance, data processing, capture, and inference be identified, notified, with the risks of secondary and extra-territorial disclosure, provided through notification just in time, prior to processing dynamically in context, to provide high assurance. Notification, notification and disclosure requirements for technologies performance internet based governance functions are specified in Commonwealth International Privacy Convention 108+ and mirrored in the GDPR. These are legally specified to inform the individual about the identity of the PII Controller, if there is a DPO Delegate, for 1 of the 6 legal justifications for processing personal information, from the legal context of existing consent in common spaces. (known as consensus) SDPT as specified in the ANCR WG, takes into account Data Control, Data Protection, and whether or not the data trust is co-regulated, in order to measure how operational digital transparency is, assess technical risk and capacity for liability mitigation in a specific context. ![]() Mark Lizar posted on May 25, 2024
Dear Members of JTC 1/SC27/WG 5 - WG Mirror Committee: Introducing the Transparency Performance Scheme ANCR (Anchored, Notice and Consent Receipts) Standard Digital Privacy Transparency Record Framework for Consent by Design. The ANCR WG contributed to the last JTC 1/SC27/WG5 meeting a number of items:
Attached here is the report presented in the 27568 sessions, and this be found here,
The presentation of this work articulated how security and privacy can be digitally twinned for Age Assurance and Generative AI applications in order to enable governance through the use of digital identifier management technologies. ANCR Transparency Performance Scheme (TPS) This scheme (in draft on the ANCR wiki) is used to capture the presentation of required PII Controller Transparency information. This scheme is operated to capture information that is recorded into a conformant ISO/IEC 29100, 29184, 27560 record called the PII Controller Notice Record This is then used to measure compliance with privacy laws and provide a standardised digital privacy transparency report. For the most part we found that most transparency requirements are not operational in context, they are analogue privay process that need to be back channelled externalizing form the context of service delivery, making it impossible for an individual to access and use their rights in a digital context. The TPS uses a scale that assesses the notice for how dynamically usable in context, to provide a contextual integrity measure of reciprocal and proportionate digital privacy access is as indicator of risk. Addressed with the use of standard digital transparency privacy transparency (SDPT). PII Controller Credential Consent by design is enabled by using a PII Controller Notice Credential to decentralised the records, with a receipt. In that individual is provided with a receipt in order to mitigate the liability and risk in data processing. In the common context a digital transparency receipt is provided when engaging with any type of sign or notice, This specifies for a notice/sign enhancement for an inclusive record and receipt provisioning practice, that is a called a two factor notice (2FN). A 2FN uses an overlay capture architecture when interacting with a notice, notification and disclosure, to create a consent receipt, which can be used with consent to interact with the service autonomously. In SummaryWe submit the ANCR WG specifications as Consent by Design for Privacy by Default systems, which can be used to secure individual privacy, dramatically reduce risks, enable the dynamic transfer of liability with authentication from consent. The record and receipt framework is driven by identifying the providence of personal data, and enabling PII Controller data processing transparency. Individuals who receive receipts for data processing are able to secure and manage the priavcy of their own data themselves. The ANCR framework for Consent Receipt tokenisation address mis information, and uses ISO/IEC 29100 to define digital identity technologies using law and socially expected definitions. This enables the individual to interact with the privacy by default system, regardless of what legal justification is used to collect, process or access personal information. The standard PII Controller record and its use as a consent receipt, is specified using ISO/IEC 29100 security and privacy framework, and further specified in 27560, consent record information structure, is also published in the appendix of ISO/IEC 29184 Online privacy notice and consent framework. To address Generative AI risks of deep fake, as well as assurance against mis-information the consent receipt is produced with a registered controller record, (a digital trust registry) and is registered in order to secure the accountability, providence and transparency of personal identifiable information processing ANCR Work Group Presentation0PN-DTL - ANCR Transparency Record Framework - Global Age Assurance April 13 2024 Manchester, UK This presentation on the use of this framework was provided in Manchester at the Global Age Assurance Conference held in conjunction with the WG5 Plenary. You can find this presentation here. Presents on the risks of displacing human governance mechanism, the cause of those risks, and how standardized digital privacy transparency (SDPT) can address these risks for any privacy and surveillance context. Introduces Standard Digital Privacy Transparency (SDPT) which is a standard PII Controller notice record and consent receipt practice for data governance. In the 0PN digital identity model security and privacy is digitally twinned (like in banking) and introudess a digital privacy framework where all data processing is recorded, logged and linked to a receipt which the individual keeps in their digital wallet. Global Age Assurance Conference Presentation April 11 or here ![]() Mark Lizar posted on May 20, 2024
