The first week of December, the Kantara Initiative ANCR WG was represented by Mark Lizar, the 2FC and Consent Receipt Specification author, who attended a Childrens AI Conference with MyData for Children hosted by Unicef Helsinki / Finland. The focus was centred on the use, application and ethically / operational problems with AI and AI interaction for children with some deep dives into privacy and security challenges and benefits.
Auspiciously, the same week the Data Governance Act was ratified in the EU, a good omen that these topics are finally starting to appear in more mainstream discourse. A deep dive into both of the topics of children and AI highlighted that governance is needed for the processing of children' data, which provides the infrastructure for children's data to be entrusted for them. For this we advocated for co-regulatory type of governance, for children, parents and schools, overseen by Privacy Regulators.
Core AI and ethical issues have been conflated, so it difficult to know how control and consent over children's surveillance requires regulation of digital identity technology which provides which embed the rules that govern my child's data use.
The AI topics produce questions around the role of a technical or legal intermediary and the control of personal data access and processing. The Data Governance Act looks to address these roles in practice. Practices in which a consent receipt is required but missing personal record system, and which is used as a vehicle for safeguarding rights and data controls in processing supply chains. Micro-credentials which can be managed in software systems with digital identity and access management technology. The Data Governance a credential wrapper for digital identifier management.
In this WG's effort to address these core technical and governance issues 2FN and 2FC will work to separate technical permissions in the context of access management and human permission referred in this workgroup (and draft charter update) as 'purpose of use' management. Distinguishing from identity management or online service provider implementation of consent with system centric permissions. Made more difficult through a consolidated industry effort to conflate these two types of permission (as digital trust) for commercializing digital identity (session based micro- security services) as digital trust services, which insinuate a micro-technical operational impact on trust or privacy.
The 2FN proof of authorization before processing policy, is a policy control for the use of AI, and through discussion was conceived as tool for safeguarding children's privacy in AI. The mirrored notice record standard : aka a Consent Receipt provides high quality, labelled data for people to manage their own micro-data and control its use and who benefits from this data when used as - meta-data. Promoting an alternative to services t&Cs for children, youth, indigenous data sovereignty and education environments. 2FN before 2FC for processing sovereign data to address the data governance requirements and safeguard the use of meta-data for data trusts - like school records with access management utilizing Consent Receipts.
Support the Children's Privacy Assurance Lab (Future Christmas Present) Policy . Micro-Data is Soverign Data, and requires data (and identity) trust, to be trustworthy by parents for a child's future.
Unicef Released an Ethics/Policy Guide
Here is the workshop methodology UNICEF used to consult children on AI https://drive.google.com/drive/folders/1IVh4DTNnFpNeLTLY1c3dX0LmAuO3y6Tu