British astronaut, Major Tim Peake, takes data to new dimensions as he closes out Big Data LDN 2023
Privacy by Design and by Default (PbD) is a crucial concept in the modern digital world where privacy concerns and data breaches have become increasingly prevalent. In an age where personal data is constantly collected, processed, and shared, it's essential to build privacy safeguards into systems and processes from the very beginning.
In this article, we'll delve deep into Privacy by Design and Default, exploring core principles and providing real-world examples of how businesses can implement it effectively.
What is Privacy by Design and Default? Definition
Privacy by Design and Default is the idea that data privacy should be pre-built into the design of systems rather than being treated as an afterthought.
It was first coined by Dr Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, Canada, and has since become a framework in the EU’s General Data Protection Regulation (GDPR) as well as other global data protection laws.
Organisations implementing Privacy by Design and Default should treat privacy as an essential component of any system or process, just like user experience or security. Instead of attempting to fix privacy issues retroactively, they should design systems with privacy in mind from the outset.
In the age of high-profile data breaches and growing concern for data privacy, this approach serves to prevent privacy breaches, minimise the risk of data misuse, and enhance user trust.
Privacy by Design vs. Privacy by Default
Privacy by Design and Privacy by Default often go hand-in-hand, but it’s important to understand that there are fundamental differences between the two concepts:
Privacy by Design focuses on embedding privacy measures into the architecture and design of products, systems, and processes. It calls for proactive planning to ensure that privacy is never compromised at any stage of development.
Privacy by Default, however, centres on the idea that privacy settings should be automatically configured to provide the highest level of privacy protection for users. It is based on the idea that individuals should not be required to take action to safeguard their privacy; it should be the default setting.
Privacy by Design and Privacy by Default are closely intertwined and are often used together to create a comprehensive approach to privacy protection.
7 principles of Privacy by Design and Default
Privacy by Design and Default is founded on seven core principles that guide the integration of privacy into the design and development of systems, products, and business practices. These principles ensure that privacy is treated as a fundamental consideration from the outset rather than as an afterthought. The principles of every Privacy by Design and Default strategy are as follows:
1. Proactive data protection
Privacy by Design and Default advocates for a proactive approach to privacy protection. It encourages organizations to identify and mitigate privacy risks before they materialize, rather than reacting to privacy breaches after they occur.
Example: When developing a new mobile app that collects user data, organisations should proactively implement encryption and access controls to protect user information, reducing the risk of data breaches.
2. Privacy as the default setting
This principle emphasizes that privacy should be the default setting for all systems and processes. Individuals should not be required to take extra steps to protect their privacy; it should be automatically safeguarded.
Example: A social media platform can set user profiles to private by default, ensuring that user information is not visible to the public unless users choose
3. Data minimization
Organisations should only collect and process the data that is absolutely necessary for the intended purpose. Unnecessary data collection should be avoided.
Example: An e-commerce website should only request the information required for shipping and billing, rather than asking for excessive personal details.
4. Full lifecycle protection
Privacy protection should encompass the entire lifecycle of data, from collection and storage to deletion. Data should be secure at every stage.
Example: An online banking platform should employ encryption during data transmission, secure data storage, and a robust data deletion process for closed accounts.
5. Visibility and transparency
Privacy by Design and Default promotes transparency in data practices. Individuals should be informed about how their data is used and have control over its use.
6. Robust security
Implement robust security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.
Example: An online healthcare portal should employ strong encryption to protect patient records and implement strict access controls for healthcare professionals.
7. Respct for user privacy
This is perhaps the most fundamental principle of Privacy by Design and Default. Companies must respect individuals' privacy and give them control over their own data. They should allow individuals to have agency and autonomy over their personal information.
Example: An email marketing platform should allow users to easily unsubscribe from email lists and delete their account and associated data if they choose to do so.
The GDPR and Privacy by Design and Default
The General Data Protection Regulation (GDPR) is a landmark piece of legislation that mandates a strong emphasis on Privacy by Design and Default. Under the GDPR, organisations are required to implement appropriate technical and organisational measures to ensure the protection of personal data.
GDPR Article 25: Data Protection by Design and Default
Article 25 (1) and 2(1) of the GDPR explicitly address the principles of Privacy by Design and Default. The article states that data controllers must implement appropriate technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific purpose of processing is processed:
Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.
The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.
The GDPR also requires data controllers to:
- Minimize Data - Collect and process only the data that is absolutely necessary for the stated purpose.
- Limit Access - Restrict access to personal data to authorized individuals who need it for their job.
- Use Pseudonymisation - Use techniques like pseudonymization and encryption to protect personal data.
