CR v1.2 Framework
the receipt is further defined and fields and broken down into
v1.1 - represented by submission to ISO 27560
- delegation
- jurisdictions
- personal data categories
- consent record structions
- purpose finger print
- purpose -
V1.2.1 : Anchor Receipt
- Required Notice of Controller Identity Fields - the capture of the identity of the controller, and the physical context of the notice for processing provided by the controller
V1.2.2 : Consent Notice Receipt
- Extend with Legal justification to specify purpose for a service
- Specifying the Legal Justification for processing in a notification
- Specifying Data Categories
- Specifying Data Treatment
V 1.2.3 : Rights Access & Automation
V 1.2.4 : Life cycle of a consent
- Active State of Consent Validation
- Consent Grant for Identity Governance
V 1..2.5 :
- Privacy as Expected - Part 3: the human interaction point - in which proof of notice being provided/read is captured and a Consent Notice Receipt is generated.
Additional information for data control & accountability providence can be nested in the receipt to provide a higher level of automated privacy assurance to better mitigate risk and liability
Consent Types Defined in v1.2
- explicit
- implied
- directed
- altruistic
The CR v1,1 as published known challenges have been addressed and are specified here in the v1.2 update.
- See Update
CR v1,2 Format Structure and fieilds
- Notice field object
- Location & Time
- Location – twin -
- Physical Device -
- PII Controller object
- Jurisdictions,
- Link to physical notice
- Extend it (Legal Justification)
- Privacy Stakeholders
- Categories of controllers
- Consent Purpose Specification (v.1.1)
- Purpose Category
- Purpose Descriptions
- Purpose Sensitive Categories of Data
- Sensitive data category
- Personal Data Category
- Personal Data Types/attributes etc
- Personal Data Processing Treatment
- Storage
- Security (cert/sighed key)
- Extensions –Requirements (according to Context)
Notice & Notifications
A Notice can itself be extended with a Notification for the maintenance of a consent record, and consent based relationship. Notice Receipts facilitate a Semantic Governance Framework
A notice of controller is the first section of the receipt 1, can be extended with these receipt profiles
- Contract Notice Receipt
- Vital Notice Receipt
- Notice of (legal) Obligation Receipt
- Legitimate Interest Notice Receipt
- Public Interest Notice Receipt
Notification `
The spectrum of consent has multiple vectors
- Is the relationship vector:
- Starting at the first notice for consent, then lasting for the lifecycle of Consent and permission
- This first Notice for Consent receipt is the Anchor receipt and is maintained with linked notices
- Consent Notice Receipts
- Anchor receipt
Type of Consent Receipt | Description | Lifecycle Use |
|
Explicit Consent | Anchor Receipt (starts a receipt) |
|
|
Implied Consent | Action of the PII Principal |
|
|
expressed | Notification by the PII Principal |
|
|
Directed | (Health Care ) |
|
|
Altruistic | No Notice Required - |
|
|