Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...



Section 2 Consent Receipt – Purpose Specification 



Data Element

Data Type 

Description of Data Capture Element

Example 

Required

Consent Receipt ID  

String  

A unique no. for each Consent Receipt generated with an ANCR Record ID. Should use UUID-4 [RFC 4122]. Note, Can have many Consent Receipt ID’s linked to one ANCR Record ID. 

54nMMj7eq 


Legal Justification 

Object 

This can be further defined by context, for example implied, directed or altruistic.  In addition, the superseded or combined with additional legal justification for processing personal data.  Note can only be one  Purpose and 

The object contains information of the : 

Field Name 

Data Type 

Description 

Example Input 

Required 

Consent Type 

 

Implied, explicit,

Implied Consent 

 

Added Legal Justification for Processing  


The type of consent refers to the consent state of lifecycle of consent, This can be 1 of 5, Contract, legitimate interest, public interest, vital interest, legal obligation obligation (as consent is the default)

Legitimate interest 

 

Sensitive (or Special) PII Category

List of Personal Data Categories and Sub Categories is Maintained in the W3C DPV.  The contributed Personal Data Categories list to DPV was curated by this Work Group

  • Financial
  • Health
  • Religious
  • Criminal Record


 

Consent  


Purpose Context 

String 

Purpose context, (also known as purpose category), can also be the name of a service name, or brand name, or context generically. To assist PII Processor  and PII Principal in identifying the purpose of use. 

Context Website  


Purpose Type  

 

Type of purpose refers to the purpose category, for example: marketing  

Marketing  


Purpose 

 

 

The purpose description further defines /describes the purpose category. Also referred to as a purpose sub-category. 

Behavioral advertising    

Required

Delegation of Consent 

Object 

Is the authority to approve the provision of consent or its derogation a delegated authority?  y/n 

 

The object contains information of the : 

Field Name 

Data Type 

Description 

Example Input 

Required 

PII Principle is a Child or Youth
Yes or No, When this child or youth flag is set, age appropriate privacy is required, with a straightforward procedure to withdraw consent, delete personal information and implement and enforce data retention schedules is required for Privacy AssuranceYes 

Delegated Authority Type,  


This is the authorized party title,  Parent, guardian, state authority   

Parent

 

Delegation Purpose  


 Age of PII Principal, Competence of PII Principal, Legal Status of PII Principal  

Parental Consent

 

Delegate Relationship to PII Principal 
Relationship to the PII Principal ; Mother

Delegate Name 


First  & Last Name 

Jane Doe

 

Delegate Contact 


 and contact point 


info@myface.com

 

Delegate Address

123 your dr
city, Country

Delegate 

Privacy Jurisdiction 


 If different  

N/A

 

 

Yes  


Delegation of Processing

For high risk privacy assurance - sub-processors may be required to be listed- and change of sub-processors notified - 


Field Name 

Data Type 

Description 

Example Input 

Required 

Sub-processor_Service-Name


To fill in, - the Sub-Processor service name or category,  privacy jurisdiction, contract type,  and authentication identifier type 

Payment service provider, USA, credit card 

 



PII/Data Category 

Object 

Also known as Personal Data Category.  The category, or categories of PII being processed and whether this is determined as special or sensitive PII category, according to the legal jurisdiction of the controller.  Link to Table

 

Field Name 

Data Type 

Description 

Example Input 

Required 

PII Category  


Name of PII Category, and if it is sensitive or special  

Children’s Data, Special 

✓ 

PII sub-category   


Children's Health Data

Health Data, Sensitive   

 

Yes  


PII Disclosures  

Object 

For processing PII for a purpose (what disclosures are required), disclosure categories of sub-processors and 3rd parties.   To supply or authorize the service, e.g.  a sub-processor is a relying party service and is contracted for the specified purpose as a sub-processor.  A 3rd Party disclosure, is not under contract for the purpose and is required or justified to authorize the processing.    

The object contains information of the : 

Field Name 

Data Type 

Description 

Example Input 

Required 

3rd Party Category


provide the purpose, the category of the 3rd party, the processing derogation, the privacy agreement(s) the disclosures are governed by



Purpose_of_Disclosure
for policing 

Type of Processing
automatic profiling 

 

Yes  


...