- Conduct Regular Testing - Regularly evaluate and test the effectiveness of data processing measures.
Failure to comply with these requirements can result in hefty fines and penalties for organisations, as what was seen with the Meta's recent $1.2 billion fine for failing to protect users data when transferring it to the US.
Real-World Examples of Privacy by Design and Default
Now that we’ve explored the principles of privacy by design and default, let's explore real-world examples of organizations and initiatives that have effectively applied the principles of Privacy by Design and Default:
Google’s Privacy Sandbox
Google's Privacy Sandbox is a set of proposals for new privacy-preserving technologies that are set to replace third-party cookies by the end of 2024. Third-party cookies are small files that are placed on a user's device by websites that they do not directly visit. These cookies can be used to track users across different websites and build a profile of their interests.
The Privacy Sandbox is designed to avoid cross-site tracking, provide people with better transparency and control over their privacy settings, and result in better outcomes for people and businesses on the web.
Some of the specific proposals in the Privacy Sandbox include:
- FLEDGE (First-party Local Storage for Effective Ad Serving and Frequency Capping): This proposal would allow websites to use their own first-party cookies to store information about a user's browsing history, but only for a limited period of time. This would make it more difficult for companies to track users across different websites.
- Topics API: This allows users to choose topics that they are interested in, and then allow websites to show them ads that are relevant to those topics. This would allow advertisers to target ads without having to track individual users.
- Trust Token Framework: This allows websites to verify the identity of each other, without having to share personal information about their users. This would help to prevent fraud and abuse, while also protecting user privacy
The Privacy Sandbox adheres to the principles of privacy by design in a number of ways. For one, it gives users more control over their privacy settings and makes it more difficult for companies to track them without their consent.
The proposals are designed to be open and interoperable so that they can be used by all web browsers and advertising platforms. This helps ensure that the web remains open and competitive and that no one company has too much control over the advertising ecosystem.
Apple's Privacy Features
Apple has a long history of commitment to privacy and has implemented a number of features to protect user privacy. Some of these features include:
- Safari Intelligent Tracking Prevention (ITP): ITP is a feature that was introduced in Safari 11, which blocks third-party cookies and other trackers from tracking users across websites. This helps to protect users' privacy and prevent them from being bombarded with targeted ads.
- Mail Privacy Protection (MPP): MPP is a feature that was introduced in iOS 15, which hides users' IP addresses from senders when they view email in Mail. This helps to protect users' privacy and prevent senders from tracking their email activity.
- End-to-end encryption (E2EE): E2EE is a feature that encrypts data so that only the sender and recipient can read it. This is used in a number of Apple products and services, including iMessage, FaceTime, and iCloud Keychain.
- Differential privacy: Differential privacy is a technique that is used to add noise to data so that it cannot be used to identify individuals. This is used in a number of Apple products and services, including Siri and the Photos apps.
Apple has also become incredibly transparent about the privacy of apps on the App Store, adding a privacy description to every app so users know just how much data it collects. It has also recently introduced new requirements for APIs (Application Programming Interfaces) so that app developers can’t exploit APIs to extract user data.
WhatsApp's End-to-End Encryption
WhatsApp's end-to-end encryption is a security feature that encrypts all messages, calls, and media so that only the sender and recipient can read them. This means that not even WhatsApp can read your messages. This feature has been implemented into all WhatsApp services since 2016 and has since become a staple of the messaging app.
WhatsApp has also been upping its security measures amid the debate surrounding the UK’s Online Safety Bill – which would allow law enforcement to read private messages if required. It recently introduced a chat lock feature in protest of this bill, and has publicly stated that it would rather leave the UK than give up end-to-end encryption on its platform.
As well as end-to-end encryption, WhatsApp has several other features built into its app that protect user privacy, including:
- Profile picture and status privacy settings: You can choose who can see your profile picture and status updates.
- Group privacy settings: You can choose who can join your groups and who can see the group chat history.
- Read receipts: You can choose whether or not to send read receipts, which let the other person know when you have read their message.
- Disappearing messages: You can set messages to disappear after a certain amount of time
WhatsApp adheres to the principles of privacy by design by giving users more control over how their data is being used. It also makes the platform one of the most secure messaging platforms on the market,
Privacy by Design and Default represents a paradigm shift in how organizations approach privacy in the digital age. It's no longer sufficient to treat privacy as an afterthought or a compliance checkbox. Instead, it must be integrated into the very fabric of every operation.
With the GDPR as a guiding force, businesses around the world must recognise the importance of privacy by Design and Default in building trust with their customers and ensuring compliance with data protection regulations.