Versions Compared

Old Version 15

changes.mady.by.user Salvatore DAgostino

Saved on

compared with

New Version 16

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Executive Summary 

  • The ( privacy for surveillance ) privacy controller credential is the digital version of an organization's privacy and surveillance notice and related default identification.
  • Rather than analogue identification - company identity, company address, company phone number, the controller credential contains the digital version of this information and privacy contract contact point for exercising data control for privacy rights
    • The point where a valid state of consent can be assured with a proof of notice and a record of consent.
  • The aim of this specification is to implement related standards and specification for different measure of privacy assurance in accordance with the principles of operational privacy and provides a data control risk impact assessement.
  • At its core, the privacy controller credential is a security and rights record that among things can be used for indepent access to rights and controls in context of decentralized use of identifiers.

Introduction

In privacy regulations globally the notice and notification requirements in legislation are the most consistent across jurisdictions. In all regulations the identity of the PII Controller is required to be provided to the person before, at the time, or as soon as possible, when processing personal information. 

...

  • Code of Conduct and Practice (Ethical Operation)
    • Must have a receipt (with operational Privacy Controller Credential) to engage in the Dynamic Data Control ecosystem, aka dynamic data economy, from a privacy rights and self-soveign data control perspective.
    • Privacy Controller Credential is used to automate purpose driven online services, to enhance or even replace federated identity systems with self-sovering identity governance.

ISO 29100 Privacy Stakeholders



Privacy Stakeholders

ISO Definition


Regulator / 

PII Principal

PII Controller

PII Processor

3rd Party

...




Delegated 

Regulator

Ombudsman
PII Principal

Guardian
PII Controller

Joint-Controller
PII Processor

Sub-Processor
3rd Party

turtles 


References for use for creating a Unified (generic) Data Control Vocabulary for OCA

Standard/Specifications

Title

Description 

Resource Status

ISO 29100

Information technology — Security techniques — Privacy framework

ISO/IEC 29100:2011 provides a privacy framework which

  • specifies a common privacy terminology;
  • defines the actors and their roles in processing personally identifiable information (PII);
  • describes privacy safeguarding considerations; and
  • provides references to known privacy principles for information technology.
Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html
ISO/IEC 29184:2020Online privacy notice and consent
(just published - not available to public - we are working on publishing a report/appendix for use with this group )
W3C DPV  0.01Data Privacy Vocabulary
  • legal ontology for technically breaking down and mapping legal ontology to a data legal ontology - 
  • the Notice +  CR V1.2 and W3C DPV, also use a common set of purpose categories. and the Kantara CR v1.1 for purpose specification
  • (note shared by initial FIHR approach - now much more evolved) 

Reference: OPN-Notice Schema

OPN: Open Notice  (+ Consent) Receipt Schema: Starters Guide to Unified Data Control Schema

Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]

...