A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | AA | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Scope | Privacy Principles | |||||||||||||||||||||||||
2 | Reference | # | Status | Name/Title | Statement | Description | V | I | P | PP | CC | PL | CL | DM | UR | AQ | OT | IA | AC | IS | PC | Related Requirements | |||||
3 | 1_IP_CC | 1 | Submitted | Selected Data Release | The Issuer must ensure the existence of functionality allowing selective data release. | The Issuer must ensure that the mobile credential app allows the mobile credential holder to share mobile credential data elements selectively. For example, if a request is for data elements A, B, and C it must be possible for a mobile credential holder to release only elements A and B. | CC | ||||||||||||||||||||
4 | 2_VIP_IS | 2 | Submitted | Encrypted Channel Transactions | All identifying data shall be transacted through encrypted channels. | To provide holders and verifiers with confidentiality, verifiers shall only transact identifying data through encrypted secure channels to prevent exposure to third parties. Note: In the context of a digital ID, identifying data also includes unique identifiers such as public keys and digest salt values. | IS | ||||||||||||||||||||
5 | 3_P_OT | 3 | Submitted | Transparency at presentment | Transparency to Holder at mobile credential presentment. | Providers must identify which identity attributes are being requested in addition to which attributes will be retained by the verifier. | OT | ||||||||||||||||||||
6 | 4_V_AC | 4 | Submitted | Contextually appropriate Verifier Identification | Verifiers shall identify themselves to the Holder with enough detail in the context of the transaction to help the Holder to make a decision to proceed with the transaction. | In order for the Holder to proceed with a transaction, the first step is that the Verifiers should identify themselves in context. A context might be admission to a stadium. Another context might be a medical office. The Holder can verify that they are in the stadium or the doctor’s office themselves and the Holder Agent should be able to validate that. | AC | ||||||||||||||||||||
7 | 5_P_PL | 5 | Submitted | Inform users of Verifier policies | Wallet [sic] Providers (Holder Agent) must communicate to the Holder any attestations about data use associated with a verifier in the context of the transaction. | When a Holder Agent receives attestations from a verifier those attestations must be made available to the Holder. To inform users of a verifiers use-case and retention policy, along with the data requested - the provider should communicate to users how the verifier has claimed they will use the data and how they expect to retain it. | PL | ||||||||||||||||||||
8 | 6_V_PL | 6 | Submitted | Verifiers must publicly state the purposes for collection | Verifiers must publicly state the purposes for collection. | PL | |||||||||||||||||||||
9 | 7_V_CL | 7 | Submitted | Verifiers minimize collection | Verifiers shall not request more than the strictly necessary PII to provide their services. | Verifiers shall only request the strictly necessary PII to provide the services according to justified purposes for data processing. When no identification of the user is needed, Verifiers should accept the isolated proof of attributes via selective disclosure techniques or when possible, zero-knowledge proofs. | CL | ||||||||||||||||||||
10 | 8_V_CC | 8 | Submitted | Context for user consent | Verifiers should request user consent prior to the presentation from their mobile credential but after presenting a notice. | For in-person presentation, consent may be assumed to be implicit because the Holder has the option of not opening or presenting their mobile device. This implied consent should only apply to the minimum data required to fulfil the implicit purposes of the interaction. For example, presenting the mobile device for age verification implies consent for a yes/no age verification and a proof of possession (i.e. a photo of the Holder). Similarly, there is no implied necessity for the retention of that data. Any other data request or retention would need notice and explicit consent. | CC | ||||||||||||||||||||
11 | 9_V_UR | 9 | Submitted | Declare retention period | Verifiers shall state a retention period for PII in their consent request. | Verifiers shall communicate the user the retention period for PII or if not PII will be retained. *Point of discussion: offline scenarios, if consent is agreed to be implicit. | UR | ||||||||||||||||||||
12 | 10_V_UR | 10 | Submitted | Justifiable PII storage | Verifiers shall not store any PII unless the user consents or is justified for Law Enforcement purposes. | Verifiers shall not store any PII unless the user has consented for a specific purpose (e.g., marketing) or is required for accountability reasons. | UR | ||||||||||||||||||||
