16 user rights make up the newly launched Presidio Principles: the foundational values for a decentralized future
COVID-19 has accelerated the development and use of emerging technology across industries. For blockchain technology to scale in its next phase, global alignment between the public and private sectors is needed.
To help individuals and companies build trust and preserve the fundamental values of blockchain technology, the World Economic Forum (WEF)’s Global Blockchain Council developed the “Presidio Principles: Foundational Values for a Decentralized Future,” which consists of sixteen principles aimed to protect users and preserve the values of the technology so that all can benefit.
“The blockchain ecosystem needed a baseline for designing applications that preserve the rights of users,” said Sheila Warren, Head of Blockchain and Data Policy, World Economic Forum. “During our council meeting, we realized we could help curb many of the mistakes and missteps seen so far if we were able to provide developers, governments and executives with a ‘Bill of Rights’ style document.”
Rights are grouped into four broad pillars: Transparency & Accessibility – the right to information about the system; Privacy & Security – the right to data protection; Agency & Interoperability – the right for individuals to own and manage their data; and Accountability & Governance – the right for system users to understand available recourse.
The Presidio Principles
Applications built on top of blockchain-based systems should preserve the following participant rights.
A participant should have access to information that would enable them to:
- Understand how a service is operated, including potential risks of the service, availability of source code, and the rules and standards upon which it is based.
- Understand the potential risks and benefits of a service’s use of blockchain technology.
- Understand system performance expectations and where the responsibility for service delivery lies.
- Understand the rights and obligations of different participants in the system.
A participant should be able to:
- Create, manage, and independently store cryptographic keys.
- Manage consent of data stored in third-party systems.
- Port data between interoperable systems or parts of a system.
- Revoke consent for future data collection.
- Have access to information sufficient to facilitate system interoperability.
- Assess if their data is at risk through appropriate disclosure procedures, which may include, but are not limited to, an examination of audit results, certifications, or source code.
- Have their data protected in accordance with internationally recognized technical security standards.
- Limit data collection to that which is necessary and data use to the purpose for which it was provided.
- Verify – through third-party or self-created tools – that operations have been completed and confirmed in accordance with the system’s rules.
- Access information needed to: (a) understand the system’s governance and rules and (b) pursue effective recourse mechanisms.
- Opt-out of using applications that don’t treat data in accordance with internationally recognized governance and data protection standards.
- Rectify demonstrably false, inaccurate, or incomplete data when necessary.