Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The receipt is generated upon interacting with a Privacy Notice so that a person can capture evidence of reading a notice, and be used to assess conformance to privacy law, or with  ISO/IEC 29184:2020 Online Privacy Notice and Consent standard, which has published the Consent Notice Receipt v1.1 in Appendix B.

Consent by

...

Default  (for Dynamic Data Control) 

The ANCR record re-works the flow so as to start with a valid state of Consent, which is then consumed by identity management technologies.  Changing the flow of surveillance and enabling people to human-trust the use of surveillance  and  enable a flow of  consensual data processing to dramatically decrease and minimize the requirements for privacy notice and notifications.

 The The user experience and  Receipt v1.2 is referred to as a Consent by Default because the initial relationship state for any interaction is provided by default in relation to what is reasonable reasonably expected by the purpose and context of use by the individual as specified in law. 

From this starting point, and legitimate legal justification can then be used to dynamically assert a control over the data that is controlled by the individual.  For example the consent default which intiaites the data flow may be implied consent, and an Contract, or the Vital Interests of the data subject might be used, with a verified PII Controller, or Privacy Controller Credential, (see ToiP - Privacy Controller Credential Specification)_  to dynamically access the personal data.    ANCR Notice record can be generated for proof of notice.  Consent Receipt can be generated for evidence of legitimate processing for another legal justification. 

Consent Types

The ANCR record provides the PII Controller and PII Principle digital identifiers and context along with a consent type, which provides a default scope of permissions in a consent grant to a system.

The consent types here aim to express the full range of consent defaults expected and will evolve. 

Consent Type DescriptionDefaults to ApplyPermission Scope for digital Identity system
Explicit Consent 


Implied Consent 


Expressed Consent


Directed Consent 


Altruistic Consent


Specifying Notice Record and Receipts for Additional Legal Justifications

Any additional legal justification can be Notified from this default context and instance to generate and link a consent receipt.   The default .   An Anchor Record is generated from the PII Controllers credentials as displayed. 

Producing a proof of notice for any additional legal justification can be changed to any valid legal justification for processing personal data provided by used to update the default for that context to a new legal justification produced with a notice, notification or disclosure.  The  Consent Receipt is used as a digital twin of the consent notice in which the legal justification (if not consent) is signalled to be presented to the PII Principle to inform of the data processing.  

Note: The consent receipt is used to capture the use of the legal justification for a specified and specific purpose.  One legal justification and one purpose (or purpose bundle) per Consent Receipt. 

...

Specification Draft


Appendix A: Full Specification Overview

The scope and focus of this workgroup is to work on 1 part of the consent record information structure, and contribute this towards a future  v2 developing global record and receipt specification.

The future full record and receipt specification is conceptualized  into 5 sections,framed with  5 sections which are being worked on by different groups and efforts and  is the Appendix (below). 

The focus of this workgroup on the first section is aimed at  creating a  Proof of Human Notice for digital Evidence of the veracity of online Consentprocessing for dynamic data controls for digital identifiers

Sections are as follows

  1. Anchored Notice Record 
  2. Purpose Specification 
  3. Data Control, Protection and Treatment
  4. Code of Conduct & Practice
  5. Advanced Notice and Consent Receipt Record 
    1. Consent Receipt Prefix. is being specified with inputs from Verified Credential community of work via ToiP

Specification Roadmap 

Section 2, 3, & 4 -  are being specified by a combination of other efforts including ISO 27560 which are all happening in 2021-23 time frame,. 

...