Versions Compared

Old Version 2

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version Current

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Executive Summary 

  • This specification is for binding transparency and accountability into a credential for decentralized data governance
  • This specification uses ISO/IEC standard Format, information structure and W3C DPV semantics to specify a controller notice to enable standard record and receipt for transparency over the processing of each digital identifier based relationship.  Doing so by implementing privacy rights to govern and control the use of the personal information end to end, like encryption. 

Background 

  • Create an open international specification and public specification for access to privacy in digital identity managed profiles and systems
  • to enable infrastructure for interoperable data governance - aka - people to independently access privacy rights for personal data control's, transparency and accountability. 
    • if extended to SSI architecture enable wallets for micro-credentialing  
  • Contribute this into a framework of specifications and standards for a conformance suite - 
    • ISO/IEC 27560 - Contribution for Notice and Consent code of practice for records and receipts 
    • NIST Privacy Framework - rights defaults -   
    • W3C DPV Data Privacy Vocabulary - Control Ontology
    • GNAP and OpenID Connect - FAPI / UMA UMA - Identity Management Protocols
    • ANCR WG: notice record and receipt framework 
  • specify a standard endpoint for authorization based claims (micro-credentials) 

Introduction

In privacy regulations globally the notice and notification requirements in legislation are the most consistent across jurisdictions. In all regulations the identity of the PII Controller is required to be provided to the person before, at the time, or as soon as possible, when processing personal information. 

...

Privacy Controller Controller Fields













Glossary  



Privacy Stakeholders

ISO Definition


Regulator / 

PII Principal

PII Controller

PII Processor

3rd Party



References for use for creating a Unified (generic) Data Control Vocabulary for OCA

Standard/Specifications

Title

Description 

Resource Status

ISO 29100

Information technology — Security techniques — Privacy framework

ISO/IEC 29100:2011 provides a privacy framework which

  • specifies a common privacy terminology;
  • defines the actors and their roles in processing personally identifiable information (PII);
  • describes privacy safeguarding considerations; and
  • provides references to known privacy principles for information technology.
Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html
ISO/IEC 29184:2020Online privacy notice and consent
(just published - not available to public - we are working on publishing a report/appendix for use with this group )
W3C DPV  0.01Data Privacy Vocabulary
  • legal ontology for technically breaking down and mapping legal ontology to a data legal ontology - 
  • the Notice +  CR V1.2 and W3C DPV, also use a common set of purpose categories. and the Kantara CR v1.1 for purpose specification
  • (note shared by initial FIHR approach - now much more evolved) 

Reference: OPN-Notice Schema

OPN: Open Notice  (+ Consent) Receipt Schema: Starters Guide to Unified Data Control Schema

Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]

...