Last updated 1 month ago
To know more about this phase of the DPI life cycle, click here.
Click on any process listed below to learn about illustrative practices that can be implemented.
F2.4 Design and implement backup processes for users who lack assumed documentation
F2: Do not discriminate
R13 Exclusion, RI1 Discrimination
F4.10 Implement comprehensive reporting and accessibility protocols
F4: Reinforce transparency and accountability
SV1 Digital Distrust, SV4 Technical shortcomings
F6.5 Implement optional features for user control over personal data
F6: Promote autonomy and agency
RI4 Disempowerment, RS1 Privacy vulnerability
O2.5 Implement rigorous testing protocols
O2: Evolve with evidence
SV3 Weak institutions
O3.14 Integrate strict data minimization protocols into design
O3: Ensure data privacy by design
RS1 Privacy vulnerability
O3.15 Implement strict controls to enforce purpose limitation and restrict secondary data use.
RS1 Privacy vulnerability, SV1 Digital distrust
O3.16 Embed strong standards of privacy from the start and integrate it into design and processes
O3.17 Ensure compliance with privacy laws and evaluate risks related to PII by conducting and publicly documenting privacy impact assessments for new or updated technologies and systems.
O3.18 Emphasize transparency and user empowerment in managing data.
RI4 Disempowerment, RS1 Privacy vulnerabilities
O3.19 Develop privacy requirements and select mitigation strategies, documenting and iterating your analysis as needed.
O.20 Ensure unobservability of Daily User Interactions by Design
O.21 Establish mechanisms to ensure a right to opt-out whenever appropriate
O3.22 Ensure linkability, unobservability, and zero-knowledge proofs are the default
RS1 Privacy vulnerability, RS2 Digital insecurity
O3.23 Establish Robust Data Delinking Mechanisms once the purpose of the processing of personal information has been served
O3.24 Make alternative mechanisms besides biometrics available for enrollment for special cases (leave nobody behind)
O3.25 Ensure that biometric authentication is not mandatory
RI3 Exclusion, RS1 Privacy vulnerability, SV4 Technical shortcomings
O4.3 Ensure secure and auditable data handling
O4: Assure data security by design
RS2 Digital insecurity, RS1 Privacy vulnerability, SV4 Technical shortcomings
O6.6 Embed vulnerability in product design
O6: Respond to gender, ability or age
RI4 Disempowerment