Provide guidance for implementing ISO/IEC 29184 Privacy Notice using DPV

[coolharsh55]

The ISO/IEC 29184:2020 Information technology — Online privacy notices and consent provides a standard for privacy notices in terms of the information to be provided as well as its use to inform the data subject about processing of personal data. This GUIDE-29184 will provide guidance to implement machine-readable notices in conformance with 29184 using the DPV. Additionally, the guide will also describe using ISO-29184 for meeting EU-GDPR requirements regarding privacy notices. It is intended to be a companion to the guide on consent records and receipts as per ISO 27560 in #90. The scope as of now does not include providing tools or libraries for the creation of graphical interfaces or other means to visually represent this information.

For more information on 29184, including comparison with GDPR's requirements, see publication Comparison of notice requirements for consent between ISO/IEC 29184:2020 and GDPR .

[smartopian]

Hi Harsh,

The topic of consent receipts and 29184 was the reason why the CISWG @ Kantara came together to host and launch the DPV effort on the eve o the GDPR, along with the law.MiT.
To this end we are working to present a Transparency Performance Indicator Conformity Assessment Scheme for comment. - after the Work Group review that is currently in progress. This can be found here. This accompanies the a ANCR - Record (ROPA) Framework and conformity assessment scheme. in addition to an AuthC -notice and consent receipt exchange protocol. (for Authorisation from human centric Consent based controls and governance). We intend to start publishing in September, and would kindly like to request to be involved in any 29184 DPV efforts,.

[coolharsh55]

Hi. You can track this issue for updates to the topic - I try to keep it updated based on each meeting. Separately, the weekly agenda will mention 27560/29184 for discussion, and the mailing list will contain details of updates (if any).

[ghurlbot]

Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org

In today's meeting, we discussed implementing 29184 as two vocabularies - one reflecting the legal concepts (that exist in DPV) and another representing the individual's perspectives (that will be new). See minutes https://w3id.org/dpv/meetings/meeting-2023-09-14

[smartopian]

This is great Harsh, we have contributions for this has our 0PN Framework covers 3 vectors of data governance and data trust.
3 Vectors of Data Governance

1. Personal data control, referred to as primary data trust. - DPV
2. Protected - (Current - Data Protection Based Regulation using ‘I Agree’, Secondary Data Trust - The Current Data Protection based DPV
3. Co-Regulation - International law and standards based governance, Extraterritorial Data Trust (the International Conv 108+)

Governed and Defined in accordance with a Internationally Framework that is enforced nationally.

Council of Europe Convention 108+ (expected to be ratified in 2024 by required 36 countries) Chapter 1, Transparency Modalities, and Articles for Records of Processing text are Mirrored with the GDPR. With additional requirements for Registrars and Notary based DPT Governance found in Conv 108+ Article 88, Logging, {link}
Open to Access ISO/IEC 29100 interoperable Privacy Regulation Framework to measure and audit compliance Adequacy real-time, Digitally Twinning the security and privacy for the individual’s behest.