Open-source intelligence and privacy by design

As demonstrated by other papers on this issue, open-source intelligence (OSINT) by state authorities poses challenges for privacy protection and intellectual-property enforcement. A possible strategy to address these challenges is to adapt the design of OSINT tools to embed normative requirements, in particular legal requirements. The experience of the VIRTUOSO platform will be used to illustrate this strategy. Ideally, the technical development process of OSINT tools is combined with legal and ethical safeguards in such a way that the resulting products have a legally compliant design, are acceptable within society (social embedding), and at the same time meet in a sufficiently flexible way the varying requirements of different end-user groups. This paper uses the analytic framework of privacy design strategies (minimise, separate, aggregate, hide, inform, control, enforce, and demonstrate), arguing that two approaches for embedding legal compliance seem promising to explore in particular. One approach is the concept of revocable privacy with spread responsibility. The other approach uses a policy mark-up language to define Enterprise Privacy Policies, which determine appropriate data handling.