In a world where personal data is constantly collected, processed, and shared, it's essential to build privacy safeguards into systems and processes from the very beginning.
Not only is it an effective way of ensuring customers trust your business, but it’s also a legal requirement. The GDPR requires you to put in place appropriate technical and organisational measures to implement the data protection principles and safeguard individual rights.
This concept, known as ‘Privacy by Design and Default’, has become an essential part of data protection laws, helping organizations ensure they remain compliant with fundamental principles and requirements of regulations.
In this article, we'll delve deep into what Privacy by Design and Default is, exploring core principles and providing real-world examples of how businesses can implement it effectively.
What is Privacy by Design and Default? Definition
Privacy by Design and Default is the concept that data privacy should be pre-built into the design of systems rather than being treated as an afterthought. It was first coined by Dr Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, Canada, and has since become a framework in the EU’s General Data Protection Regulation (GDPR) and other global data protection laws.
Organisations implementing privacy by design and default should treat privacy as an essential component of any system or process, just like user experience or security. Instead of attempting to fix privacy issues retroactively, they should design systems with privacy in mind from the outset. Privacy considerations must be integrated into the development process of products, systems, and services from the outset (by design), and automatically apply the highest privacy settings as the default option (by default).
This approach ensures that data is handled responsibly, minimizing its collection, storage, and access, while empowering individuals to control their personal information.
In the age of high-profile data breaches and growing concern for data privacy, adopting privacy by design and default allows organizations to prevent privacy breaches, minimise the risk of data misuse, and enhance user trust.
This not only makes it easier to comply with data protection regulations effectively but also builds trust with users and makes it easier to protect user data from external threats.
Privacy by Design vs by Default: What’s the difference?
Privacy by Design and Privacy by Default often go hand-in-hand, but it’s important to understand that there are fundamental differences between the two concepts.
While privacy by design focuses on proactively incorporating data protection into the development process of products or systems, privacy by default ensures that the strongest privacy settings are automatically applied to these systems, requiring minimal user action to protect personal information.
Privacy by design focuses on proactively embedding privacy into the development process of products or systems, ensuring data protection is considered from the outset. Privacy by default, however, specifically refers to automatically setting the highest privacy settings as the standard, requiring users to actively choose to share more data rather than opting out of privacy.
Privacy by design and by default are closely intertwined and are often used together to create a comprehensive approach to privacy protection.
7 Principles of Privacy by Design and Default
Privacy by Design and Default is founded on seven core principles that guide the integration of privacy into the design and development of systems, products, and business practices. These principles ensure that privacy is treated as a fundamental consideration from the outset rather than as an afterthought. The principles of every Privacy by Design and Default strategy are as follows:
1. Proactive data protection
Privacy by Design and Default advocates for a proactive approach to privacy protection. It encourages organizations to identify and mitigate privacy risks before they materialize, rather than reacting to privacy breaches after they occur.
Example: When developing a new mobile app that collects user data, organisations should proactively implement encryption and access controls to protect user information, reducing the risk of data breaches.
2. Privacy as the default setting
This principle emphasizes that privacy should be the default setting for all systems and processes. Individuals should not be required to take extra steps to protect their privacy; it should be automatically safeguarded.
Example: A social media platform can set user profiles to private by default, ensuring that user information is not visible to the public unless users choose
3. Data minimization
Organisations should only collect and process the data that is absolutely necessary for the intended purpose. Unnecessary data collection should be avoided.
Example: An e-commerce website should only request the information required for shipping and billing, rather than asking for excessive personal details.
4. Full lifecycle protection
Privacy protection should encompass the entire lifecycle of data, from collection and storage to deletion. Data should be secure at every stage.
Example: An online banking platform should employ encryption during data transmission, secure data storage, and a robust data deletion process for closed accounts.
5. Visibility and transparency
Privacy by Design and Default promotes transparency in data practices. Individuals should be informed about how their data is used and have control over its use.
Example: A subscription-based news website should have a clear privacy policy explaining data usage and provide options for users to opt out of data collection or choose their preferences.
6. Robust security
Implement robust security measures to protect personal data from unauthorized access, disclosure, alteration, or destruction.
Example: An online healthcare portal should employ strong encryption to protect patient records and implement strict access controls for healthcare professionals.
7. Respect for user privacy
This is perhaps the most fundamental principle of Privacy by Design and Default. Companies must respect individuals' privacy and give them control over their own data. They should allow individuals to have agency and autonomy over their personal information.
Example: An email marketing platform should allow users to easily unsubscribe from email lists and delete their account and associated data if they choose to do so.
The GDPR and Privacy by Design and Default
The General Data Protection Regulation (GDPR) is a landmark piece of legislation that mandates a strong emphasis on privacy by design and default. Under the GDPR, organisations are legally required to implement appropriate technical and organisational measures to ensure the protection of personal data.
The regulation explicitly mandates that organizations implement technical and organizational measures to safeguard personal data from the design phase onward. This is precisely what Privacy by Design and Default encompasses. The GDPR requires that privacy is built into systems and processes from the ground up, and that the default settings prioritize data protection. Failure to comply with these requirements can result in significant penalties for organizations.
By requiring organizations to integrate data protection from the outset of their systems and processes (design) and to prioritize privacy settings as the default option (default), the GDPR ensures a proactive and robust approach to data protection. In essence, Privacy by Design and Default is not merely a best practice but a legal obligation under the GDPR.
