OPN: Notice & Consent

Privacy Receipts: Two Factor Consent & Multi-Factor Transparency

Owned by Mark Lizar
Oct 12, 2020

The explicit confirmation to a Notice : Captures Decentralised Governance Semantics

A Privacy State Record is another way to define / label a Consent Receipt. A privacy record is also a data use receipt used in a similar way, but rather than capturing a financial exchange, it captures the notice state and the personal data processing policy of a digitally mediated interaction.  This interaction  (or invisible policy) sits behind the notice or notification of a consent state receipt, and includes; the context (like the time and date), a link to the consent notice, it’s purpose, and the digital identifiers of all the parties involved in processing, accessing, sharing and disclosure of personal data.  

When shopping in a store, the act of providing a receipt is enough to govern all the parties, as transparency decentralises (co-regulates) those interactions.  People don’t  often use receipts, they are constantly declined, this is because the act of offering is enough to ease the friction created when strong transparency is not provided over a financial transaction in the transaction context.  

In the absence of dedicated measures, neither Individuals nor organizations can see, understand and track the processing of personal data.  The surveillance and processing of personal data is invisible and disconnected from context and people, as terminology for data control and a common digital format are not often defined as people expect. 

For example, people are unable to see how much money is actually taken off their debit cards at a corner store, unless a receipt is provided for this invisible processing in context. Without the store transaction receipt, people are exposed to greater risk of theft without recourse.   

A dual record system that provides each accountable party a missing (from digital service context) assurance, to the service that the person is at least aware of the notice and the person assurance of the purpose for personal data processing. 

Mutual Benefit

The explicit confirmation to a Notice, in addition to an explicit opt-in to a purpose of use, provides a missing proof of human awareness, in addition to an explicit consent record.   

(Two Factor Transparency)  - PIPEDA, meaningful consent requirements, in which an explicit risk notification is required, in addition to the Notice and Consent. 

  • A missing data point for transparency of a  human awareness factor that is not commonly captured in digital service delivery. (Referred to as An explicit state receipt, must include a purpose along with a set of expectations (often defined legal notice requirements) for the use and treatment of personal data, specific to that context in order to have contextual integrity. 

Adv. Consented Information Sharing: Governance Group