Establishing the Commons Rule Book For Digital Identity: ANCR will be presenting, the Digital Transparency at Think Digital @ Westminster in London UK, June 11. Covering the inclusive ANCR Record and Receipt Framework for the Digital Commons, International secure governance of digital identity and digital identity polkicy. Presenting the Data Trust Commons Architecture for the PII Controller Notice Credential along with the Consent Receipt v2, Consent Tokens for Trustworthy Identity, and the ANCR Transparency Performance Scheme for scaling the data governance and regulation online, for regulators and policy makers. Presenting a New Digital Privacy & Trust Paradigm for ConsentCovering Digital Transparency Stack: For legislators and regulators
Consent as Distributed and Decentralised Data GovernanceA new category of governance. in which the law record of notice and receipts for consent are standardised, fixing the semantics of security and identity which are deeply flawed with mis-information. Technical Transparency is required to scale Digital Privacy, but it must be open and international framework to scale trust.
The ANCR WG, has been working on developing the technical specifications for the PII Controller notice record and consent receipt, which uses the ISO/IEC 29100 security and privacy framework standard, to specify digital transparency record and consent receipts for. Request to open the Consent Record Structure, 27560 Consent Record Information Structure, which is based on the Kantara Consent Receipt, and ISO/IEC 29184 Online Privacy notice and consent standard are currently being submitted and reviewed. The three standards, can then be openly used to scale ANCR Record and Receipt framework as the Commonwealth standard. ![]() Mark Lizar posted on Mar 20, 2024
CJEU invalidates IAB Transparency and Consent Framework (TCF)March 7, 2024 was a watershed moment for the digital privacy landscape. The landmark CJEU Judgment in Case C‑604/22 on the commercial Transparency and Consent Framework (TCF) set a new precedent, not just for online platforms, but for every entity processing personal data across the European Union. This judgment isn't a mere legal jargon shuffle; it redefines the intersection of personal data, consent, and accountability. Navigating the New Normal of Data Privacy Governance in the Wake of the CJEU Judgment: What It Means for Digital Identity Industry. A Groundbreaking Judgment for the Modern Digital WorldThe Court pronounced a robust perspective, broadening the scope of data controllership and emphasizing that it's not merely about the hands-on data processing but also about orchestrating the very purposes and means of processing. March 7, 2024 - CJEU Judgment in Case C‑604/22 (IAB TCF) The Broader Ramifications of Data ControllershipThis interpretation effectively expands the circle of entities labeled as data controllers. It's not just about the literal data handlers; software-as-a-service (SaaS) providers and application platforms, by design, dictate the processing of data and thus shoulder the responsibilities of a joint controller. Any service using I Agree - data protection agreements do not have valid consent. Invalidating 'Processor' ClaimsPlatforms that have been traditionally leaning on Data Processing Agreements (DPAs) as a shield for their 'processor' status are now facing a crossroads—those agreements may need revision to accommodate their newly-established joint controllership. As Digital Privacy is not a Contract based agreement framework, instead it uses law which stipulates contract as only one legal justification for processing, and this is usually b2b. Extending Privacy Protection to All Digital PavementsThe jurisdiction of the judgment is not confined to web services. Mobile applications, desktop tools, and operating systems all fall under its purview, signifying that no digital domain shall be exempt from the stringent privacy principles this judgment upholds. ![]() Salvatore D'Agostino posted on Sept 21, 2023
The Anchored Notice and Consent Receipt (ANCR) WG has approved a WG Draft Kantara Recommendation Transparency Performance Scheme (TPS) and Indicators (TPIs) and shared this with the Leadership Council for comment. The work address critical gaps in security and privacy by establishing and measuring standardized digital transparency and notice requirements based on the legal requirements that exists in all security and privacy frameworks. The comformance and compliance scheme and indicators are mapped directly to CoE 108+ which provide legal authority and provenance across nearly 50 countries, including signatories outside of Europe. Other mappings are underway. These tools are directly designed for use by people to be able to control their personal data, exercise their rights, and create their own records of processing activity (ROPA) independently of service providers and to be able to co-govern their data. In doing so it advances new vectors of governance of personal data control, and co-governance (complementing regulatory authorities' activities), in addition to data protection. The WG is co-sponsorium a symposium and hackathon September 22 - 24 in Montreal in combination with Quebec Bill 64 “An Act to modernize legislative provisions as regards the protection of personal information” which comes into force on 22 September. ![]() Mark Lizar posted on Jun 12, 2023
