Blog
Skip to end of metadata
Go to start of metadata

Coming out of the Convergathon in October, it seems that the data flows for the open notice registry will be an integral part of open notice. This data flow and description is my understanding of the first cut at this.

 

 

Privacy Notice Service

It is the case that most countries that have a data protection regime have some form of notice and consent regime. We propose a privacy notice service to provide participating entities with a common protocal and service to publish their privay notices. This enables the following:

  • Regulators to validate that notice and consent guidelines are being met
  • Users to proactively determine which entities to deal with before provide personal information

 

Adoption of a privacy notice service would also encourage competition and innovation in data protection.

Privacy Notice Service

Contents of service

  • "noticeTS":1420642200 # Time that notice was created
  • "noticeType": "Asserted|Validated|Found" # notice could be asserted by entity, validated by third party, or scraped from web site
  • "noticeURL":"http://www.entitty.com/opennotice"
  • "noticeTxt":"We only collect information about you with your consent, except for web browser information which is retained in our logs for 2 weeks."
  • "consentReceipt":TRUE|FALSE # whether the site provides consent receipts

Open Notice Registry

This would be a service on the Internet. Open Notice Registry (ONR) servers would be repositories of privacy notices and could communicate with each other to provide redundancy. A preferred model of this would also have a governance model to allow for validation of notices.

  • No labels