Summary
- The privacy controller credential is a (digitall) representation of an organization's conformance to privacy and surveillance notice and related default identification requirements.
- The credential provides a person with transparency over surveillance and an ability to use their rights.
- Rather than analogue identification - company identity, company address, company phone number, the controller credential contains the digital version of this information and privacy contact point for exercising data control for privacy rights.
- The point where a valid state of consent can be assured with a proof of notice and a record of consent.
- The aim of this specification is to implement related standards and specification for different measure of privacy assurance in accordance with the principles of operational privacy and provides a data control risk impact assessement.
- an extension of the Kantara Initiative, ANCR Notice Record specification, and apart of the notice record and receipt information structure used in the AuthC Protocol.
- The purpose of this credential is to standardize digital transparency so it can by systematically availableAt its core, the privacy controller credential is a security and rights record that among things can be used for indepent access to rights and controls in context of decentralized use of identifiers.
"The missing link between Human Trust and Digital Trust
...
Digital surveillance is inherently untrustworthy and transparency over surveillance is missing for people. Surveillance transparency is necessary to achieve human trustworthiness, and control independent of technology. There is no trust for human tech only trust frameworks for enterprises and tech itself. In the work here privacy is understood as human/individual centric, not business, legal and technical centric. This design rule is critical for trustworthy (including digital identity) infrastructure. For this purpose this task force is tasked with specifying a credential that can be used with and for any identity management technology, including SSI, using International ISO/IEC standards and related Kantara Specifications.
...
" Implementing (SSI)
Process in progress:
| Notice & Consent Task ForceProject owner: Editors Surveillance Controller EditorSalvatore DAgostino OCA Schema Editor: | StatusACTIVE |
Notice Controller Credential add's additional fields to an existing consent record formant for notice and consent |
Introduction
In privacy regulations globally the notice and notification requirements in legislation are the most consistent across jurisdictions. In all regulations the identity of the PII Controller is required to be provided to the person before, at the time, or as soon as possible, when processing personal information.
...