Protection against Tracking
This pattern avoids the tracking of visitors of websites via cookies. It does this by deleting them at regular intervals or by disabling cookies completely.
Support minimization of data collection and distribution. Important when a service is collecting location data from or about a user, or transmitting location data about a user to a third-party.
Minimal Information Asymmetry
Prevent users from being disenfranchised by their lack of familiarity with the policies, potential risks, and their agency within processing.
Informed Secure Passwords
Ensure that users maintain healthy authentication habits through awareness and understanding.
Users need to be informed about how visible data about them is, and what may be derived from that data. This allows them to reconsider what they are comfortable about sharing, and take action if desired.
Encryption with user-managed keys
Use encryption in such a way that the service provider cannot decrypt the user's information because the user manages the keys.
Federated Privacy Impact Assessment
The impact of personal information in a federation is more than the impact in the federated
Use of dummies
This pattern hides the actions taken by a user by adding fake actions that are indistinguishable from real.
Inform users of content where other users or unauthenticated persons having accessed the same content are listed, and may access any further disclosures.
Identity Federation Do Not Track Pattern
All information has been extracted from http://blog.beejones.net/the-identity-federation-do-not-track-pattern The Do Not Track Pattern makes sure that neither the Identity Provider nor the Identity Broker can learn the relationship between the user and the Service Providers the user us.
The goal of this display is to provide the user information about why what information by whom is requested. It should be used whenever personal data is required from the user.
Layered Policy Design
Make privacy policies easier for users to understand by layering detail behind successively more concise and summarized information.
Discouraging blanket strategies
Give users the possibility to define a privacy level from a range of options each time they share content.
Let users benefit according to the contributions they make.
Proactively provide continual, recurring notice to consented users of repeating access to their personal data, including tracking, storage, or redistribution.
Abridged Terms and Conditions
Enables the user to better understand the Terms and Conditions presented by a system through summarization. The most important elements therein are condensed into a more concise overview.
Policy Matching Display
Allow users to specify what privacy preferences they have and non-intrusively bring policy mismatches to their attention.
Users are more willing to contribute valuable input when they can do so without leaking personal data, or perceive an equal or greater exchange in value either monetarily or socially.
Outsourcing [with consent]
“The controller has to obtain additional specific, informed, explicit, and freely given consent before outsourcing data processing to a third party.“
Provide unobtrusive, non-modal, continuous notice when personal data is being accessed to increase awareness of real-time tracking.
Provide standardized contextual policy information on the nature and risks of disclosure through tooltips.
Standardize warning labels similar to nutrition information to quickly inform users about privacy policies and preferences.
Data Breach Notification Pattern
Ensure that unauthorized access and processing of personal data is detected and reported to the supervisory authority and any sufficiently affected users without any undue delay.
A messaging service is enhanced by using a trusted third party to exchange the identifiers of the communication partners by pseudonyms.
This pattern provides unlinkability between senders and receivers by encapsulating the data in different layers of encryption, limiting the knowledge of each node along the delivery path.
Strip Invisible Metadata
Strip potentially sensitive metadata that isn't directly visible to the end user.
Hide the identity by using a pseudonym and ensure a pseudonymous identity that can not be linked with a real identity during online interactions.
Personal Data Store
Subjects keep control on their personal data that are stored on a personal device.
Trust Evaluation of Services Sides
A visual highlight provided by an authority which signals the extent to which given privacy criteria are fulfilled. It should be clearly placed and easily found, with links to additional information.
Encrypt, aggregate and decrypt at different places.
Privacy-Aware Network Client
Enhance user awareness of privacy policies by automatically converting it into a standardized and easily readable format over a secure channel.
Sign an Agreement to Solve Lack of Trust on the Use of Private Data Context
Services of a controller may require users to sign contracts that stipulate their obligations and processing purposes for which users must consent to use the service. This ensures that users can trust the controller as it is bound to the contract it signs.
Single Point of Contact
The Single Point of Contact is a security authority who protects the privacy and security of sensitive data stored online by validating the authority of requests and ensuring secure communication channels.
Informed Implicit Consent
Controllers must provide unavoidable notice of a users implicit consent to the processing of their data, where reasonable to do so.
Allow users to decide granularly what functions they consent to before the function is used.
Privacy Color Coding
Provide visual cues in standardized colors about privacy policies and preferences to help convey information to users more quickly.
