An analysis of privacy design principles as applied to decentralized systems

Cristina DeLisle (@CristinaDeLisle)

This talk will provide an analysis of privacy design principles in building software. It will consider best practice recommendations and the specific characteristics of decentralized models.
For example, data separation is one of the main privacy design principles. Thus, a decentralized model is preferable as opposed to a centralized one. If we were to imagine a privacy by design future, a social media platform would be decentralized. Unfortunately, data separation alone is not contouring this future.

  • What design principles are there to consider?
  • What are the particular challenges posed by decentralized systems?

This talk will tackle these topics and propose ways in which we can address them.

Questions & Answers available!

Q&A Session – An analysis of privacy design principles as applied to decentralized systems
⬡ Hooray, the live Questions & Answers are available here


Thank you so much Cristina, as usual your analysis is crystal clear and to the point. I’m glad we have you around in this community!

As I’m a bit running out of time I’ll skip the reminder of the 8 privacy principles in the EU framework and skip directly to the questions you propose to address during the live session:

  1. How to adapt privacy design principles to the Fediverse?
  2. What particular challenges does the Fediverse pose in implementing these ideas?
  3. Anything you feel like adressing :slight_smile:

Thanks for this presentation, Cristina! Really appreciate your analysis between regulation and software.

I’m parking some questions here that came to my mind while listening to your presentation, that I hope to ask in the BoF session:

  • In a world where multiple, different jurisdictions are starting to wield their legal sovereignty over their portions of the internet for political reasons, what trends and changes have you seen in regulators/lawmakers’ views, and how do you see this impacting the future development of software or operators of software in the Fediverse?
  • You mention that “The providers have the potential to violate the privacy of the nodes, based on the design choices of the platform”: does this mean in a P2P software case, where the user is possibly also the provider in a P2P world, does the regulatory liability sit on the user-provider’s own shoulders, or does it shift to the developers of the P2P software? Or is this an example where regulation and tech just do not align well?
  • How do the EU regulators generally balance the privacy principles against other regulations (right to be forgotten, etc)?
1 Like

Thank you for taking the time to answer all the questions!


Thank you, cjs for attending the Q&A session! I wish I would have seen them earlier so that I could have answer them in a more structured way (my bad). I really enjoyed the very interesting topics opened and I did my best on the spot. I hope to see you again some other time and if you want to keep in touch, let’s do it! :smile:

1 Like