Provide guidance for implementing ISO/IEC 29184 Privacy Notice using DPV

[coolharsh55]

ISO/IEC 29184:2020 Information technology — Online privacy notices and consent describes privacy notice presentation and its use for consent. It also specifies possibility to have machine-readable notices. Using DPV as the vocabulary, provide guidance for assisting implementation of notices as per 29184. For more information on 29184, including comparison with GDPR's requirements, see publication Comparison of notice requirements for consent between ISO/IEC 29184:2020 and GDPR .

This is a companion issue along with #90 Implementing ISO/IEC 27560 Consent Records.

[smartopian]

Hi Harsh,

The topic of consent receipts and 29184 was the reason why the CISWG @ Kantara came together to host and launch the DPV effort on the eve o the GDPR, along with the law.MiT. To this end we are working to present a Transparency Performance Indicator Conformity Assessment Scheme for comment. - after the Work Group review that is currently in progress. This can be found here. This accompanies the a ANCR - Record (ROPA) Framework and conformity assessment scheme. in addition to an AuthC -notice and consent receipt exchange protocol. (for Authorisation from human centric Consent based controls and governance). We intend to start publishing in September, and would kindly like to request to be involved in any 29184 DPV efforts,.

[coolharsh55]

Hi. You can track this issue for updates to the topic - I try to keep it updated based on each meeting. Separately, the weekly agenda will mention 27560/29184 for discussion, and the mailing list will contain details of updates (if any).

[ghurlbot]

Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org

In today's meeting, we discussed implementing 29184 as two vocabularies - one reflecting the legal concepts (that exist in DPV) and another representing the individual's perspectives (that will be new). See minutes https://w3id.org/dpv/meetings/meeting-2023-09-14

[smartopian]

This is great Harsh, we have contributions for this has our 0PN Framework covers 3 vectors of data governance and data trust. 3 Vectors of Data Governance

1. Personal data control, referred to as primary data trust. - DPV
2. Protected - (Current - Data Protection Based Regulation using ‘I Agree’, Secondary Data Trust - The Current Data Protection based DPV
3. Co-Regulation - International law and standards based governance, Extraterritorial Data Trust (the International Conv 108+)

Governed and Defined in accordance with a Internationally Framework that is enforced nationally.

Council of Europe Convention 108+ (expected to be ratified in 2024 by required 36 countries) Chapter 1, Transparency Modalities, and Articles for Records of Processing text are Mirrored with the GDPR. With additional requirements for Registrars and Notary based DPT Governance found in Conv 108+ Article 88, Logging, {link} Open to Access ISO/IEC 29100 interoperable Privacy Regulation Framework to measure and audit compliance Adequacy real-time, Digitally Twinning the security and privacy for the individual’s behest.