Introducing - ISO/IEC 27560-1 Universal Notice Receipt Profile — Submission & Holiday Greetings

Dear W3C DPV,  Kantara ANCR WG, and Consent Receipt Contributors (bcc’d)

I'm delighted to contribute this back to these groups that we volunteer too and to support the many people who power them with this Convention 108+ Code of Conduct for International-Data Transfers with Consent. — ISO/IEC 27560-1

Please find linked herein the  ISO/IEC 27560-1 Universal Notice Receipt <https://gitlab.com/gdta/standards/-/blob/7cc30b1414dbc2228eab14458fd0a6aa01ae0470/ISO_IEC%2027560-1%20Universal%20Notice%20Receipt%20Profile/27560-1_Universal_Notice_Receipt_v1.01__Submitted_21225> (submitted via Canada tomorrow December 24th). With a companion submission for  IETF Submission <https://gitlab.com/gdta/standards/-/blob/7cc30b1414dbc2228eab14458fd0a6aa01ae0470/IETF_Internet-Draft-Well-Known_URI_for_Controller_Transparency_Records_Not_Submitted__141225.pdf> Well-Known Location for Transparency also under review.

I hope this work is well received among working group participants who have followed the many years of notice and consent research (the consent receipt work) and witnessed the struggles to render this work clearly comprehensible and useful in common practice. Hopefully in time to support an alternative to the EU Omni-bus.

It is clear that Immense value and benefit for our societies remains unrealised without practical pathways to implementation of this great work. This profile is transmitted in that spirit—as a hopeful contribution and expression of gratitude to the many contributors devoting time and expertise to advancing these groups' objectives and the parallel efforts striving for open publication of associated standards.

This proposed ISO/IEC 27560-1 Profile (is from the consent receipt work, and is free and open to use as Public Digital Infrastructure under RF-RAND License) plugs into the 27560:2025 WD code of conduct field and is specified in two parts:

Universal Notice Receipt (MVCR)
ANCR Receipt Exchange
This profile contribution delivers more than the sum of its parts. To explore just how true this may be, we're kicking off 2026 with renewed regulatory innovation research and invitations to discover together how we can scale data governance while recovering and renewing privacy transparency and control—aligning them with law, legal precedent, and generally accepted common views on basic human rights.

No need to wait. If you feel this work addresses yet under-represented voices you're invited to get in touch directly.

So it is with Holiday Cheer that we celebrate this and all the Digital Privacy Governance breakthroughs in 2025, and raise a glass to the W3C DPV CG, ISO/IEC JTC 1 WG5, Kantara ANCR, IEEE Digital Privacy, Sensorica-Labs and everyone ever involved in the development of this work!

Happy Holidays from Canada!

Mark Lizar

Executive Director @ Transparency Lab <https://transparencylab.ca/>
& Global Digital Transparency Alliance: GDTA.Online <http://gdta.online/>
Special Thanks to: John Wunderlich, Mary Hodder, Reuben Binns, Renee Lloyd, Iain Henderson, Joe Andrieu, Tim Reiniger, Eve Maler, Joni Brennan, Joss Langford, Joel Geddes and Sal D'Agostino,  

More about the proposed 27560-1 Profile (which has been kept quite until now)

It has a number of Appendices for its extension which DPV enables for interoperability, including GPC, & My Terms can be added as soon as it released in the new year - perfect timing for the Convention 108+ international privacy day)
It is supported by the Kantara ANCR WG- Transparency Performance Indicator - Report (TPI-R) Benchmark <https://kantarainitiative.org/reports-recommendations/>. The tool that extends the MVCR (minimum viable consent receipt) and the ANCR (authC exchange protocol) used to research, develop and test with. Promoted for use as a collective action and multi-lateral enforcement tool, for l governing valid consent.
The Case Study Research: Benchmarking Cookies in the Google Chrome Browser ends up revealing the surveillance laundering of the IAB, a Medical Clinic Website, and Google Chrome Browser itself. (TPI-Report Method <https://gdta.online/insights>)
Insights presented at https://gdta.online/insights uncovers data protection policy gaps,
Last but not least your are cordially invited to participate in this regulatory innovation survey i <https://gamma.app/docs/1sa6satylq4t5qi> for regulatory policy and standards community.