Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Decentralized Governance and  Data Control - through the use of the credential, which can be asserted. 

Privacy/Surveillance Engineering Principal - "Transparency Proportionality and Control Reciprocity - Dynamic Data Controls"

  • Use Case
    • Use a standard to assert privacy rights by identifying the privacy controller credential 
    • Level of Privacy Controller Credential Assurance according privacy and surveillance 
      • self asserted - 
      • legal asserted  - 
      • certified  - 
    • Org - Identity - use semantics to indicate what surveillance people are under - beyond what they expect.
    • Notice - 
  • Beneficial Owner 0 
  • Accountable Person is apart of another company 
  • Schema for the Controller Credential 
  • the ANCR Record is a record of the privacy controller credential created from a privacy notice. 

 Controller/Operator Implementation

  • Principals of use 
  • Interoperability
    • Standards - ISO 29100 + 27560 + 29184 

how the controller can .. .

  1. Notice of  surveillance Risk 
  2. Proof Of Notice  
  3. Assert - State - Valid state of consent -  Privacy Rights - data controls - right to be heard - (Childrens Privacy Right)  - 
    1. use my ANCR record - Use my Cookie for you - 
      1. Choice 

how the can controller use.. this 

  • for proof of compliance 
  • evidence of consent 
  • access tokens

The Governance of Controllers Credential (out of scope) 

Process in progress:

  1. Re-Alignment
  2. Outline of Specification 
  3. Discussion Points in Progress
    1. Provided Data Record 
    2. Linking Records 
    3. Providence Fields
      1. Beneficial Owner
        1. Owner Agreement

Notice & Consent Task Force 

Project owner:

Mark Lizar Salvatore D'Agostino

Team members:

Ken Adler

Jan Lindquist



Spec Dev Link

Notice & Consent for people relies on clear communication. 

Decentralized identity relies on contextual legal semantics and notices in order to be compliant with sovereign data rights or operational in context.

Specification proposal:  to extend Decentralized Semantic Governance for a dynamic data control ( DDC) architecture for transparency and controls  that are human centric.   

  • Privacy Controller Credential 

Privacy Controller Credential For Decentralized Data


Governance with Notice and Consent  

This specification is used to standardized specifies the controller record that is used to verify, validate and notarize rights claims for online environments/services by individual to increase human awareness, control, and trust.   Utilizing semantically standardized notice records and consent receipts, (also known as a Consent Notice Receipt)(ref ISO 29184), in addition to, Data Privacy Vocabulary specified for generating notice and notifications that are both human and machine readable. 

This credential is comprised of the legal entity name and the accountable person as defined by their role in the data organization and documented in the ISO 27560 /IEC 29100 standard. This record is further specified here and extended in this specification for 3 levels of Privacy Assurances for transparency assurance and control of controls when processing personal data when processing in an ecosystem or in a digital service supply chain,

Challenges focused on with this specification:

  1. The accountable person may or may not be an employee of the organization. 
  2. Different jurisdictions name/define and reference this role differently 
  3. Some jurisdictions, like the UK have a data controller registry (DCR), where this binding is public and legally required (benefit in this case, challenge where absent)and the name of the accountable person is publicly available in ICO DCR.  (using blinding identity taxonomy)
  4. Some jurisdictions, like the EU require an accountable data controller representative in the jurisdiction where a service is operating, in order to address legal data privacy and security issues that may arise. 
  5. 2 or more Controllers might be accountable for processing of personal data.
    1. Identify in context of service for any user the controller and accountable person.
  6. The privacy law in some jurisdictions, can itself break privacy law in other jurisdictions by requiring the accountable person information to be published publicly, 
  7. Specifies how to by a VC (in this case the Privacy Controller Credential) for trust assurance for privacy assurance
  8. International Notice & Control protocol for  Unified Data Control & Portable semantics for governance interoperability between domain and jurisdictions.


  1. Develop an extensible controller credential format
  2. specifying  3 nested layers of controller identifier claims, to correspond with standard tiers of Privacy Risk Assurance.
  3. A set of rules for the use: verification, validation and notarization of the controller credential. 

The specification providesshall provid

  • a record format that MUST blind the identity of the accountable person,
  • be usable as a linked data in a notice of control receipt, which provides only the controller information required for the purpose of credential use. 
  • record, so as to provide a profile of the bound controller credentials in a manner that can show the controlling person before, during and after the use of a decentralized digital identifier.
  • control providence begins with the person making the assertion to the accountable role using laws and standards to bind privacy rights request to a legal entity  


Why Privacy Controller and why ToiP? 

Supporting Decentralized Data Controls with Identity Governance for Data subject’s (data) rights. This task force mission is to enhance identity and data governance interoperability  with standardized notice of Control and accountability for processing personal data (with the  ToiP layered governance model.)


To address a key part of this challenge a specification for listing the Identity Control Provenance, focusing on the legal entities and accountable people in control of processing personal data as the  first spec to providing the needed transparency (or Notice) for the control of processing, required for trustworthy processing. 


  1. A key challenge to interoperability is addressed with the International ISO/IEC standards framework 29100 and 29184. This provides a semantic control framework to address the lack of semantic harmonization for personal data control  which provides security for the portability and control of private information and is a required for people to be able to independently consent and control personal information.  This challenge first presented the W3C DoNotTrack Conference in Berkeley California. 'Opening Up the Online Infrastructure
  2.  This turned into a Kantara Specification effort in 2014 and now, last year, ISO voted to fast track this to a standard 27560, to be used with ISO 29184 to address what was know by the  phrased of the Biggest Lie on the Internet, was a focus of a movie Terms and Condition's May Apply. With an international governance rule set, people can use independently of Terms and Conditions. 
  3. Now this work is being updated to the ANCR WG Notice Records for Receipts version,. 



Data Governance

The Identity and Data Governance semantic based line is the international ISO/IEC 29100 security and privacy techniques framework, this is mapped to Legal jurisdiction notice schema and the differnces and risks (in terms of rights and the performance of data controls) is provided as a component of the notice of control.