Data Type 

Section 3 Consented Data Control, Protection & Treatment  

Example 

Required 

Consent Grant Conditions (rules)

Object 

 

The object contains information Specifying Scope of Permission: Defined by purpose 

Field Name 

Data Type 

Description 

Example Input 

Required 

Frequency of Processing  

 

Every time service is used with implied consent 

 

 

Frequency of Access to Data Store 

 

Once per explicit consent 

  

 

Processor receipt required 

 

y/n, supply chain transparency required, means a receipt is generated every time PII is processed for any legal justification 

 

 


 

 

 

 

Sensitive PII Category 

 

to add primary context of use, this indicates the legal notice, notification, and disclosure requirements applicable to the consent purpose 

 

 

PII Categories 

 

PII Categories of Data Processing  

 

 

Collection Method 

 

 what methods are being used to collect PII, 

 

 

Collection from 3rd party sources?  

list 3rd party, or non-direct sources of PII  Collection, profiling and personal data aggregations 

(Note: could add list of source of data collection) 



 

Yes  

 

Withdraw (permissions) ConsentObject

Withdraw consent - means withdraw all permission for processing personal data - using privacy rights that are applicable. This process specifies the termination of processing personal data, The . The mechanism for the PII Principle to Delete or have anonymized personal data

Field Name 

Data Type 

Description 

Example Input 

Required 

Consent Grant Purpose Expiry
description of when purpose is complete

Withdraw Consent URIa link to (restrict or object to processing)  withdraw consent, which can be automated with a 2 factor notification.

Withdrawal-process
description of what data treatment constitutes withdrawal of consent, MUST include; wether personal data is deleted, or anonymized, and if a PII Principal preference for data or deletion is respecteddeleted, anonymized, Con_Pref,Y


PII Anonymized
if PII Anonymized what PII data and Identifier Attributes are anonymized, with what method,  and for what purpose 



Privacy Rights Enumerated for this legal justification  

Object 

List of privacy rights currently listed are those legally specified to be enforceable in the EEA General Data Protection Regulation. Refer to Privacy Rights for Identity Management Protocol Receipt Types Specification v0.1  

An (enforceable Multi-National Privacy Agreement Framework) Specified for the Consent Receipt here.  The privacy rights presented in the receipt are dependent on 3 factors, a) the legal justification b)  Obligations  c) Derogation's (and exemptions)

  • 6 legal justifications; 
    • consent

    • contractual necessity,

    • compliance with legal obligations,

    • vital interest, 

    • public interest, and 

    • legitimate interest

  •  6 Privacy Rights
    • Subject Access,
    • Rectification,
    • Erasure,
    • Restrict Processing,
    • Object to Processing,
    • Automated Individual Decision Making
Data LabelData TypeDescriptionExampleRequired
Legal Justification
The legal justification is above the 

Privacy Rights
Capture of the Legal justification is what informs what rights are available 

Risks
Privacy risks pertaining to the nature, purpose and consequences of the collection, use or disclosure to which they are consenting.  Including privacy rights limitations for Transborder data transfers.,

Obligations

List of obligation categories 

  1. surveillance practices, security practices, data protection practices specific to context 
  2. rights access, privacy risks, rights performance requirements


Derogation's
List of laws, regulations or policies that supersede the justification and rights specified. Required to determine the scope and sequence of rights application for a specific processing context to be informed 

Request Response Time
the min and maximum amount of time a request can be responded to. 

Request Resolution or Escalation Time
the length of time expected for a fair and reasonable resolution or escalation. 

 

 

Notifications

 

Notifications are required in certain context, Notifications can also be Optional, but are restricted to privacy agreement framework and can be specified by a legal justifications.  PII Controller Services that are Certified with a Code of Conduct and/or Practice can use icons and bundle the notification specification in the certified code. 

Data LabelData TypeDescriptionExampleRequired
Notification for Change of Privacy Statestring

3 types of change state notifications 

  1. minor change of state(in the expected consent/consensus state)
  2. non-material (or mitigated) change of state
  3. material change of state (significant change in state


Notification Requesting Renewal or Reuse of Legal Justification  for the Same Purpose
Notification requires summary of purpose specification, indicating they are the same as expected, including risks, obligations and derogations.

