What is Privacy by Design? We use products and services everyday. From online banking, email providers and online retailers. All of our interactions with these products and services lead to what can be referred to as the information trade-off. The information trade-off is when we have to give up some of our personal data in order to use a product or service.
In giving up some of our personal information we begin to expose ourselves to potential threats to our privacy. Therefore, how technologists and engineers design a system or product around privacy plays an important role when it comes to the safety and security of an individual’s personal data. We’ve written before about how we’ve ‘baked in’ Privacy by Design (PbD) at Tap.
In this post we’ll look at where the PbD methodology comes from, its seven core principles and why following this approach can lower the risk of data handling and breaches in an organisation. Further reading is included at the bottom.
Privacy by Design
Privacy by Design (PbD) stems from Value Sensitive Design (VSD) which is a “theoretically grounded approach to the design of technology that accounts for human values in a principled and comprehensive manner throughout the design process” (Friedman et al. 2006).
Essentially VSD provides a guideline for designing a system or product with a certain value in mind. The term value is interesting as it brings to mind something that is useful, or important. Therefore value itself can be linked to ‘privacy’ as privacy is important to users of technology.
Privacy by design (PbD) is an approach to systems engineering initially developed by Ann Cavoukian in 1995. The ‘Privacy by Design’ approach can be regarded as a VsD approach, one that focuses solely on the concept of privacy. PbD is about the protection of the privacy of individuals throughout the entire product lifecycle.
The Information Commissioner’s Office (ICO) shows just how broad data protection by design can be. For example it can encompass:
- IT systems, services, products and processes that involve processing personal data;
- Organisational policies, processes, business practices and/or strategies that have privacy implications;
- Physical design;
- Data sharing initiatives; or
- Personal data for new purposes.
It is agreed by many that PbD has seven core principles that designers should follow when designing privacy friendly products or systems. These principles have at their core the idea that data protection should be “viewed in proactive rather then reactive terms, making privacy by design preventive and not simply remedial” (Ann, Cavoukian 2010).
The 7 core principles of PbD
Proactive not reactive; preventative not remedial
Privacy by design approach should be proactive rather than reactive. In simple terms you shouldn’t wait for privacy risks to occur. Rather the design approach should anticipate and aim to prevent privacy events before they happen.
Privacy as the default
Privacy is built into the system of a product by default. A user’s privacy should be protected without having to perform any actions with the product or service.
Privacy embedded into design
Privacy is embedded into the design and architecture of the product or system. It shouldn’t be seen as an extra feature but should be seen as an essential function. In addition it shouldn’t limit the user’s experience of the product.
Full functionality — positive-sum, not zero-sum
Privacy by design seeks to accommodate all interests and aims, ensuring no unnecessary trade-offs are made.
End-to-end security — full lifecycle protection
Privacy has been considered from the start (initial design) to finish (end of life cycle). Therefore is embedded into the system or product before any information is collected.
Visibility and transparency — keep it open
This one is pretty clear. The components and operations should be visible and transparent to all users and providers. Should operate according to the promises and objectives.
Respect for user privacy — keep it user-centric
Architects and designers must keep the interests of the users and individuals by offering strong and user-friendly options.
The central point to PbD is that data protection should be central in all phases of the product life cycle, from the initial design, operational use and disposal. The Privacy Impact Assessment approach proposed by Clarke (2009) makes a similar point. It proposes “a systematic process for evaluating the potential effects on privacy of a project, initiative or proposed system or scheme.” What’s clear is not taking a proactive approach to PbD in your product will lead to future issues arising that could have been prevented.
Friedman, B., Kahn Jr, P. H., Borning, A., & Kahn, P. H. (2006). “Value Sensitive Design and information systems. Human-Computer Interaction and Management Information Systems: Foundations.” ME Sharpe, New York, 348–372.
Hes, R., (1995) “Privacy Enhancing Technologies: the path to anonymity”(PDF).
Hustinx, P., (2010), “Privacy by Design: Delivering the Promises”.
Cavoukian, A., (2009), Privacy by Design, Ottowa: Information and Privacy Commissioner of Ontario, Canada. [Cavoukian 2009 available online (PDF)].
Clarke, Roger., (2009) Privacy Impact Assessment: Its Origins and Development, Published in Computer Law & Security Review 25, p123–135.