You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »


Overview

For privacy transparency and accountability  to ensure trustworthiness for decentralized use of digital identity identifiers are required for decentralized data governance with digital identity, without the use of federated systems for access control

Privacy Controller Credential 

In privacy regulations globally the notice and notification requirements in legislation are the most consistent across jurisdictions. In all regulations the identity of the PII Controller is required to be provided to the person before, at the time, or as soon as possible, when processing personal information. 

This specification uses ISO/IEC standard semantics to generate a notice of controller receipt for each digital identifier based relationship, in order to implement privacy rights to control the use of the personal information the digital identifier relates too. 

Key Security Challenge 

  • Verifying people for service use has been the main security approach 
  • Altenrative approach is to verfify their privacy controller credential and use privacy law for defining purpose specific services - 
  • Using standards fromework (ISO) with ANCR Receipt and the W3C Vocabulary for Notice and Notifications text (which fills the receipt fields) 
  • Advanced Security for Human Centric Privacy/Policy Controls that scale
    • Must have a receipt (with operational Privacy Controller Credential) to engage in the Dynamic Data Control Ecosystem from a privacy rights and self-soveign data control
    • Privacy Controller Credential is used to automate purpose driven online services, to enhance or even replace federated identity systems with self-sovering identity governance
    • Key aspect is  (addressing the systemic weak online controller transparency) where privacy controller credential are not available for using privacy rights 

The credential is use for - credential - 

The credential has 0-3 levels of Privacy Controller Credential Assurance specifiedL: 

  1. Self Asserted Notice Controller
  2. Privacy Controller 
  3. Operating Privacy Controller 

Each level requires addition verification of th4e accountable person, their role and the providence of the LEI processing personal data. 

This specification formalizes the format for these 3 tiers of Privacy Assurance 


Format is using ISO etc, 

Tier 1  Notice Controller Credential 

Tier 2 Privacy Notice Controller Credential (AKA PII/Data Controller)

Tier 3 High Transparency Assurance over the providence of processing - 

  • Asserting benificial owner, codes of conduct and codes of practice 
  • No labels