thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Monday, July 02, 2007

Privacy & Identity White Paper

The Privacy and Identity Management for Europe (PRIME) consortium has published a new White Paper that is recommended reading for everyone working on ID management.

I especially like their design principles on page 15. They could effectively be called the "Laws of Privacy-Enhancing Design":
  • Design must start from maximum privacy
  • Explicit privacy governs system usage
  • Privacy rules must be enforced, not just stated
  • Privacy enforcement must be trustworthy
  • Users need easy and intuitive abstractions of privacy
  • Privacy needs an integrated approach
  • Privacy must be integrated with applications