📣 Announcing the Digital Freedom Project 🚀 by: Mark Lizar & Salvatore D'Agostino Introducing Two Operational Transparency Tools to Govern the Capacity to Trust Digital Identity with Standards In today's digital world, the agency of the individual is a critical requirement that is often missing. We need to address the current harms and imbalances by focusing on technology's directionality and who benefits from the system. This concept, also known as proportionate transparency, ensuring reciprocal data control, is useful to govern relationships in digital spaces and ensure that human remains in control of their data flows. To achieve this, operational transparency becomes the key to activating agency, enabling us to move safely and freely in the digital landscape and establish trusted digital relationships. While many "trust assurance" programs rely on static processes such as periodic audits, trust itself is dynamic. These programs primarily focus on the individual, providing information about them and tracking their every move. However, none of this data is shared with the individual, limiting the capacity for people to trust these digital relationships. This limitation hampers our digital freedoms limiting our individual ability to see and control the flow of our own personal data in context. Over the past decade, organizations like the Kantara Initiative, OpenConsent, Digital Transparency Lab, and Surveillance Trust have dedicated their efforts to transform this landscape. The Consent Receipt, initially designed to serve as a record of digital relationships, has revealed that what currently passes as consent online is actually permissions actioned by an 'I Agree' opt-in, with no proof that the 'User' has the minimum knowledge to be able to consent legally. To address these challenges, we are thrilled to introduce two groundbreaking tools that prioritize human-centric record control that is proportionate and reciprocal. We clarify the functionality of the Consent Receipt by introducing the Notice Receipt as an authorization credential, which captures information about the Notice Controller. This capture utilizes a Two Factor Notice (2FN) to generate a proof of knowledge record with two key components: (1) notice of who is accountable and (2) what their authority is to process PII. In addition, we offer tools to measure the timing, operational information, usability, and security of the notice. This empowers individuals to independently document their relationships, with the information required to evaluate them and use these records as evidence to access data rights. With these tools in place, individuals can then create a Controller Notice Credential, allowing them to establish agency and transparency by asserting digital authority. They can use this credential to authenticate themselves. Importantly, the use of a Controller Credential for authentication control does not require the use of identifiers related to the individual. Instead, it focuses surveillance on the controller's identity, using a profile to check the legal status of the service in the context of data collection and processing to enable data privacy controls. To delve deeper into these exciting developments, we (the ANCR WG + Digital Transparency Lab) are hosting a Summer Project with 3 Open ANCR WG meetings throughout the summer, with the next one scheduled for June 21. We invite you to join us on this transformative journey towards building the human capacity to trust in digital identity standards. Together, we can shape a digital world that empowered individuals with operational transparency that provide you with agency, freedom, and trust. (For more information, click here) ![]() Mark Lizar posted on Jan 29, 2023
ANCR WG: Announces an Open Notice Controller Credential to champion the standardization of Digital Privacy Transparency and to mark the occasion, and our activities, we use the name Digital Privacy Day. 3 New Workstreams and Projects
Last Quarter Activity The workgroup submitted comments to the Federal Trade Commission on its Advanced Notice of Proposed Rulemaking on Commercial Surveillance and Data Security. Advocating for;
Community News
![]() Mark Lizar posted on Jan 29, 2023
