I have just submitted this request to ISO/IEC Mirror Committee, here is the requests - (without the form) for your review, and perhaps with ANCR Consensus on this topic ANCR WG can support this too?  What do you think @Sal? 

Kind Regards, 

Mark

****

Dear JTC1 / SC 27 / WG5 Mirror Committee, 

During the plenary in Manchester UK a request to make ISO/IEC 29184 Online privacy notice and consent standard free to access.  First and foremost this is a transparency standard for online  privacy notice which if not open defeats the purpose of the standard,  which can be used to address mis-information in security and digital identity management technology. 

29184  was made to supplement the free to access ISO/IEC 29100 security and privacy techniques framework and it has been a long term focus of the work at the Kantara Initiative, with the mission of standardizing notice to enable  consent to managed control and access to data  scale online.   This effort began in 2012 with a call to action for notice and transparency standards for security and privacy online at a W3C - Do Not Track and Beyond conference, where Ashkan Soltani, Reuben Bins and I presented on this topic.

There is a clear business case for ISO/IEC to standardize digital transparency for security, privacy and digital identity management, as a successful international transparency set of standards would more aggressively  onboard industries into ISO/IEC paid security standards.
27001, 27002, and 27701 which provides specific requirements and implementation guidance for establishing a Privacy Information Management System (PIMS).   Enabling data governance and security interoperability is competive practice which ISO/IEC obviously wants to lead internationally in. 

The reason we chose this project and work was because ISO/IEC 29100 has driven the development of international privacy instruments, and is interoperable with GDPR and more importantly for Canada, CoE Convention 108+ which is expected to be ratified in 2024 or 2025.  Providing Canada with an international data governance instrument for security and privacy across the commonwealth containing 56 countries and 2.5 Billion people.      Convention 108+ mirrors the GDPR Chapter 1 Transparency Modalities section and ISO/IEC 29100, as a  free to access standard, has been the only international standard which we can use  to make an international transparency standard to scale consent with identity management internationally.  .  

Background
The  standard published last August, ISO/IEC 27560 consent record information structure,  was  developed from the  Kantara Consent Receipt V1.1  specification, which was written to supplement both 29100 and  29184 Online privacy notice and consent standard.   When 29184 was published the Consent notice receipt, was published  in the Appendix B,  and as a result, our  notice and consent receipt work at Kantara  could be contribute as a regulatory tool to asses   conformance  and compliance of PII Controller notice  records and credentials, which could then  be used to benchmark compliance with 29184 natively.   In the ANCR WG we have a Transparency performance scheme, for making conformant records of processing and for assessing if consent is valid or not.     In order to further this work or to utilize 29184 to support an international standard for digital privacy transparency and consent (aka notice record and receipts) it must   be open and freely available to be use and specify with.    

To this end,  I humbly ask for this committees's support of this  request to make   ISO/IEC 29184 Online privacy notice and consent standard   open and free to access
.  

Best Regards,

Mark Lizar