Appropriate Privacy Icons
Use consistent icons in place of policy aspects. The icons should convey these aspects reliably, without allowing room for misinterpretation once explained to the user.
User data confinement pattern
Avoid the central collection of personal data by shifting some amount of the processing of personal data to the user-trusted environments (e.g. their own devices). Allow users to control the exact data that shares with service providers
Icons for Privacy Policies
Icons are capable of conveying information more quickly than a document, and are therefore a useful way to augment policies.
Obtaining Explicit Consent
Controllers require consent to be given willingly and specifically when in any way processing the personal data of their users.
Disclosure awareness is needed to adequately manage digital identity. Provide the user of a system with a high level reflection on what personal data the system knows about, what access is given to others, and what kind of personal data can be deduced.
Appropriate Privacy Feedback
Supplies the user with privacy feedback, especially concerning that which is monitored and accessed, and by whom.
Impactful Information and Feedback
Provide feedback about who a user will disclose their information to using certain privacy settings before that information is actually published.
Decoupling [content] and location information visibility
Allow users to retroactively configure privacy for location information with respect to the content's contextual privacy requirements.
Platform for Privacy Preferences
Use privacy policies which consist of standardized and extensible vocabulary and data element sets, both of which user agents should be aware of, in order to streamline their review by eliminating redundancies.
Selective access control
Allow users to specify who may access the content they generate, both during and after submission.
Give users some benefits in exchange for providing information or content.
An informational privacy dashboard can provide collected summaries of the collected or processed personal data for a particular user.
Preventing mistakes or reducing their impact
Prevent accidental automatic disclosure of personal information.
The pattern allows obligations relating to data sharing, storing and processing to be transferred and managed when the data is shared between multiple parties.
Informed Credential Selection
Ensure users are informed of the potential privacy consequences of sharing various authenticating data.
Anonymous Reputation-based Blacklisting
Get rid of troublemakers without even knowing who they are.
Over time, build user preferences from a privacy-preserving default semi-automatically, through opt-in/opt-out, semantics, and informed solicitations.
Reasonable Level of Control
Let users share selectively (push) and make available (pull) specific information to predefined groups or individuals.
Let users filter out some or all personal information they would otherwise provide to a service.
By default, isolate users to a selection of social connections in a user-defined circle of trust. Allow them to expand this circle or create new ones based on the existing members.
Privacy Awareness Panel
Establish user awareness of the risks inherent in the disclosure of their data, whether to the controller themselves or to other users.
A crucial element in privacy protection is ensuring that all sensitive processing is preceded by the acquisition of freely given, informed, specific, and explicit consent.
Privacy Aware Wording
Ensure that the content of privacy related information provided to the user is worded carefully, maintaining both attention and understanding.
Machine-readable policies are sticked to data to define allowed usage and obligations as it travels across multiple parties, enabling users to improve control over their personal information.
Personal Data Table
In order for users to see what information a controller has about them, they can be provided with a detailed tabular overview of that data upon request.
Informed Consent for Web-based Transactions
This pattern describes how controllers can inform users whenever they intend to collect or otherwise use a user's personal data.
Added-noise measurement obfuscation
Add some noise to service operation measurements, but make it cancel itself in the long-term
Increasing awareness of information aggregation
Inform users about the potentially identifying effects of information aggregation to prevent them from unknowingly endangering their privacy.
Attribute Based Credentials
Attribute Based Credentials (ABC) are a form of authentication mechanism that allows to flexibly and selectively authenticate different attributes about an entity without revealing additional information about the entity (zero-knowledge property).
Trustworthy Privacy Plug-in
Aggregate usage records at the user side in a trustworthy manner.
[Support] Selective Disclosure
Many services (or products) require the collection of a fixed, often large, amount of personal data before users can use them. Many users, instead, want to freely choose what information they share. This pattern recommends that services Support Selective Disclosure, tailoring functionality to work with the level of data the user feels comfortable sharing.
Enable sharing and re-sharing without wide public visibility or cumbersome authenticated access control.
This pattern aggregates multiple entities into a set, such that they cannot be distinguished anymore.
Active broadcast of presence
Users may actively choose to automatically provide updates when they want to share presence information, to increase both the relevance of, and control over, their sharing.
Prevent suspicious access to user data through alerts and authenticate through multiple factors upon potential compromise of an account.