Objective
This ANCR Record specification provides a methodology to audit a notice and produce a consent receipt. The objective of this documents is to
- Provide a set of instructions for recording a notice and its purpose specification
- To then compare the conformance of the record with a set of rules or regulations referred to here as a code of practice.
Methodology
This method describes, how to audit a notice to generate an ANCR Record using ISO/IEC 29100 receipt format, which is published in the ISO/IEC 29184 Annex D,
The resulting audit is then used for assessing conformance with an ISO/IEC 29184 Online Privacy Notice and Consent control. In order to demonstrate how the ANCR Notice Record for assessing conformance when creating a digital identifier and processing personal data.
Field - name, description, reference
PISP - Privacy Information Service Point
- there are different performance levels for privacy information access and rights which is captured in this assessment,
- Performance
- if online and access is provided with a PISP which is an api access fore in context privacy then privacy information and controls can be dynamic
- this field has dynamic,
- out-of-band,
- static
- Access Conformance
- access to information in the information according to context
- linked data -
- access to information in the information according to context
- if online and access is provided with a PISP which is an api access fore in context privacy then privacy information and controls can be dynamic
- Confromance
- a) if using standards, information access has a higher level of transparency
- a person,
- self-service
- bot
- mailbox
- answering machine
- a) if using standards, information access has a higher level of transparency
- b)
- Performance
Consent Type
Glossary
(Note: refer to ISO/IEC 29100 for terms, unless they are specified here to further extend terms or definitions in a more granular manner,
Consent Types:
- not required
- Implied
- implicit
- expressed
- explicit
- Altruistic
Notice
in this document a) refers broadly to any privacy or surveillance notice, notification or disclosure, b) a notice that is presented or represented in a layered information fashion and a linked manner according to context
Layered Notice
- ISO/IEC References for Notice
- ISO 29184
- Notice Signal
- Notice pop-up
- notice statement
- notice privacy overview
- notice privacy policy
Research Findings:
- people are unable to natively use digital identifiers, credentials or digital wallets. e.g. unable to use a computer or phone to download a QR code, for a wide spectrum of accessibility issues
Instructions
- Read a notice
- capture the name of the notice provider and enter this into the PII Controller field
- collect down the PII Controller Address
- collect contact information
- what type - use appendix to indicate dynamic, out-of band, static, in person active
- collect link to privacy policy
- collect any links to privacy access information
- Indicate in which concentric manner data has been
- Capture the legal justifications for processing
- Capture the Notice
- indicate what the expected consent type is prior to the notice
- indicate if personal identifiers are collected prior to presenting the notice
- Indicate the legal justification from the 6 categories -
- indicate the personal data is sensitive
- capture purpose description
- capture the authorization scope
- frequency
- duration
Q's to add
- is the notice linked
- is there notice of risk and harms?
- is there a privacy information service point / api for dynamic data controls?
Use Case: privacy cafe
- Privacy Cafe Narrative
- Scenario 1 imagine - first time to a privacy cafe
- new country, differ language, different types of coffee, different currency, different technology, different measures, different indegrediants eg. type of sugar, cream, milk and cup size measures
- Scenario 2 - a known regular at a privacy cafe close to your home or work
- the user experience with high level of consent
- Scenario 3 - Digitally Twinning both scenarios for governance online
- withdraw consent
- access to use surveillance
- getting a report on who benefits from personal data in the cafe, out of the cafe
- Scenario 1 imagine - first time to a privacy cafe
- Main functionality point is focused on dynamic privacy performance in proprotion to the surveillance
- this transfers liability, and enable people with controls to mitigate risk
- difference between Permission for a purpose, or permission for a data base field -
- having to go into each service and change or withdraw permission -
- or pressing one button to withdraw consent, for many services
- For Example the Priavcy Cafe
- Human XU - physical governance defaults - Notice for this
- in this context - there can be consent
- Using the video surveillance in (or public camera outside) a privacy cafe to make a police report
- Privacy Cafe, making the session cookie for the web server -
- Human XU - physical governance defaults - Notice for this
Field Name | Type | PII(Y) | Field Label | Description | Required/Optional |
version | string | Schema Version | Required | ||
profile | string | OPN Privacy Profile URI | Link to the controller's profile in the OPN registry. | Required | |
Notice Receipt | string | Type of Notice Receipt | Label Notice Receipt | Required | |
id | string | Receipt ID | A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122]. | Required | |
timestamp | integer | Timestamp | Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch). | Required | |
key | string | Signing Key | The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance. | Optional | |
language | string | Language | Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'. | Required | |
controllerID | string | Controller Identity | The identity (legal name) of the controller. | Required | |
Controller Address | |||||
jurisdiction | string | Legal Jurisdiction | The jurisdiction(s) applicable to this notice | Required | |
controllerContact | string | Controller Contact | Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle. | Required | |
notice | string | Link to Notice | Link to the notice the receipt is for | Optional | |
policy | string | Link to Policy | Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided | Required | |
context | string | Context | Method of notice presentation, sign, website pop-up etc | Optional | |
Receipt Type | The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls | ||||
Notice Text | |||||
Accountable Person Role | |||||