The Consent Receipt Framework exposes the legal requirements that are required to administrate consent, further define the governance of permissions and application of preference. Online, or with sensory infrastructure, consent (and consensus) is implied in public spaces when processing personally identifiable information.
The CR CV1.2. WD 2, generates a consent record from an interaction with a Notice or Sign, which for security, the PII Controller needs to be identifiable, and verifiable. The ANCR Record is an iteration of the prefix of the CR V1.1.
The consent receipt framework is consent by default and the anchor record is the Consent Receipt prefix and is used to capture legal entity information and used to generate a consent notice receipt.
The receipt is further defined and fields broken down for use by privacy framework for conformance assessment, which is based on the lifecycle of a specific notice for processing personal data and a specified purpose, the purpose is used to define the consent grant which provide the scope of permissions for a digital identifier management system.
Flow of Architecture PII Principle Creates and controls Anchored privacy notice records for Privacy Assurance
a self-asserted PII Controller ANCR record provides a tier 0 privacy assurance,
Conformance assessment use cases for 27560 for the PII Principal:
- use of receipt as evidence for proof of notice and consent.
- use of receipts as proof of awareness for identity management system
Consent Grant Roadmap - Scope protocol for Identity management system permissioning
- Consent Grant (human scope) - Identity Management = technoal permission and access controls
Updating from v1.1 - represented by submission to ISO 27560
V1.2 : Consent Receipt Framework
Intro - Implements PasE Protocol with 2FC
V1.2.1 : ANCR Record Conformance
V1.2.2 : Consent (Notice) Receipt:27560
V 1.2.3 : Rights Access & Automation
V 1.2.4 : Consent Validation - The Life cycle of a consent
Protocol Scope Use Cases
SAML / eIDAS
V 1..2.5 :
V 1.2.6 Data Governance Interoperability
V 1.2.6 Topics Raised to be Reviewed / Refined and Addressed in Roadmap to V2
The CR v1,1 as published known challenges have been addressed and are specified here in the v1.2 update.
CR v1.2 Format Structure and fields
A Notice can itself be extended with a Notification for the maintenance of a consent record, and consent based relationship. Notice Receipts facilitate a Semantic Governance Framework
A notice of controller is the first section of the receipt 1, can be extended with these receipt profiles
The spectrum of consent has multiple vectors
Type of Consent Receipt
Anchor Receipt (starts a receipt)
Action of the PII Principal
Notification by the PII Principal
(Health Care )
No Notice Required -