Privacy By Design

Search Knowledge Base by Keyword

Privacy By Design is a foundational concept in the study of modern data privacy. It’s incorporated into the text of the GDPR as a core principle, and while other pieces of data privacy legislation don’t go so far as to make its adoption mandatory, its influence remains considerable everywhere. The key figure in Privacy By Design’s development was Dr. Ann Cavoukian, Information and Privacy Commissioner for Ontario from 1997-2014.

The concept is based on seven “foundational principles” that any organization must adopt in order to fully incorporate Privacy By Design. They are:

– Proactive not reactive

– Privacy as the default setting

– Privacy embedded into design

– Full functionality – positive-sum, not zero-sum

– End-to-end security – full lifecycle protection

– Visibility and transparency – keep it open

– Respect for user privacy – keep it user-centric

There’s a great explainer on what each of these terms means here, but the “in a nutshell” explanation is that all of these considerations are necessary if privacy is to be truly embedded into a system’s design. Some GDPR commentators have expressed a wish that Privacy By Design contained more actionable specifics and less vague principles. They may have a point, but for now, this concept has become the de facto first principle of digital privacy enthusiasts worldwide.