The objective of AuthC (authorization from consent) is to create and maintain an active state of trust in surveillance with a special class of surveillance called digital identity for dynamic data control (diddc) to automate human governance. The result must be the freedom to control your personal information, to choose who benefits from it, including ourselves, to be empowered with our own record of relationships.
AuthC specifies a two factor notice (2FN) and two factor Notice for Consent (2FC) flow for presenting digital privacy transparency, accountability and rights access.
2FN ->2FC produces legal proofs (computational privacy) that can be used to enhanced access and mobility services so they can be better used directly by people. regardless of physical or digtial technology or data governance providence (digi-space). The specification for 2FN is designed to produce 'Privacy Assurance', (versus the existing framework of IAL, AAL, FAL), a new category of eConsent and identity management.
The work builds on a decade of effort, much of it in Kantara workgroups. The Consent Receipt has been widely recognized and adopted, with iteration and implementations since the publication of the Consent Receipt and then its inclusion in the ISO/IEC 29184 annex.
2FN -> 2FC specifies how consent receipts be generated from a Notice Record to provide evidence of consent and can be used for any legal justification for processing personal data. Most importantly, AuthC presents how ANCR Records and Consent Receipts can be generated by either party (the PII Controller and the PII Principal) or by both stakeholders, for active state privacy and security.
To learn more, check out initial document for 2FN for Data Governance 2FC for Data Controls
For a sneak preview, take a look at ANCR: Consent Receipt Section 1 - which is the work to specify the ANCR Notice Record Format for generating Notice and Consent Receipts - for PII Controller and Principal processing records
The first week of December, the Kantara Initiative ANCR WG was represented by Mark Lizar, the 2FC and Consent Receipt Specification author, who attended a Childrens AI Conference with MyData for Children hosted by Unicef Helsinki / Finland. The focus was centred on the use, application and ethically / operational problems with AI and AI interaction for children with some deep dives into privacy and security challenges and benefits.
Auspiciously, the same week the Data Governance Act was ratified in the EU, a good omen that these topics are finally starting to appear in more mainstream discourse. A deep dive into both of the topics of children and AI highlighted that governance is needed for the processing of children' data, which provides the infrastructure for children's data to be entrusted for them. For this we advocated for co-regulatory type of governance, for children, parents and schools, overseen by Privacy Regulators.
Core AI and ethical issues have been conflated, so it difficult to know how control and consent over children's surveillance requires regulation of digital identity technology which provides which embed the rules that govern my child's data use.
The AI topics produce questions around the role of a technical or legal intermediary and the control of personal data access and processing. The Data Governance Act looks to address these roles in practice. Practices in which a consent receipt is required but missing personal record system, and which is used as a vehicle for safeguarding rights and data controls in processing supply chains. Micro-credentials which can be managed in software systems with digital identity and access management technology. The Data Governance a credential wrapper for digital identifier management.
In this WG's effort to address these core technical and governance issues 2FN and 2FC will work to separate technical permissions in the context of access management and human permission referred in this workgroup (and draft charter update) as 'purpose of use' management. Distinguishing from identity management or online service provider implementation of consent with system centric permissions. Made more difficult through a consolidated industry effort to conflate these two types of permission (as digital trust) for commercializing digital identity (session based micro- security services) as digital trust services, which insinuate a micro-technical operational impact on trust or privacy.
The 2FN proof of authorization before processing policy, is a policy control for the use of AI, and through discussion was conceived as tool for safeguarding children's privacy in AI. The mirrored notice record standard : aka a Consent Receipt provides high quality, labelled data for people to manage their own micro-data and control its use and who benefits from this data when used as - meta-data. Promoting an alternative to services t&Cs for children, youth, indigenous data sovereignty and education environments. 2FN before 2FC for processing sovereign data to address the data governance requirements and safeguard the use of meta-data for data trusts - like school records with access management utilizing Consent Receipts.
Support the Children's Privacy Assurance Lab (Future Christmas Present) Policy . Micro-Data is Soverign Data, and requires data (and identity) trust, to be trustworthy by parents for a child's future.