Notification Requesting a New Consent for a new purpose
Indicating reason for purpose change + specifying new purpose

Notification of Consent Termination

Consent Termination Notification Must Include

  • Consent Purpose
    • date and time
    • deleted data confirmation y/n
    • deleted identifiers - list - y/n
    • record kept (if any) 
    • anyonymised your data anonymized data with x process -
    • purpose of use for anonymized data what purpose


 

 

 

Privacy Change & Notification LogURI

For a privacy policy to be operational a operationally useful for determining state of consent,  a log of changes to the state of the controller, the justifications/purpose for processing, the security, risks, or any of the above specified conditions requires an accessible record of change and notification.  Required to demonstrate a valid state of consent.   For example: a Change of state include, 

a change in LEI, in ownership, in the active/legal status of the organization, or more specifically, in terms of conditions of processing like a change in purpose, a data breach etc.  

Data LabelData TypeDescriptionExampleRequired
Privacy LogURILink to a publicly available log or third party ledger http://domain.com/privacylog




Section 4: Optional Consent Receipt Fields



Section 4 

Data Type 

Description of Optional Element 

Example 

Required 

Codified Conduct Provider 

 

By default the code of conduct is privacy regulation that is anchored in a receipt.

  A code of conduct MUST be approved by a data protection regulator and is valid for the specified jurisdictions, and does not extend without an adequacy assessment, mapping and approval for use with another Privacy Agreement

 

 

Codified Practice Provider 

Object 

For processing PII for a purpose, the required disclosure categories of sub-processors and 3rd parties.   To supply or authorize the service, e.g.  a sub-processor is a relying party service and is contracted for the specified purpose as a sub-processor.  A 3rd Party disclosure, is not under contract for the purpose and is required or justified to authorize the processing  

The object contains information of the : 

Field Name 

Data Type 

Description 

Example Input 

Required 

Legal Justification  

 string

 legal justification for processing personal data

 contract

 ✓ 

Governing body uriname and URI of the governing body

Code of Practice Code of Conduct URI 

URI 

 link to code of practice for this processing. 

 


Certification Valid to Date 

 

 date code of practice is valid for

 

 

Assessor 

 

 

 

 

Bundled purpose notice and notifications 

 

 number of consented purposes that are bundled in one consent

 

 

Industry sector 

 SIC Code

 industry SIC Code

 

 

 

 

 

Notification Types
Specifying a A list of notification types for a codified conduct, and subsequent practice



Section 5: Consent Receipt Field Inputs v0.1  

record spec - with specified field data - which then harmonizes what is specified as a consent for a purpose - ./ 




Field Label 

Reference

Field Input: Source, and list 

Example 

Required 

Accountable Person Role 

 

Defined according to privacy agreement 
GDPR: Data Protection Officer, Data Protection Representative, and translated to ISO. As role – Chief Privacy Officer, with comparable responsibilities 

 

 

Consent TypeSensitive (or Special) PII CategoryLink to the Personal Data Categories
  • Note: Adding consent types 
  • Note: add list of sensitive data categories to spec - with definitions

    There are a number of legal consent types which are required for active state consent transparency and compliance

    1. implied consent - e.g. going to a website 
    2. implicit consent - e.g. through actions that are implicit and indicative of consent expectations
    3. explicit consent - e.g. providing personal information for a legal specified purpose and privacy rights notice 
    4. directed consent - e.g. an explicit consent that is specified by the PII Principal 
    5. altruistic consent - e.g. a consent specified with a code of practice rather that to a specific legal entity (name of controller not necessarily provided) 


    Sensitive (or Special) PII Category
    Sensitive Personal Data Categories 
    • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
    • trade-union membership;
    • genetic data, biometric data processed solely to identify a human being;
    • health-related data;
    • data concerning a person’s sex life or sexual orientation.

    References



    Personal Data Categories
    Personal Data Categories - these have been contributed to the W3C Data Privacy Vocabulary Controls where they are synced and maintained



    Note: add delegated authority types

    Note- add data category table (from DPV) 

      • Note - add notification types
      • Note - list of things that go into privacy log - to maintain a valid state of processing / consent
      • Note- Add what collections methods are usable for receipt







    ...