Versions Compared

Old Version 29

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 30

changes.mady.by.user Salvatore DAgostino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 digital trustworthiness - is about notice semantics so that people can trust to and "see" who (if not oneself) is in control and accountable for personal information.

Process in progress:

  1. Propose Identity Governance and Risk Standards Extensions for SSI in the ISI WG - for (Dynamic Data Control Requirements)
    1. Decentralized legal semantics
    2. Privacy Controller Credential 
    3. Unified Notice Control Language
  2. ISI WG review of  White Paper (for specification) ask  IS ISI WG to approved specification

Notice & Consent Task Force 

Project owner:

Mark Lizar Salvatore D'Agostino

Team members:

Ken Adler

Jan Lindquist


Status

ACTIVE 

Notice & Consent for people relies on clear communication. 

Decentralized identity relies on contextual legal semantics and notices by implementors in order to be compliant with sovereign data rights.  These semantics need to be standardized to be used by decentralized identifier based technologies for human interoperable data governance.  

The more unified across ecosystems the notice and risk semantics, the more human centric the service becomes as it lowers the burden on humans and increases the understanding of risks, benefits and (human) consent.

Specification proposal:  to extend Decentralized Semantic Governance for  dynamic a dynamic data control architecture ( DDC) architecture for active control transparency that people can use.  ( DDC)   

  • Privacy Controller Credential 
  • Unified Notice Control Language for People
  • Conformity Assessment
    • People, Orgs, Regulator for Transparency
    • Orgs
    • Regulators
    • Provides transparency over risk for DDC

 Privacy Controller Receipt Credential (Control Provenance Credential) 

...

  1. The accountable person may or may not be an employee of the organization organization. 
  2. different Different jurisdictions name/define and reference this role differently 
  3. some Some jurisdictions, like the UK have a data controller registry, where this binding is public and legally required (benefit in this case, challenge where absent)
  4. Some some jurisdictions, like the EU require an accountable data controller representative in the jurisdiction where a service is operating in, in order to address legal data privacy and security issues that may arise. 
  5. 2 or more Controllers might be accountable for processing of personal data.
  6. identify Identify in context of service use for any user who the controller and accountable person is.
  7. The privacy law in some jurisdictions, can itself break privacy law in other jurisdictions by requiring the accountable person information to be published publicly, 
  8. extend Extend a privacy assurance profile by binding a VC (in this case the Privacy Controller Credential) for trust assurance.
  9. Developing a Unified Notice Control Language that is interoperable.

The proposed solution: 

Develop this controller credential specification with a set of rules for the use, maintenance, and lifecycle of a privacy controller credential. 

...