Executive Summary
- The privacy for surveillance controller credential is the digital version of an organization's privacy and surveillance notice and related default identification.
- Rather than analogue identification - company identity, company address, company phone number, the controller credential contains the digital version of this information and privacy contact point for exercising data control for privacy rights.
- The point where a valid state of consent can be assured with a proof of notice and a record of consent.
- The aim of this specification is to implement related standards and specification for different measure of privacy assurance in accordance with the principles of operational privacy and provides a data control risk impact assessement.
- At its core, the privacy controller credential is a security and rights record that among things can be used for indepent access to rights and controls in context of decentralized use of identifiers.
Introduction
In privacy regulations globally the notice and notification requirements in legislation are the most consistent across jurisdictions. In all regulations the identity of the PII Controller is required to be provided to the person before, at the time, or as soon as possible, when processing personal information.
This specification uses ISO/IEC standard semantics to generate a controller notice receipt for each digital identifier based relationship, and in doing so implement privacy rights to control the use of the personal information related to the identifier(s).
This specification also addresses security as a part of privacy (there won't be any "considerations" at the end). Current security approaches tend to look at privacy risk less wholistically. This specification addresses this key, no pun, security challenge - for example effectively KYC enhanced with a new authorization flow that that reflects - KYB - know your business from a human perspective (with whom does the identifier have a relationship). Examples include:
- Verifying people for service use as security focus
- Verfify their privacy controller credential and use privacy law for defining purpose specific services
- Using an open standards framework (an appendix to this specification, e.g. ISO 29100, Kantara Notice and Consent Receipts, W3C Vocabulary for Notice and Notifications ( text which fills the receipt fields).
- Operational Privacy (Identity and Security) (Engineering) Design Principles
- Principal of "Transparency, Proportionality, and Control Reciprocity - Dynamic Data Controls"
- Next steps toward this (outside this specification)
- Code of Conduct and Practice (Ethical Operation)
- Must have a receipt (with operational Privacy Controller Credential) to engage in the Dynamic Data Control ecosystem, aka dynamic data economy, from a privacy rights and self-soveign data control perspective.
- Privacy Controller Credential is used to automate purpose driven online services, to enhance or even replace federated identity systems with self-sovering identity governance.
ISO 29100 Privacy Stakeholders
Privacy Stakeholders | ISO Definition | |
|---|---|---|
| Regulator / | ||
| PII Principal | ||
| PII Controller | ||
| PII Processor | ||
| 3rd Party |
| Privacy Controller Credential Roles | |||
|---|---|---|---|
| Data Governance Authority Operator Role | Certification Providers on Regulator Approved Codes of Conduct - very limited PII - data controller personal information and a linked reference to a data subjects identifier - | ||
| Data Governance Registrar | ` |
Applying /mapping ToiP Governance Model to international framework:
| Stakeholder | Privacy Controller Credential : Creating Credentials for a use Case | Description | |
|---|---|---|---|
| Issuer | |||
| Holder | |||
| Verifier |
Gov ToiP Role | UseCase Example | Roles | Actors Privacy Stakeholders
| |
|---|---|---|---|---|
| Provides the schema - hospital | issuer | Privacy Controller | ||
| Person - Requesting Information from - patient/traveller | holder | Data Subject | ||
| 3rd Party - border control | Verifier | Data Processor / 3rd Party |
- looking to make a process for what Legal Privacy Stakeholder has the Credential Role
- Steps to assign Stakeholder Roles
- Test for checking if its a processors or a 3rd party?
- Steps to assign Stakeholder Roles
Legal Semantic Element | semantic description | functional usage | fields Required | |
|---|---|---|---|---|
| controller | ||||
| controller_identity | ||||
| controller address registered | ||||
| controller address (mailing) | ||||
| controller contact | extend consent termination for a control point |
Delegated Role :
Delegated | |||
|---|---|---|---|
| Regulator | Ombudsman | ||
| PII Principal | Guardian | ||
| PII Controller | Joint-Controller | ||
| PII Processor | Sub-Processor | ||
| 3rd Party | turtles |
References for use for creating a Unified (generic) Data Control Vocabulary for OCA
Standard/Specifications | Title | Description | Resource Status |
|---|---|---|---|
| ISO 29100 | Information technology — Security techniques — Privacy framework | ISO/IEC 29100:2011 provides a privacy framework which
| Status - Is publicly available - https://www.freestandardsdownload.com/iso-iec-29100-2011.html |
| ISO/IEC 29184:2020 | Online privacy notice and consent | (just published - not available to public - we are working on publishing a report/appendix for use with this group ) | |
| W3C DPV 0.01 | Data Privacy Vocabulary |
|
|
Reference: OPN-Notice Schema
OPN: Open Notice (+ Consent) Receipt Schema: Starters Guide to Unified Data Control Schema
Lizar, M. & Pandit, H.J., OPN: Open Notice Receipt Schema, 14th International Conference on Semantic Systems (SEMANTiCS 2019), Karlsruhe, Germany, 2019 [Published http://www.tara.tcd.ie/handle/2262/91576 [accessed July 1, 2020]
Field Name | Field Label | Format | Description | Required/Optional |
Schema Version | version | string | Required | |
OPN Privacy Profile URI | profile | string | Link to the controller's profile in the OPN registry. | Required |
Type of Notice Receipt | Notice Receipt | string | Label Notice Receipt | Required |
Receipt ID | id | string | A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122]. | Required |
Timestamp | timestamp | integer | Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch). | Required |
Signing Key | key | string | The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance. | Optional |
Language | language | string | Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'. | Optional |
Controller Identity | controllerID | string | The identity (legal name) of the controller. | Required |
Legal Jurisdiction | jurisdiction | string | The jurisdiction(s) applicable to this notice | Required |
Controller Contact | controllerContact | string | Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle. | Required |
Link to Notice | notice | string | Link to the notice the receipt is for | Optional |
Link to Policy | policy | string | Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided | Required |
Context | context | string | Method of notice presentation, sign, website pop-up etc | Optional |
| Receipt Type | The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls |
OCA schema specification: https://docs.google.com/spreadsheets/d/1KOdq8Yy3OXmuELyh7tpHMlhyMZPSZ3Ib/edit#gid=68769926