Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. an ANCR record is generated from interaction with a Notice, which is standardized (or mapped to ISO/IEC 29100 semantics for roles and definitions, and then overlaid with the legal semantics according to context) 
  2. an ANCR record is generated for each data controller / digital identifier management relationship in an Online or Physical context. 
    1. There are multiple ways the ANCR record can be generated, depending on the use case. 
      1. using a third party 'User Agent' or Manually, a:
        1. PII Principal (PasE protocol) 
          1. Capture the PII Controller information upon first contact and self asserts this information in a public registry 
        2. PII Controller
          1. Generates a receipt form the interaction with its own notice - self asserts this information wth a Cyber Notary 
        3. PII Processor
          1. generates a processor record, generating a receipt by checking validity of processing at time of processing and sharing with a PII Principle 

...


...

Notes 

  • an Anchor record is created from a notice an includes
    • the - physical location the notice was read (e.g. legal jurisdiction) and the  digital location the notice was provide from (digital location) to establish the link between the two in the Anchor record- this provides the applicable rules and information required to access rights,. 
    • the PII Controller information to also include the accountable persons role and  privacy services contact information 
  • The next record is the legal justification for processing 
  • The next part of the recors the purpose specification for the legal justification 
    • CR v1.1 which is how to specify a purpose. 

Consent receipt ID - is linked to one ANCR ID- and each processor makes a receipt that references the consent receipt ID,  (this enable transparency data subject) 


A receipt is mad form a anchor record and it includes the ANCR Id, so the only the 'User Agent' (Is the app, client, or user interface based service, e.g. a browser extension)  can access all the receipts with the private key of the User Agent.  



Field NameData TypeDescriptionExample Input









ANCR IDstring

This the id of the record the receipt is generated from, contains the controller and notice required fields

A unique no. for each Notice Receipt. Should use UUID-4 
[RFC 4122] 

_
Reg# A23456789 
Required



Receipt ID 
ANCR ID__Optional
String A unique no. for each Notice Receipt. Should use UUID-4 
[RFC 4122]




Notice LocationObject 
-Physical and/or digital address URI-_Optionalphy-notice_Physical and/or digital address URI-_Optionaldig-notice_Physical and/or digital address URI-_OptionalNotice Profile URI_Physical and/or digital address URI-_OptionalNotice HashLink_Physical and/or digital address URI-_OptionalTimestampiat _
This object contains information about the privacy notice physical and online location to connect the physical and digital notice in this receipt_




Field NameData Type DescriptionExample Input 


physical-notice





digital-notice

















Timestampiat number. Integer number of seconds since 1970-01-01 00:00:00 GMTTimestamp of when the consent was issued_Optional
ANCR Schema VersionString _Physical and/or digital address URI-_Optional
Signing keyString _
_Optional
LanguageString _Physical and/or digital address URI-_Optional
Legal JurisdictionString _
_Optional
PII Controller Object -
_Optional

Object_Physical and/or digital address URI-_Optional

jurisdiction_Physical and/or digital address URI-_Optional

contact_Physical and/or digital address URI-_Optional

company_Physical and/or digital address URI-_Optional

address_Physical and/or digital address URI-_Optional

email_Physical and/or digital address URI-_Optional

phone_Physical and/or digital address URI-_Optional

OPN contact_Physical and/or digital address URI-_Optional

Accountable Person Role
e.g. CEO, Data Protection Officer, Data Protection Representative, etc, 










Privacy Policy_Physical and/or digital address URI-_Optional
OPN/PISPString _Online Public Notice is the Privacy Information Service Point, URI_Optional


The ANCR record is then extended by the Purpose Specificaionx 

...