The ANCR WG is pleased to announce that the WG effort to specify a PII Controller credential for enabling a standard for Digital Privacy Transparency that supports the operationalization of privacy by design service infrastructure. The effort here recognizes the gap in public benefit infrastructure to which this Notice Controller Credential is focused. Specifying the publicly required privacy information elements in law and referenced standards to be an operationally co-regulated privacy credential. Referreing specifically to standardized digital privacy transparency requirements that are directly regulated through international and national privacy laws. The Open Notice Controller Record is specified to capture and record Transparency Performance Indicators (TPI’s) that are specified separately from the Notice Controller Credential. The record is the minimum viable version of a credential, a digital transparency notice, or record. Used for the individual to see at a glance basic privacy performance of digital services. The Open Notice Controller Credential builds upon the record, utilizing the international standard security and privacy framework of standards to provide space for architectures with broad data governance scope and interoperability. Accretive to the ISO 31700-1:2023(en) Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements. ISO/IEC 31700 updates the international privacy standard landscape consolidating many references into a privacy by design framework to support next generation digital security and privacy engineering and, data governance interoperability. The controller credential contributes to this landscape by enhancing the digital privacy transparency requirements and their utility for conformance for use in digital privacy notice, notifications and disclosures. It adds the next layer to the notice record and consent receipt framework for generating records of processing activities for people. It provides the capability for new network architectures, where a micro-notice credentials can provide proof of digital notice and where consent receipt tokens are used for evidence of consent. It’s specified scope of authority is for the notice and its linked context. We are publishing a specification in the WG that can be self-asserted (our Level 0 Digital Privacy and Transparency) and for public use, including the ability to “broadcast” digital transparency enhancing dynamic digital notifications. The Open Notice Controller Credential is specified to be a regulated controller credential by design using ISO/IEC 29100 security and privacy techniques, ISO/IEC 29184 privacy and security controls and cross-referenced and mapped to Convention 108+, and GDPR. These requirements have been nicely rolled up and further updated by the ISO 31700-1:2023(en) Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements. Encompassing the broader systems and process components that comprise self-evaluation for data protection. By open the Notice Controller Credential is designed to be, Open +++
[Updated: Feb 8, 2023] ![]() Salvatore D'Agostino posted on Nov 22, 2022
The work group submitted the following response offering the past, current and future work of on notice and consent receipts and records to the FTC can address many of the challenges presented in the Advanced Notice of Proposed Rulemaking on Commercial Surveillance and Data Security ![]() Salvatore D'Agostino posted on Aug 10, 2022
The ANCR WG delivered a readout that focused on a critical security flaw in the existing working draft whereby the PII Principal's identifier is being unnecessarily exposed in the consent record and is no longer under the control of the PII Principal. The readout points to the ongoing efforts at Kantara on the evolution of the Consent Receipt and the current workgroup draft of the ANCR Notice Record which addresses this issue and shows how to make receipts by and for people and under their control independently of service providers. The record uses the open 29100 Framework and the Consent Receipt v1.1. (ISO/IEC 29184 Online privacy notices and consent Annex B.) and maps to the General Data Protection Regulation (GDPR) as well as the Council of Europe 108+ and the 27560 record structure. The WG also provided 6 comments targeted primarily at security and privacy considerations in the draft. The comments are located here. ![]() Mark Lizar posted on Jan 12, 2022
In our work to support international flow of personal data, and to celebrate the OECD Guidelines, which provides the International framing for instruments, like the Council of Europe 108 +, which is the reason for International Privacy Day in the first place. This day not only provides a great opportunity to kick off the new year for ANCR WG with an updated Charter, set of goals, milestones and deliverables. Jan 28th 2022 Agenda - Has now move to the MIT Media Labs Workshop where we are leading on Computational Privacy ![]() Mark Lizar posted on Dec 04, 2021