GDPR Article 25: Data Protection by Design and Default
Article 25 (1) and 2(1) of the GDPR explicitly address the principles of Privacy by Design and Default. The article states that data controllers must implement appropriate technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific purpose of processing is processed:
Article 25(1): "Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects."
Article 25(2): "The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.
The GDPR also requires data controllers to:
- Minimise Data - Collect and process only the data that is absolutely necessary for the stated purpose.
- Limit Access - Restrict access to personal data to authorized individuals who need it for their job.
- Use Pseudonymisation - Use techniques like pseudonymization and encryption to protect personal data.
- Conduct Regular Testing - Regularly evaluate and test the effectiveness of data processing measures.
Failure to comply with these requirements can result in hefty fines and penalties for organisations, as was seen with Meta's recent $1.2 billion fine for failing to protect users' data when transferring it to the US.
Real-World Examples of Privacy by Design and Default
Now that we’ve explored the principles of privacy by design and default, let's explore real-world examples of organizations and initiatives that have effectively applied the principles of Privacy by Design and Default:
1. Google’s Privacy Sandbox
Google's Privacy Sandbox is a set of proposals for new privacy-preserving technologies that are set to replace third-party cookies by the end of 2024. Third-party cookies are small files that are placed on a user's device by websites that they do not directly visit. These cookies can be used to track users across different websites and build a profile of their interests.
The Privacy Sandbox is designed to avoid cross-site tracking, provide people with better transparency and control over their privacy settings, and result in better outcomes for people and businesses on the web.
Some of the specific proposals in the Privacy Sandbox include:
- FLEDGE (First-party Local Storage for Effective Ad Serving and Frequency Capping): This proposal would allow websites to use their own first-party cookies to store information about a user's browsing history, but only for a limited period of time. This would make it more difficult for companies to track users across different websites.
- Topics API: This allows users to choose topics that they are interested in, and then allow websites to show them ads that are relevant to those topics. This would allow advertisers to target ads without having to track individual users.
- Trust Token Framework: This allows websites to verify the identity of each other, without having to share personal information about their users. This would help to prevent fraud and abuse, while also protecting user privacy
The Privacy Sandbox adheres to the principles of privacy by design in a number of ways. For one, it gives users more control over their privacy settings and makes it more difficult for companies to track them without their consent.
The proposals are designed to be open and interoperable so that they can be used by all web browsers and advertising platforms. This helps ensure that the web remains open and competitive and that no one company has too much control over the advertising ecosystem.
2. Apple's Privacy Features
Apple has a long history of commitment to privacy and has implemented a number of features to protect user privacy. Some of these features include:
- Safari Intelligent Tracking Prevention (ITP): ITP is a feature that was introduced in Safari 11, which blocks third-party cookies and other trackers from tracking users across websites. This helps to protect users' privacy and prevent them from being bombarded with targeted ads.
- Mail Privacy Protection (MPP): MPP is a feature that was introduced in iOS 15, which hides users' IP addresses from senders when they view email in Mail. This helps to protect users' privacy and prevent senders from tracking their email activity.
- End-to-end encryption (E2EE): E2EE is a feature that encrypts data so that only the sender and recipient can read it. This is used in a number of Apple products and services, including iMessage, FaceTime, and iCloud Keychain.
- Differential privacy: Differential privacy is a technique that is used to add noise to data so that it cannot be used to identify individuals. This is used in a number of Apple products and services, including Siri and the Photos apps.
Apple has also become incredibly transparent about the privacy of apps on the App Store, adding a privacy description to every app so users know just how much data it collects. It has also recently introduced new requirements for APIs (Application Programming Interfaces) so that app developers can’t exploit APIs to extract user data.
3. WhatsApp's End-to-End Encryption
WhatsApp's end-to-end encryption is a security feature that encrypts all messages, calls, and media so that only the sender and recipient can read them. This means that not even WhatsApp can read your messages. This feature has been implemented into all WhatsApp services since 2016 and has since become a staple of the messaging app.
WhatsApp has also been upping its security measures amid the debate surrounding the UK’s Online Safety Bill – which would allow law enforcement to read private messages if required. It recently introduced a chat lock feature in protest of this bill and has publicly stated that it would rather leave the UK than give up end-to-end encryption on its platform.
As well as end-to-end encryption, WhatsApp has several other features built into its app that protect user privacy, including:
- Profile picture and status privacy settings: You can choose who can see your profile picture and status updates.
- Group privacy settings: You can choose who can join your groups and who can see the group chat history.
- Read receipts: You can choose whether or not to send read receipts, which let the other person know when you have read their message.
- Disappearing messages: You can set messages to disappear after a certain amount of time
WhatsApp adheres to the principles of privacy by design by giving users more control over how their data is being used. It also makes the platform one of the most secure messaging platforms on the market,
Final Thoughts
Privacy by Design and Default represents a paradigm shift in how organizations approach privacy in the digital age. It's no longer sufficient to treat privacy as an afterthought or a compliance checkbox. Instead, it must be integrated into the very fabric of every operation.
With the GDPR as a guiding force, businesses around the world must recognise the importance of privacy by Design and Default in building trust with their customers and ensuring compliance with data protection regulations.