Privacy & Identity White Paper

The Privacy and Identity Management for Europe (PRIME) consortium has published a new White Paper that is recommended reading for everyone working on ID management.

I especially like their design principles on page 15. They could effectively be called the "Laws of Privacy-Enhancing Design":

• Design must start from maximum privacy
• Explicit privacy governs system usage
• Privacy rules must be enforced, not just stated
• Privacy enforcement must be trustworthy
• Users need easy and intuitive abstractions of privacy
• Privacy needs an integrated approach
• Privacy must be integrated with applications