privacy-check

star 30

Use to assess Privacy by Design compliance and GDPR/data protection alignment for a feature or system.

haabe By haabe schedule Updated 5/25/2026
play_arrow Run Skill in Manus View GitHub

name: privacy-check description: "Use to assess Privacy by Design compliance and GDPR/data protection alignment for a feature or system." metadata: instruction_budget: "37" framework_dependency: "mycelium" framework_dependency_note: "This skill is designed to run within the Mycelium framework (https://github.com/haabe/mycelium). Standalone use will skip the canvas state, theory gates, and harness behavior the skill assumes. Install: /plugin install mycelium@haabe/mycelium."

Privacy Check Skill

Privacy by Design assessment.

Workflow

7 Foundational Principles (Cavoukian)

  1. Proactive not Reactive: Are privacy measures built in from the start?

    • Privacy considered in design phase, not bolted on
    • Risks identified before implementation

  2. Privacy as Default: Is the most private option the default?

    • Data collection opt-in, not opt-out
    • Minimum data collected by default
    • Sharing disabled by default

  3. Privacy Embedded in Design: Is privacy integral to the system?

    • Privacy controls are core features, not add-ons
    • Architecture supports data minimization

  4. Positive-Sum, not Zero-Sum (originally "Full Functionality"): Privacy without trade-offs?

    • Privacy features don't degrade user experience
    • Not a false choice between privacy and functionality
    • Avoid false dichotomies: privacy vs. security, privacy vs. business value

  5. End-to-End Security: Data protected throughout its lifecycle?

    • Encryption at rest and in transit
    • Secure deletion when no longer needed
    • Access controls throughout the data lifecycle

  6. Visibility and Transparency: Is data processing transparent?

    • Users know what data is collected and why
    • Processing purposes documented and communicated
    • Third-party sharing disclosed

  7. Respect for User Privacy: Are user interests centered?

    • Users can access their data
    • Users can correct their data
    • Users can delete their data
    • Consent is informed, specific, and revocable

Data Protection Assessment

  • What data is collected? List all personal data fields.
  • Why? Lawful basis for each data element.
  • How long? Retention period for each data type.
  • Who accesses it? List all parties with access.
  • Where is it stored? Data residency and cross-border transfers.
  • How is it protected? Encryption, access control, monitoring.
  • What if breached? Incident response plan exists?

Output

## Privacy Assessment: [Feature/System]

### PbD Principles
| Principle | Status | Notes |
|-----------|--------|-------|
| Proactive | Pass/Fail | ... |
| Default privacy | Pass/Fail | ... |
| Embedded | Pass/Fail | ... |
| Full functionality | Pass/Fail | ... |
| End-to-end security | Pass/Fail | ... |
| Transparency | Pass/Fail | ... |
| User respect | Pass/Fail | ... |

### Data Inventory
| Data | Purpose | Basis | Retention | Protection |
|------|---------|-------|-----------|-----------|
| ... | ... | ... | ... | ... |

### Risks and Recommendations
1. [risk and recommended action]

Decision Log (MANDATORY per G-P4)

APPEND a ### Privacy Assessment entry to .claude/harness/decision-log.md with: principles assessed, data flows identified, risks found, GDPR compliance status.

Theory Citations

  • Cavoukian: Privacy by Design (7 principles)
  • GDPR: Data protection regulation
Install via CLI
npx skills add https://github.com/haabe/mycelium --skill privacy-check
Repository Details
star Stars 30
call_split Forks 3
navigation Branch main
article Path SKILL.md
Occupations
Compliance Officers 131041
More from Creator
haabe
haabe Explore all skills →