(1) WG NAME (and any acronym or abbreviation of the name): _ _
Anchored Notice and Consent Receipt Work Group
ANCR WG
(2) PURPOSE:
- To provide a protocol and framework that is based on transparency, notice and consent that supports the use of records and receipts (Consent Receipts) for decentralized authorization independent of identifier technology.
- To provide a set of Transparency Performance Indicators (TPIs) and an associated conformance program to establish a baseline and measurement mechanism for digital transparency, notice and consent.
- To further develop the initial consent receipt work with a specification for an anchor receipt for notice of purpose and context and proof of notice that supports decentralized governance and authorization (Auth C) by the PII principal and the data controller and data processor. Collaborate with other Kantara, and community and standards groups in the adoption of the protocol and the anchor receipt.
- Contribute the specification so it can be used in an open governance framwork
- Contribute the specification and the work in the furtherance of the governance of a Digital Commons
- Contribute the specification and the work to the International Organization for Standardization (ISO) for its use in related specifications.
- Contribute the specification and the work to the Kantara Initiative for use in identity, privacy and security governance frameworks and conformance programs.
(3) SCOPE:
- Publish as a Kantara Recommendation a set of Transparency Performance Indicators (TPIs) that adhere and make use of both international legal and technical standards. To complement the TPIs publish an associated Code of Conduct, as part of a Digital Transparency, Notice and Consent Framework that can be adeequate globally.
- Develop a workplan for the next generation of the Consent Receipt v2 (e.g., tokenization) including where this best takle place.
- Update the initial consent receipt specification by specifying the explicit consent record fields for legal proof(s) of notice and proof of consent.
- In the Consent Receipt v2 update and take advantage of ISO 29184 and ISO 27560 and other relevant technical standards, laws and policy developments.
(4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership.
| Specifications in scope | Details | Dates | Contributed Towards |
|---|---|---|---|
| Transparency Performance Indicators |
- Publish as a Kantara Specification
- Complements existing Consent Receipt
- Maps to ISO 27560 and 29184
- Includes Code of Conduct to incorporate legal interoperability requirements. | September 2023 publication. |
- Kantara Specification
- As appropriate for ISO, and other appropriate standards organizations. |
(5) DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot.
| Name | Description | Link | Spec input summary | date reviewed |
|---|---|---|---|---|
| None |
| | | |
(6) LEADERSHIP: Proposed WG Chair and Editor(s)
- Chairs & Secretary (initial)
- Co-Chair - Sal D'Agostino
- Editor - Mark Lizar
- Secretary – Gigi Agassini
(7) AUDIENCE: Anticipated audience or users of the work includes
Software developers, and product managers as a means of achieving interoperability across a wide range identity, security, and privacy of use cases. Developers of decentralized governance and next generation internet services.
Regulators looking for technical controls to implement legal requirements that scale.
For human beings, as the notice and consent receipts provide an alternative/complement to terms of services and privacy policies and provide something that can be understood by people. This contrasts with the current abuser experience, namely that privacy policies and terms of service address privacy concerns and provide safeguards of personal information.
Operators of identity, privacy, security, and consent systems in the real world.
(8) DURATION: Objective criteria for determining when the work of the WG has been completed (or a statement that the WG is intended to be a standing WG to address work that is expected to be ongoing).
The charter is for the next year, to cover the publication of the TPI specification and proceed with items in roadmap, next step being the assessments using the TPI's with regards to consent by default, and the associated controller credential (see roadmap)
(9) IPR POLICY: The Organization approved Intellectual Property Rights Policy under which the WG will operate.
Kantara Initiative IPR Policy - Patent and Copyright, Reciprocal Royalty Free, opt out to RAND, https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=41025689
(10) RELATED WORK AND LIAISONS: Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.
Notice and Consent Task force at ToiP, DIACC, Kantara ISO BOT Liaison, aNG liaison, and W3C DPV among others. Numerous other previous activities and liaisons developed in the Kantara CIS WG. (now archived).
(11) CONTRIBUTIONS (optional): A list of contributions that the proposers anticipate will be made to the WG.
(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members - current members list
| Proposers Name | Organization (or Individual) | Voting Member | Affiliations | |
|---|---|---|---|---|
| Paul Knowles | paul.knowles [at] humancolossus.org | Human Colossus | x | ToiP-Inputs and Semantics WG |
| Sal D'Agostino | sal [at] idmachines.com | IDmachines | x | Security Industry Association, ToIP, IEEE, Kantara |
| Mark Lizar | Mark [at] transparencylab.ca | Digital Transparency Lab | x | Trust Over IP Notice and Consent Task Force |