The objective of AuthC (authorization from consent) is to create and maintain an active state of trust in surveillance with a special class of surveillance called digital identity for dynamic data control (diddc) to automate human governance. The result must be the freedom to control your personal information, to choose who benefits from it, including ourselves, to be empowered with our own record of relationships. AuthC specifies a two factor notice (2FN) and two factor Notice for Consent (2FC) flow for presenting digital privacy transparency, accountability and rights access. 2FN ->2FC produces legal proofs (computational privacy) that can be used to enhanced access and mobility services so they can be better used directly by people. regardless of physical or digtial technology or data governance providence (digi-space). The specification for 2FN is designed to produce 'Privacy Assurance', (versus the existing framework of IAL, AAL, FAL), a new category of eConsent and identity management. The work builds on a decade of effort, much of it in Kantara workgroups. The Consent Receipt has been widely recognized and adopted, with iteration and implementations since the publication of the Consent Receipt and then its inclusion in the ISO/IEC 29184 annex. 2FN -> 2FC specifies how consent receipts be generated from a Notice Record to provide evidence of consent and can be used for any legal justification for processing personal data. Most importantly, AuthC presents how ANCR Records and Consent Receipts can be generated by either party (the PII Controller and the PII Principal) or by both stakeholders, for active state privacy and security. To learn more, check out initial document for 2FN for Data Governance 2FC for Data Controls For a sneak preview, take a look at ANCR: Consent Receipt Section 1 - which is the work to specify the ANCR Notice Record Format for generating Notice and Consent Receipts - for PII Controller and Principal processing records ![]() Mark Lizar posted on Dec 04, 2021
The first week of December, the Kantara Initiative ANCR WG was represented by Mark Lizar, the 2FC and Consent Receipt Specification author, who attended a Childrens AI Conference with MyData for Children hosted by Unicef Helsinki / Finland. The focus was centred on the use, application and ethically / operational problems with AI and AI interaction for children with some deep dives into privacy and security challenges and benefits. Auspiciously, the same week the Data Governance Act was ratified in the EU, a good omen that these topics are finally starting to appear in more mainstream discourse. A deep dive into both of the topics of children and AI highlighted that governance is needed for the processing of children' data, which provides the infrastructure for children's data to be entrusted for them. For this we advocated for co-regulatory type of governance, for children, parents and schools, overseen by Privacy Regulators. Core AI and ethical issues have been conflated, so it difficult to know how control and consent over children's surveillance requires regulation of digital identity technology which provides which embed the rules that govern my child's data use. The AI topics produce questions around the role of a technical or legal intermediary and the control of personal data access and processing. The Data Governance Act looks to address these roles in practice. Practices in which a consent receipt is required but missing personal record system, and which is used as a vehicle for safeguarding rights and data controls in processing supply chains. Micro-credentials which can be managed in software systems with digital identity and access management technology. The Data Governance a credential wrapper for digital identifier management. In this WG's effort to address these core technical and governance issues 2FN and 2FC will work to separate technical permissions in the context of access management and human permission referred in this workgroup (and draft charter update) as 'purpose of use' management. Distinguishing from identity management or online service provider implementation of consent with system centric permissions. Made more difficult through a consolidated industry effort to conflate these two types of permission (as digital trust) for commercializing digital identity (session based micro- security services) as digital trust services, which insinuate a micro-technical operational impact on trust or privacy. The 2FN proof of authorization before processing policy, is a policy control for the use of AI, and through discussion was conceived as tool for safeguarding children's privacy in AI. The mirrored notice record standard : aka a Consent Receipt provides high quality, labelled data for people to manage their own micro-data and control its use and who benefits from this data when used as - meta-data. Promoting an alternative to services t&Cs for children, youth, indigenous data sovereignty and education environments. 2FN before 2FC for processing sovereign data to address the data governance requirements and safeguard the use of meta-data for data trusts - like school records with access management utilizing Consent Receipts. Support the Children's Privacy Assurance Lab (Future Christmas Present) Policy . Micro-Data is Soverign Data, and requires data (and identity) trust, to be trustworthy by parents for a child's future. Resources and LinksUnicef Released an Ethics/Policy Guide https://www.unicef.org/globalinsight/reports/policy-guidance-ai-children Based on Guidance Research
Calls to Action:
Policies & Case Studies:
Scientific papers/related resources on the topic (AI & children / children’s rights / children’s participation / ...):
Research projects:
Technical Standards / Regulations
Initiatives
E-learning courses
Here is the workshop methodology UNICEF used to consult children on AI https://drive.google.com/drive/folders/1IVh4DTNnFpNeLTLY1c3dX0LmAuO3y6Tu |
🗃 Resources
Restrict search to this space's space key.
🌟 Featured resources |
---|
🔗 ANCR TPS Scheme 🔗 |
🗓 Our calendar
<Section 1> |
---|
<Section 2> |
---|
<Section 3> |
---|
- No labels