Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Draft:  starting outline

Privacy as Expected Signalling: Universal Active State Risk Transparency


PaECG project, which created the technical assets and framework for a simple visual signal to show if the state of the surveillance is the same as expected.   This means seeing who the legal entities are behind services, as well as the beneficial owner of the data collective by the service. 

Privacy as expected is the legal expression of the state of notice people should have over privacy risk, in order to have privacy they expect.  Online, these privacy risks extend to digital identity, surveillance and the security of the surveillance.  Without clarity of these, it is hard to mitigate risks so people can trust independently of the service being provided. 

To achieve this a consent notice receipt (from the first time a service is permissions) can be compared against the current state of privacy by comparing the next notice receipt state to that of the ANCR receipt.   This produces a standards based universal privacy state signal, and is demonstrated with the PaE:Consent Gateway project funded by the EU NGI Trust grant. 

In the PaE.G project we specifying the use of the Active State Risk(ASR) signal for use with web browsers, to show the active state of Surveillance capitalism is what people expect, and to provide a way for people to use their rights (with a receipt) independent of the website. 

What is the Challenge?

The internet is missing the active state, or context of people, and most identity management efforts are about activating the identifier for the individual. Representing the  signalling gap required to indices a level of (trustworthiness). 

Visual Signal Being Specified

  • a person generates  a notice receipt for an online website based interaction, and then when returning to this website generates another receipt, then compares the state of these two receipts to see if privacy is as expected.

    • if the signal is green - their is no need for a cookie notice or privacy ritual 
    • if the signal is yellow - then legally a notice is required to be provided, the person can ignore, accept, refuse these notices 
    • if the signal is red - then a notice is legally required to maintain system permissions and to manage a consent (which is technical no longer valid) for example a data breach. 
  • Extending the existing policy, security, technical laws and standards with PaeCG, is the design goal of the effort. 

 Overview 

In this document there is the principle reference and any new/proposed principles for the use of receipts for Active State Transparency and Semantic Governance. 

The aim of the PaeCG signalling protocol is to extend existing security and privacy governance schemes with an overarching privacy operator risk and liability scheme for digital identity technologies. 


  • No labels