The Principles, Domains and Values of the Data Privacy Foundation


This domain of the DPF is about collaborative, open source, data privacy knowledge bases created by a confederation of privacy professionals, with a global, cooperative orientation. A primary goal of the foundation is to collect, systemize and distribute knowledge about  data privacy laws, standards, technologies and issues around the world in an accessible, understandable and useful format. Knowledge is the key word for the foundation, and the DPF supports and encourages knowledge contributions from around the world, from all interested parties.


Moving from a strong knowledge base to the creation of awareness and greater sensitisation of data privacy issues, there are three pillars of this domain: Realisation, Contextualisation, Specification. The focus of the DPF is about creating awareness of the data collected, collated, stored and shared across the world by various organisations. This domain is about the implementation of privacy tools and techniques to visualise data and data flows, tag and monitor data, protect and encrypt data, and store and delete data. The DPF supports strong Data Provenance and Audit mechanisms that provide insight and oversight into data access and use, and encourages the development of tools and technologies that monitor the privacy status of data.


This domain is about “Rationalisation between Formulation and Implementation of Laws”. The approach adopted is that of a community that works in collaboration to rationalise and harmonise global laws, standards and privacy frameworks. The connections and interactions between laws and technologies, between legislation and regulation, and the imperative to bring them into alignment is a key driver for the DPF.


This domain is about the power of choice, and a key goal of the DPF is to provide full awareness, access and control of data to the relevant parties. The DPF acknowledges the convergence of public and private data, and the urgency of reconciling increasingly powerful data collection, aggregation and mining capabilities with the need to protect data and uphold privacy principles. The DPF understands that there must be realistic expectations around control of data and data privacy, and that there may be conflict between government, organisation and personal data privacy issues, with free-speech and security implications. Within this context, the DPF encourages the development of tools and technologies that maximises power, consent and control in the hands of data generators and data subjects.