Dear Mark,

Before this document is made public I suggest that we review it as a workgroup. At a minimum it would be best to have an edit.

Clean up grammar throughout.
Clean up and identify the table of contents
Better set up of the document (e.g. it states it is the security part of the minimum viable consent receipt, this needs explanation), same is true for the other sections, for example the PII Controller Notice Identification Record doesn’t have any introductory language. This is true for the document as a whole.
Remove confusing statement (e.g. 4^th generation record)
Provide references (first published as 0PN Schema in semantics workshop).
Terminology (is this a terms and definition section).
The section Controller Credential Mapped to Legislative Instruments needs further explanation as mentioned above in the 3^rd bullet.
The last section (PII Controller Authority) just hangs out there and needs further work, as mentioned above.

How do you want to handle these suggested changes and others that wg members might have?

And importantly, I believe the most important work item is to move ahead the TPI document. I don’t want to get sidetracked, and I believe this document is much better if it can also reference this work where we go through the process of controller identification that results in this record.

Can you please take the word document in the minutes from the last meeting, accept the changes (new title, and 2 terms) and circulate that as a pdf.

The goal is to have this approved by the WG so that we can have it ready for the monthly LC call. Multiple wg members have expressed the desire to do so and represents a majority of voting members. In fact I believe this is something everyone in the WG agrees on, so let’s move ahead.

Sincerely,

Sal

From: Mark Lizar <smartopian@icloud.com>
Sent: Tuesday, May 13, 2025 3:46 PM
To: Salvatore D'Agostino <sal@idmachines.com>
Cc: wg-ancr@kantarainitiative.org
Subject: Quick Poll - Re: Breaking news: opportunity to present ancr work as EU ROPA replacement for SME's

Hi Sal,

A receipt based system would be amazing, which is why I want to reference the great work at ANCR,

I have drafted an email to promote this work for this purpose, highlighting the progress. My question was slightly more procedural, in that, I was referring to the Controller Identification specification.

On a previous wg Call we discussed pulling the controller identification record into its own document and I took this action then I drafted its and i posted this for collaboration, comment - and discussion.

kantara.atlassian.net

Regardless of whether it makes it to the ANCR roadmap or not? Is there any objection to making saving this wiki page so it is to the public again? I can put a note on it, - saying proposed worked item, if that is a concern,

Yes, I object, ___

No, I dont object ____

Abstain ______

Best Regards

Mark

On 13 May 2025, at 12:19, Salvatore D'Agostino <sal@idmachines.com> wrote:

So, clearly it would be great to get the EU to move ahead with receipts as means for small business.

We can take up making this public on the call tomorrow, it is an “off-week” call. So we need to put this out to the list to let people know this is happening.

From: Tim Reiniger <tsreiniger@gmail.com>
Sent: Tuesday, May 13, 2025 12:05 PM
To: Mark Lizar <smartopian@icloud.com>
Cc: Salvatore D'Agostino <sal@idmachines.com>
Subject: Re: Breaking news: opportunity to present ancr work as EU ROPA replacement for SME's

Interesting idea to bring Eve Maler back for a reprise on UMA!

On Tue, May 13, 2025 at 11:47 AM Mark Lizar <smartopian@icloud.com> wrote:

Begin forwarded message:

From: Mark Lizar <smartopian@icloud.com>

Subject: Breaking news: opportunity to present ancr work as EU ROPA replacement for SME's

Date: 10 May 2025 at 15:10:31 GMT-4

To: wg-ancr@kantarainitiative.org

Hi All,

in light of calls to update the GDPR - and make it easy for Small Business, by derogating the ROPA, record requirements for small businesses in the EU, i reached out to ask, why not implement consent receipts instead? (To the person who put consent receipts in the EU Digital Markets Act in the first place)

His response was to send him an email with this as an alternative approach so that he can share this with the EU Justice Department team.

As a part of my response, I would like to update them on how far the Consent Receipt work has evolved in the last 6 years into Standard Operational Transparency record information structure, that can be used for international consent record based information flows. (International Consent which was the objective of the work)

Mentioning how the Kanatara Consent Receipt work was

Used and is in use by industry
Adopted into:

ISO/IEC 27560: 2023 About to become an open standard (in 2025 Fall)

Extending the open and free to access ISO/IEC 29100 - privacy framework (recently updated)

TPI Benchmark for Valid Consent, coming out (next week Tbc)
Conv 108+ being ratified(next month Tbc)

To add to this, would there be any objections to making the ANCR Controller Identification Record. Spec (On the ANCR Wiki) publicly accessible so I can include it in my response ?

Best Regards,

Mark

Are there any objections to making the draft of the Controller Identification Record Spec publicly accessible ?