Privacy protections are a late addition, added on to an app, program, or website only to comply with legal requirements or to satisfy user concerns.
According to the concept of Privacy by Design, these issues are addressed far too late in the development process. A long-standing best practice for information system and network design for decades, Privacy by Design will soon become a legal requirement in the European Union.
As concerns about privacy arise in the US and internationally, it has become essential to develop systems that prioritize user privacy.
1. What is Privacy by Design?
Privacy by Design was developed in the 1990s by then-Ontario Information and Privacy Commissioner, Ann Cavoukian. According to Cavoukian’s explanatory document on the principles of PbD, privacy must become an integral consideration to design processes, policies, procedures, and protocols.
Instead of rectifying a data breach after the fact, PbD mandates that privacy concerns are anticipated and prevented before they happen. In essence, Privacy by Design elevates privacy protection to be a priority equal to that of advancing commerce, developing new technological innovation, or any other objective of a private or public developer.
2. The 7 Core Tenets of Privacy by Design
To its adherents, the importance of PbD is in the recognition of privacy as a fundamental human value. Some commentators note that the US has traditionally not been as concerned with privacy as have countries in Europe and elsewhere.
But as technology advances and more user data is collected, and social media sites with huge user bases increasingly face sanctions from the Federal Trade Commission for breaking their promises regarding user data, online privacy has become an issue of priority for designers and developers.
If you operate a business, you likely send commercial emails. One of the main laws established and monitored by the FTC is the CAN SPAM Act. This set of rules requires you to allow users to opt out of receiving emails, and prioritize transparency in your emailing tactics.
The PbD framework has seven basic tenets that reflect the idea that privacy protection should form part of the initial project development and not become a consideration after a breach has already occurred.
They are foundational principles that offer specific guidance for implementing PbD:
1. Privacy must be proactive, not reactive: anticipate and prevent events that violate privacy. Developers should recognize systems that do a poor job of protecting privacy and take steps to correct them before implementation. Overall, this tenet reflects a high-level commitment to privacy and the establishment of ways to integrate privacy concerns into any new project.
2. Privacy must be the default setting: systems should automatically protect privacy, even if a user does nothing. As an example, imagine your social media settings are automatically set to the highest privacy setting, defaulting to the least amount of access to your information until you choose to make more information available.
3. Privacy must be embedded into the design: privacy should form part of the system architecture. Imagine an internet service provider whose focus is on using new technology to create faster speed. This principle would mandate that privacy is not sacrificed in order to reach those higher speeds – privacy protection is an end goal of any technological research or development.
4. Privacy integrations must offer full functionality, and be positive sum (not zero-sum): accommodate all interests in a “win-win” manner – for example embracing both security and privacy. Users should never have to make the choice between full functionality and privacy protection. They should have full access to all features without having to give up more of their personal information.
5. Systems must offer end-to-end security, and full lifecycle protection: PbD for the entire lifecycle of the data. This means businesses that collect data must act responsibly as long as they have it, from acquisition through use and secure destruction.
7. Systems must prioritize user privacy: protects the interests of the individual user. Data collectors must always keep the privacy interests of the user in mind. They must ask for consent from the user, give notice about changes to privacy policies, and remain open and accountable.
In order to fully comply with Privacy by Design frameworks, your online infrastructure must comply with each of the seven core tenets.
Overwhelmed by the ins and outs of the GDPR? Our GDPR overview provides an accessible introduction to this strict privacy law.
In the past decade, the explosion of ecommerce and digital marketing has led to a huge collection of user data, but little protection for user privacy. In some areas of the world, that neglect of user privacy interests is beginning to change.
3. Privacy Laws: European Union (GDPR) and the United States
Privacy by Design, once a theoretical best practice, is becoming enforceable law in the European Union starting next spring. The EU’s General Data Protection Regulation (GDPR) mandates that controllers implement technical and organizational measures to ensure user privacy.
PbD is only one aspect of the GDPR, which also codifies data portability and the right to be forgotten into European law.
Importantly, the GDPR, an updated version of the General Data Protection Directive, is extraterritorial. This means that you do not have to operate a business in the EU in order to be affected. In order to fall within the gamut of GDPR, you need only process the personal information of an EU resident.
Violators of the GDPR can be fined up to 4 percent of their annual revenue, or 20 million euros (24 million USD).
In the United States, privacy protections are far less explicit. You may have heard about well-known companies facing sanction from the FTC because they violated user privacy. However, as a technical matter, these cases were not about privacy rights.
4. Best Practices for Businesses Implementing PbD
If you are a business owner in the US, what does this mean for you? If you target individuals in the EU, or even monitor their activity, you should take the PbD mandate seriously.
Even if you don’t, you should start to make user privacy a priority in order to prepare for a time when stronger privacy laws are enacted in the U.S. and in jurisdictions where you do business.
Ideally, you want to start your work with a Privacy Impact Assessment (PIA). While this is mandated by the GDPR only when there is a high risk to individual freedoms, for example, with the use of new technology or large-scale surveillance or monitoring, it provides a useful framework for assessing how your business processes affect user privacy.
U.S. government agencies are required by law to conduct PIAs on their own activities pursuant to a 2002 law. For your own purposes, you can follow guidelines from organizations like the UK Information Commissioner’s Office to develop a PIA. Some basic steps for a PIA include:
- Identify information flows: what’s collected, why it’s collected, and where it goes.
- Identify privacy risks: leaks of personal information to third parties, for example.
- Identify and implement ways to reduce privacy risks.
After drafting a PIA, you can come up with specific ways to safeguard user privacy. The following represent some general action items that can help ensure a higher level of user privacy.
- Don’t ask for more information than necessary from users
- Make personal data anonymous so it can’t be connected to a specific person
- Make sure data shared with third parties complies with PbD
- Have clear, accessible and regularly updated privacy policies
- Create opt-in notices for users on different types of data and for different uses
- Remind users to review their privacy settings
- Delete old data
In order to best adhere to privacy concerns and create a true PbD framework, you must tweak or expand on these recommendations according to the nature of your business and industry. When in doubt, refer back to the central tenets of Privacy by Design and ask yourself and your team if there’s more you can do to protect the private information of your users.