O3.22 Ensure linkability, unobservability, and zero-knowledge proofs are the default

Principle

O3: Ensure data privacy by design

Risk

RS1 Privacy vulnerability, RS2 Digital insecurity

Lifecycle Stage

L2: Strategy & Design

Practices

• Requests for information can be refused, complied with fully, or partially, with zero-knowledge proofs used to verify information without transferring personal data.

• Design technical systems to protect user interactions from being correlated across different relying parties, unless the user provides their legal identity.

• Ensure that DPI operators cannot gain knowledge of user behavior or interactions without explicit user consent, using techniques like encryption and anonymization to safeguard privacy.

Resources

References