0PN Transparency Code of Conduct

At Global Privacy Rights we focus on standard transaprency infromation structure and policy that can be used for making digital records and receipts of processing activites for various notice types, to providde for inclusive notification for all Transparency modalities.

Privacy By Design and Consent by Default

0PN policy is for operational transparency, utlising Convention 108+, as a privacy policy framework, and ISO/IEC 29100 to specify a Controller identifition record schema, for generating transaprency records and receipts. 

Privacy By Design for Consent by Default Transparency

0PN operational policy assumes that the PII Principle, consents to reading and interpreting a notice or signal, in physical or digital space, to be able to make a choice about the control, or use of personal data. 

Article 27 in Convention 108+ and its corresponding Article 25, in the GDPR, specify Privacy by Design and Defualt, and include the obligation, which are exactly the same in both instruments.. 

"the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects."

Consent by default, is a Controller safeguard which enables pseudonymisation, where the individual is anonymous to the controller, in order to implement data protection principles, eliminate the requirement for data minimisatoin, to facilate the right to consent to being identififed, and or to permit data collection and or processing. 

Consent by Default, operational transparency practice requires, that, these guidelines are followed, 

1. a record of the notice event and actiopn to read the notice be logged, (Article 88)
2. a record of changes to the privacy state are notified prior to renewed access 
3. on first notice, confirmation of consent is explictly provided by Controller, or another lawful basis is presented, with required transparency and secuirty access. 
4. that all data processing requires a notice prior to or at the time of processing.  (unless legally legislated otherwise to be registered with a regulator and or data privacy officer, for international data transfers without consent, 
5. That regardless of the lawful basis, notice enables consent for  a secondary purpose of use.  Achieved with a notice receipt, that can be provided upon request.
6. That if a direct notice or noitifcation cannot be provided due to the nature of processing, then a notice is to be published. 

In addition, Privacy by design and Consent by defualt, policy enables additional measure , as specified in Convention 108+, to inlude,

"Such measures could consist, inter alia, of minimising the processing of personal data, pseudonymising personal data as soon as possible, transparency with regard to the functions and processing of personal data, enabling the data subject to monitor the data processing, enabling the controller to create and improve security features."

This can be enabled in and out of context through the use of twinned notice receipt, provided to both parties, by a third party, auditing intermediariy.   These features and more are in development at the 0PN Digital Transaprency Lab. 

To find out more, read our 0PN Privacy Policy.