Versions Compared

Old Version 44

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 45

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 Digital trustworthiness - is about providing people with control of identity relationship records. This specification proposes the use of standardized notice and data control semantics so that people can trust and "see" who (if not oneself), is in control and accountable for personal information. This specification extends the Kantara ANCR Record to product a Notice of Controller Receipt for automating the administration of Online Rights for digital identity systems. 

  • using privacy rights independent process of service
  • people provide consent to a purpose - 
    • additional notices are not required for consent 
    • permissions - 
  • Notes - how to add DPV - as a predefined language ? 

the missing link for people.  To achieve human trust, the control of privacy needs to be human/individual centric, not business, legal and technical centric.  It is for this reason that the global point of interoperability for privacy and human data control is on the requirement for a privacy, surveillance, safety, and security notice. 

In all of the jurisdictions, in all the laws, providing a notice to people is required, as this is how people gain contextual knowledge and can participate in consensus.   Every privacy law requires that the identity of the privacy controller and the contact point for rights administration be provided.  A privacy controller credential is the combination of the legal entity + the accountable / contact person into a verifiable credential so that it can be used to provide privacy assurances and access to privacy rights. 

Legally, this information is required to be as open as possible and is codified in law in many different ways.  Standardizing the credential using ISO 29100( open and free ) so that privacy controller credential can be used by people internationally to assert privacy controls and negotiate individual digital rights with service providers and communities. 

This specification focuses on a best practice schema for identifying the privacy controller. 


Process in progress:

  1. Re-Alignment
  2. Outline of Specification 
  3. Discussion Points in Progress
    1. Provided Data Record 
    2. Linking Records 
    3. Providence Fields
      1. Beneficial Owner
        1. Owner Agreement

Process in progress:

  1. Propose Identity Governance and Risk Standards Extensions for SSI in the ISI WG - for (Dynamic Data Control Requirements)
    1. Decentralized legal semantics
    2. Privacy Controller Credential 
    3. To Unify Notice Control Semantics
  2. ISI WG review

Notice & Consent Task Force 

Project owner:

Mark Lizar Salvatore D'Agostino

Team members:

Ken Adler

Jan Lindquist


Status

ACTIVE 


Spec Dev Link

Notice & Consent for people relies on clear communication. 

Decentralized identity relies on contextual legal semantics and notices by implementors in order to be compliant with sovereign data rights .  These semantics need to be standardized to be used by decentralized identifier based technologies for human interoperable data governance.  The more unified across ecosystems the notice and risk semantics, the more human centric the service becomes as it lowers the burden on humans and increases the understanding of risks, benefits and (human) consentor operational in context.


Specification proposal:  to extend Decentralized Semantic Governance for a dynamic data control ( DDC) architecture for active control transparency that people can usetransparency and controls  that are human centric.   

  • Privacy Controller Credential 
  • Unified Notice Control Language for People
  • Conformity Assessment
  • People
  • Orgs
  • Regulators
    • Provides transparency over risk for DDC

Privacy Controller Credential For Data Governance Accountability  

...