Overview

For privacy transparency and accountability  to ensure trustworthiness for decentralized use of digital identity identifiers are required for decentralized data governance with digital identity, without the use of federated systems for access control

Privacy Controller Credential 

In privacy regulations globally the notice and notification requirements in legislation are the most consistent across jurisdictions. In all regulations the identity of the PII Controller is required to be provided to the person before, at the time, or as soon as possible, when processing personal information. 

This specification uses ISO/IEC standard semantics to generate a notice of controller receipt for each digital identifier based relationship, in order to implement privacy rights to control the use of the personal information the digital identifier relates too. 

Key Security Challenge 

• Verifying people for service use has been the main security approach 
• Altenrative approach is to verfify their privacy controller credential and use privacy law for defining purpose specific services - 
• Using standards fromework (ISO) with ANCR Receipt and the W3C Vocabulary for Notice and Notifications text (which fills the receipt fields) 

• Advanced Security for Human Centric Privacy/Policy Controls that scale
• Must have a receipt (with operational Privacy Controller Credential) to engage in the Dynamic Data Control Ecosystem from a privacy rights and self-soveign data control
• Privacy Controller Credential is used to automate purpose driven online services, to enhance or even replace federated identity systems with self-sovering identity governance