Presidio Principles

Foundational Values for a Decentralized Future

16 Principles for Preserving & Protecting User Rights

Presidio Principles

16 Principles for Preserving & Protecting User Rights

The Presidio Principles aim provide creators of blockchain applications with a baseline for designing systems that preserve the rights of their participants.

Applications built on top of blockchain-based systems should preserve the following participant rights:

A participant should have access to information that would enable them to:

  • 1 Understand how a service is operated, including potential risks of the service, availability of source code, and the rules and standards upon which it is based.

  • 2 Understand the potential risks and benefits of a service’s use of blockchain technology.

  • 3 Understand system performance expectations and where the responsibility for service delivery lies.

  • 4 Understand the rights and obligations of different participants in the system.

A participant should be able to:

  • 5 Create, manage, and independently store cryptographic keys.

  • 6 Manage consent of data stored in third-party systems.

  • 7 Port data between interoperable systems or parts of a system.

  • 8 Revoke consent for future data collection system.

  • 9 Have access to information sufficient to facilitate system interoperability.

A participant should be able to:

  • 10 Assess if their data is at risk through appropriate disclosure procedures, which may include, but are not limited to, an examination of audit results, certifications, or source code.

  • 11Have their data protected in accordance with internationally recognized technical security standards.

  • 12Limit data collection to that which is necessary and data use to the purpose for which it was provided.

  • 13Verify – through third-party or self-created tools – that operations have been completed and confirmed in accordance with the system’s rules.

A participant should be able to:

  • 14 Access information needed to: (a) understand the system’s governance and rules and (b) pursue effective recourse mechanisms.

  • 15Opt-out of using applications that don’t treat data in accordance with internationally recognized governance and data protection standards.

  • 16Rectify demonstrably false, inaccurate, or incomplete data when necessary.

Want to learn more? Check out our case studies here.