13 | 11_V_PL | 11 | Submitted | Segregated Accountability | Verifiers shall not enter into collusive practices with Issuing Authorities or other Verifiers. | To avoid dilution of accountability or the possibility of regulatory capture, verifiers shall not engage in practices to discover the uses of mDLs, enable user re-identification, or enable traceability across Verifiers. | PL | ||||||||||||||||||||
14 | 12_V_IS | 12 | Submitted | Secure storage | Verifiers shall adopt appropriate measures to ensure the security of stored PII. | If storage is required, Verifiers shall implement privacy by design and by default techniques (e.g., anonymization or psedonymization of data). | IS | ||||||||||||||||||||
15 | 13_V_OT | 13 | Submitted | Data subject rights | Verifiers shall implement appropriate means to guarantee the exercise of data subject rights. | If verifiers store any data (*in particular for online scenarios), shall guarantee that the user can access and request the modification or erasure of their PII.the modification or erasure of their PII. | OT | ||||||||||||||||||||
16 | 14_V_AC | 14 | Submitted | Verifier Data Registry | Verifiers shall maintain appropriate registries and ensure access to Law Enforcement Authorities for accountability. | In compliance with the applicable law, Verifiers shall retain and make available requested data to Law Enforcement Authorities for accountability purposes. | AC | ||||||||||||||||||||
17 | 15_V_DM | 15 | Submitted | Verifier Re-identification | Verifiers shall not combine any PII to re-identify the data subject unless the user has consented. | Verifiers shall not combine presented data to identify the user or establish patterns unless the user has been previously informed and has consented. | DM | ||||||||||||||||||||
18 | 16_V_DM | 16 | Submitted | Verifiers must only request the minimum data required for their transaction | Verifiers shall only request the minimum data required for their transaction. | To avoid excessive collection of data, the Verifiers attested data fields should map to the minimum required to meet their attested use-case. | DM | ||||||||||||||||||||
19 | 17_VIP_IA | 17 | Submitted | Mobile Credentials must be made available to all subjects that have right granted by Issuer | The Issuer Verifier and all Providers must ensure access to all subject that have rights that granted by issuer regardless of any special needs that the subject might need to endure | IA | |||||||||||||||||||||
20 | 18 | ||||||||||||||||||||||||||
21 | 19 | ||||||||||||||||||||||||||
22 | 20 | ||||||||||||||||||||||||||
23 | 21 | ||||||||||||||||||||||||||
24 | 22 | ||||||||||||||||||||||||||
25 | 23 | ||||||||||||||||||||||||||
26 | 24 | ||||||||||||||||||||||||||
27 | 25 | ||||||||||||||||||||||||||
28 | 26 | ||||||||||||||||||||||||||
29 | 27 | ||||||||||||||||||||||||||
30 | 28 | ||||||||||||||||||||||||||
31 | 29 | ||||||||||||||||||||||||||
32 | 30 | ||||||||||||||||||||||||||
33 | 31 | ||||||||||||||||||||||||||
34 | 32 | ||||||||||||||||||||||||||
35 | 33 | ||||||||||||||||||||||||||
36 | 34 | ||||||||||||||||||||||||||
37 | 35 | ||||||||||||||||||||||||||
38 | 36 | ||||||||||||||||||||||||||
39 | 37 | ||||||||||||||||||||||||||
40 | 38 | ||||||||||||||||||||||||||
41 | 39 | ||||||||||||||||||||||||||
42 | 40 | ||||||||||||||||||||||||||
43 | 41 | ||||||||||||||||||||||||||
44 | 42 | ||||||||||||||||||||||||||
45 | 43 | ||||||||||||||||||||||||||
46 | 44 | ||||||||||||||||||||||||||
47 | 45 | ||||||||||||||||||||||||||
48 | 46 | ||||||||||||||||||||||||||
49 | 47 | ||||||||||||||||||||||||||
50 | 48 | ||||||||||||||||||||||||||
51 | 49 | ||||||||||||||||||||||||||
52 | 50 | ||||||||||||||||||||||||||
53 | |||||||||||||||||||||||||||
54 | |||||||||||||||||||||||||||
55 | |||||||||||||||||||||||||||
56 | |||||||||||||||||||||||||||
57 | |||||||||||||||||||||||||||
58 | |||||||||||||||||||||||||||
59 | |||||||||||||||||||||||||||
60 | |||||||||||||||||||||||||||
61 | |||||||||||||||||||||||||||
62 | |||||||||||||||||||||||||||
63 | |||||||||||||||||||||||||||
64 | |||||||||||||||||||||||||||
65 | |||||||||||||||||||||||||||
66 | |||||||||||||||||||||||||||
67 | |||||||||||||||||||||||||||
68 | |||||||||||||||||||||||||||
69 | |||||||||||||||||||||||||||
70 | |||||||||||||||||||||||||||
71 | |||||||||||||||||||||||||||
72 | |||||||||||||||||||||||||||
73 | |||||||||||||||||||||||||||
74 | |||||||||||||||||||||||||||
75 | |||||||||||||||||||||||||||
76 | |||||||||||||||||||||||||||
77 | |||||||||||||||||||||||||||
78 | |||||||||||||||||||||||||||
79 | |||||||||||||||||||||||||||
80 | |||||||||||||||||||||||||||
81 | |||||||||||||||||||||||||||
82 | |||||||||||||||||||||||||||
83 | |||||||||||||||||||||||||||
84 | |||||||||||||||||||||||||||
85 | |||||||||||||||||||||||||||
86 | |||||||||||||||||||||||||||
87 | |||||||||||||||||||||||||||
88 | |||||||||||||||||||||||||||
89 | |||||||||||||||||||||||||||
90 | |||||||||||||||||||||||||||
91 | |||||||||||||||||||||||||||
92 | |||||||||||||||||||||||||||
93 | |||||||||||||||||||||||||||
94 | |||||||||||||||||||||||||||
95 | |||||||||||||||||||||||||||
96 | |||||||||||||||||||||||||||
97 | |||||||||||||||||||||||||||
98 | |||||||||||||||||||||||||||
99 | |||||||||||||||||||||||||||
100 |