Resources and Links
Unicef Released an Ethics/Policy Guide
Based on Guidance Research
Calls to Action:
- Please also see Andre’s social media contact list and add your contact information!
- Participate in the EU Survey on DigComp 2.2, particularly “Citizens interacting with AI systems”
- UNICEF Data Manifesto: You can take action on children’s data
Policies & Case Studies:
- UNICEF: Policy Guidance on AI for Children (Version 2.0)
- UNICEF: Tools to operationalize the UNICEF policy guidance on AI for children
- UNICEF: AI guide for parents
- UNICEF: AI guide for teens
- List of online AI resources
- UNICEF: Manifesto on Better Governance of Children’s Data
- UNICEF: Case Studies and Pilot Testing of the AI Guide (n=8, 2 of which are below)
- Safelab: Integrating Emotional Stories Online
- Children’s Data Governance Applied Case Studies
- Netherlands: Code for Children's Rights
- European Schoolnet: Artificial Intelligence Role in K12 Education
- Scotland’s AI Strategy
Scientific papers/related resources on the topic (AI & children / children’s rights / children’s participation / ...):
- Toy story or children story? Putting children and their rights at the forefront of the artificial intelligence revolution
- Government digital policies and children’s rights in Uruguay: An assessment framed by the UN CRC’s dimensions of provision, protection and participation
- Manifesto for children’s genuine participation in digital technology design and making
- “Hey Google is it OK if I eat you?” Initial Explorations in Child-Agent Interaction
- Child-Robot Interaction to Integrate Reflective Storytelling Into Creative Play
- Voice Design to Support Young Children’s Agency in Child-Agent Interaction
- Informing Age-Appropriate AI: Examining Principles and Practices of AI for Children. Accepted for publication at CHI’2022. Look out for camera ready from @oxfordccai
- Social Work in Data Science for AI
- UnBias’ tools to engage with children: Youth Juries method & the Fairness Toolkit (including the UnBias Awareness Cards)
- Legal Remedies For a Forgiving Society: Children’s rights, data protection rights and the value of forgiveness in AI-mediated risk profiling of Dutch government agencies
- Identifying Barriers to Better Privacy in Children’s Apps from Developers’ Perspectives
- Child Development and Protection in the Digital Age
- University of Oulu, Finland: Participatory AI with schoolchildren
- University of Oulu, Finland: Ethics of utilizing AI-based therapy for young children with autism
- Changing Expectations, Austin, Texas: Broadening Participation to Include African-American and Hispanic Students with Disabilities in Computer Science Learning Using Artificial Intelligence Voice User Interface Project-Based Learning (AI for Social Justice)
- MindScribe.org: Designing Playful Child-Robot Interactions for Creative Reflection in Early Childhood
- Ethical Web and Data Architecture in the Age of AI
- UnBias Project (Universities of Nottingham, Oxford and Edinburgh)
- Kids in conversation with Media, (Dutch Institute of Sound and Vision & University of Twente project) interactive robot in the museum (The Netherlands)
- ALLAI (Netherlands)
Technical Standards / Regulations
- IEEE Age Appropriate Design and Children's Data Governance
- IEEE Ethics in Action: System Design
- IEEE 2089-2021 - IEEE Standard for an Age Appropriate Digital Services Framework Based on the 5Rights Principles for Children
- IEEE 7010: A New Standard for Assessing the Well-being Implications of Artificial Intelligence
- Saidot’s Ethical AI Governance Framework
- Linking AI Principles
- JAAKLAC Initiative (Latin America)
- Announcing Global Privacy Rights and the Childrens-AI Privacy Assurance Lab
- Caribbean AI Initiative
- ChildSafeNet (Nepal)
- Voice of Youth
- 5Rights Foundation
- D4CR Association (Design for Children’s Rights)
- Generation AI / AI Youth Council
- Police Lab AI (Netherlands)
- Free online course: Elements of AI
- Free online course: Ethics of AI
- MIT course to teach tweens about the ethics of AI
- AI-4-All open learning
Here is the workshop methodology UNICEF used to consult children on AI https://drive.google.com/drive/folders/1IVh4DTNnFpNeLTLY1c3dX0LmAuO3y6Tu