Difference between revisions of "Notice"
From MgmtWiki
(Created page with "==Full Title or Meme== The problem of giving notice to Subjects about issues in a digital ecosystem that impact the subject. ==Context== Notice, like any access to u...") |
(→References) |
||
| (19 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
If the [[User Information]] processed by a [[Data Controller]] do not permit the controller to identify a natural person sufficiently well to provide the user with [[Notice]] of problems, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the [[Data Controller]]. | If the [[User Information]] processed by a [[Data Controller]] do not permit the controller to identify a natural person sufficiently well to provide the user with [[Notice]] of problems, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the [[Data Controller]]. | ||
| + | |||
| + | ==History== | ||
| + | There has always been a channel to get notice delivered to others since the origin of slime molds. We look here at two different channels: | ||
| + | |||
| + | |||
| + | ===General Notice=== | ||
| + | Also call broadcast, a general notice is posted for all to see. Some methods for posting notice for the public include: | ||
| + | # The town crier. | ||
| + | # Bulletin boards at busy intersections or government offices. For examples see the Hitchhiker's Guide to the Galaxy. | ||
| + | # Church Bells | ||
| + | # Air Raid sirens | ||
| + | # Newspapers, radio and the like that require user attention to the media for delivery. | ||
| + | # Ads on physical bulletin boards or web sites which users might see on passing by. | ||
| + | |||
| + | ===Specific Notice=== | ||
| + | Notice directed to specific individuals by some identification ID, which might be a group ID. Some methods for posting notice for individuals include: | ||
| + | # Government run post offices. | ||
| + | # Various delivery services. | ||
| + | # Email, chat, etc. online. | ||
| + | Some [[Notice-centric ID]]s include: | ||
| + | # Street address. | ||
| + | # Email addresses. | ||
| + | # Phone number. | ||
==Problems== | ==Problems== | ||
| − | In most cases where users want to get corrections applied to data held by a [[Data Controller]], they are not the customer, they are the product. For example, the three credit bureaus make nearly all of their revenue from merchants that want to know if a user is trustworthy. The merchants and banks are the source of the data and its consumers as well; the user is just a inconvenience to them. | + | * In most cases where users want to get corrections applied to data held by a [[Data Controller]], they are not the customer, they are the product. For example, the three credit bureaus make nearly all of their revenue from merchants that want to know if a user is trustworthy. The merchants and banks are the source of the data and its consumers as well; the user is just a inconvenience to them. |
| + | * Many attempts have been initiated to provide [https://github.com/OpenNotice/ConceptualArchitecture User Notice], without having any effect on user's behavior, which seems to be conditioned to the current conditions of the web. | ||
==Solutions== | ==Solutions== | ||
| + | * Before [[Subject]]s can be given notice, some mechanisms must be put into place to allow the subject to seek [[Redress]] or corrections to the data in the [[User Object]]s held by the [[Data Controller]]. | ||
| + | * One method for a web site to comply with [[Notice]] regulations is to create a [[Notice-centric ID]]. In this type of [[Identifier]] the issued to be addressed before the user is asked for personal data is for the notice channel to be established. | ||
| + | * Kantara has a work group for [https://kantara.atlassian.net/wiki/spaces/WA/pages/38174721/ANCR-WG+Notice+Record+Specification+current+draft ANCR-WG Notice Record Specification] starting in 2020. | ||
| + | * OpenNotice [https://github.com/OpenNotice/ConceptualArchitecture ConceptualArchitecture] focused on satisfying legal notice rather than user experience even though the code is written in CSS and HTML. It is an outgrowth of project [[Vendor Relationship Manager|Vendor Relationship Management]] (VRM). | ||
==References== | ==References== | ||
<references /> | <references /> | ||
| − | + | ===Other Material=== | |
| − | * See the wiki page on [[User Consent]] which is a structure that tells the user what data is held. This | + | * See the wiki page on [[User Consent]] which is a structure that tells the user what data is held. This receipt is the first effort at providing [https://github.com/OpenNotice/ConceptualArchitecture Open Notice] capabilities to users. |
[[Category:Glossary]] | [[Category:Glossary]] | ||
| + | [[Category: Privacy]] | ||
Latest revision as of 20:43, 24 July 2023
Contents
Full Title or Meme
The problem of giving notice to Subjects about issues in a digital ecosystem that impact the subject.
Context
Notice, like any access to user personal data requires access of the Subject's endpoint address. The following paragraph 57 of the GDPR should help clarify this function.
If the User Information processed by a Data Controller do not permit the controller to identify a natural person sufficiently well to provide the user with Notice of problems, the data controller should not be obliged to acquire additional information in order to identify the data subject for the sole purpose of complying with any provision of this Regulation. However, the controller should not refuse to take additional information provided by the data subject in order to support the exercise of his or her rights. Identification should include the digital identification of a data subject, for example through authentication mechanism such as the same credentials, used by the data subject to log-in to the on-line service offered by the Data Controller.
History
There has always been a channel to get notice delivered to others since the origin of slime molds. We look here at two different channels:
General Notice
Also call broadcast, a general notice is posted for all to see. Some methods for posting notice for the public include:
- The town crier.
- Bulletin boards at busy intersections or government offices. For examples see the Hitchhiker's Guide to the Galaxy.
- Church Bells
- Air Raid sirens
- Newspapers, radio and the like that require user attention to the media for delivery.
- Ads on physical bulletin boards or web sites which users might see on passing by.
Specific Notice
Notice directed to specific individuals by some identification ID, which might be a group ID. Some methods for posting notice for individuals include:
- Government run post offices.
- Various delivery services.
- Email, chat, etc. online.
Some Notice-centric IDs include:
- Street address.
- Email addresses.
- Phone number.
Problems
- In most cases where users want to get corrections applied to data held by a Data Controller, they are not the customer, they are the product. For example, the three credit bureaus make nearly all of their revenue from merchants that want to know if a user is trustworthy. The merchants and banks are the source of the data and its consumers as well; the user is just a inconvenience to them.
- Many attempts have been initiated to provide User Notice, without having any effect on user's behavior, which seems to be conditioned to the current conditions of the web.
Solutions
- Before Subjects can be given notice, some mechanisms must be put into place to allow the subject to seek Redress or corrections to the data in the User Objects held by the Data Controller.
- One method for a web site to comply with Notice regulations is to create a Notice-centric ID. In this type of Identifier the issued to be addressed before the user is asked for personal data is for the notice channel to be established.
- Kantara has a work group for ANCR-WG Notice Record Specification starting in 2020.
- OpenNotice ConceptualArchitecture focused on satisfying legal notice rather than user experience even though the code is written in CSS and HTML. It is an outgrowth of project Vendor Relationship Management (VRM).
References
Other Material
- See the wiki page on User Consent which is a structure that tells the user what data is held. This receipt is the first effort at providing Open Notice capabilities to users.
