Re: Good news: ISO 27560 published with DPV used in Annex A

HI Jan,

It’s unfortunate that the standard was developed out of context of 29184, e.g. to implement 29184 and that it is not open to Access. Or rather, it could actually be fortunate, depending on perspective.

We do plan to use it, and extend it in an open access standard for conformity assessment and compliance assessments, for digital transparency signalling in the ANCR WG at the Kantara Initiative. Will have more on that early September.

We also have an extension underway  for people making consent tokens in digital wallets - which is pretty kew..   In this version though - PII Controller doesn’t make consent records (aka surveillance capitalism version), it solves for the original consent receipt use case, which was to provide an alternative to contact ( I Agree) buttons.   With Directed Digital Consent,    In this version, the PII Principal generates the consent receipts in their wallet and instead provides a consent token.  Replacing the identity security issues when people have to identify themselves to access services, e.g. with  user name and login security profiles.

This is work that is happening in conjunction with Canada’a first enforceable consent law coming into force Sept 22nd.    It’s a regulated Transparency and Consent Framework,  which completes and opens the notice and consent receipt work (required for digital transparency) that is only partially represented in  27560.

At the moment I am using the CoE 108+ as a baseline for evaluating the Quebecs Laws Adequacy for digital consent, against the GDPR, in France use case.  I am hoping to show that us Canadians have the highest legal standard for Transparency and Consent.  As part of the ANCR TPI Conformance tools we are working on.

Will post when / if I have something.

Best,

- Mark
PS. Great work Jan ..


On Aug 14, 2023, at 11:29 AM, Jan Lindquist <jan@linaltec.com> wrote:

Hi Harsh and DPVCG members,
Thanks for all the input during standardization. Many of the fields in the standard line up with the definitions from DPV. Looking forward to the work with DPV to make a full alignment of the privacy ontology.

If you intend to use the standard I would appreciate your input as to how you intended to use it. Collecting a summary I can eventually share with the group.
Thanks,
Jan

On Mon, Aug 14, 2023 at 11:37 AM Harshvardhan J. Pandit <me@harshp.com<mailto:me@harshp.com>> wrote:
Hi folks - good news as the ISO/IEC TS 27560:2023 Privacy technologies —
Consent record information structure has been formally published. Annex
A contains two examples of consent records of which one uses JSON-LD
with DPV as the vocabulary.

This is great for exposure and impact. Thanks to contributors from DPVCG
- especially Jan as the co-editor of 27560. Also a reminder that I have
proposed and am working on a guidance for the implementation ofboth
29184 and 27560 using DPV. If you're interested - email me directly.

https://www.iso.org/standard/80392.html (not open access)

Regards,
--
---
Harshvardhan J. Pandit, Ph.D
Assistant Professor
ADAPT Centre, Dublin City University
https://harshp.com/

Received on Monday, 14 August 2023 18:38:54 UTC