What is Privacy by Design?
A framework through which the privacy by design for operations of Information technology systems, integrated networks, business models can be embedded successfully.
The term was first coined back in 1995 by Ann Cavoukian. And the framework was first published in 2009. Though Ann Cavoukian’s theory has been termed as vague and since then there has been the tremendous development from all the fronts. Even the GDPR incorporates the current framework of Privacy by Design.
According to Dr Ann Cavoukian, “Protecting privacy while meeting the regulatory requirements for data protection around the world is becoming an increasingly challenging task. Taking a comprehensive, properly implemented risk-based approach—where globally defined risks are anticipated, and countermeasures are built into systems and operations, by design—can be far more effective, and more likely to respond to the broad range of requirements in multiple jurisdictions.”
What are the Guidelines of a Privacy by Design framework?
The privacy by design framework is based on the seven founding principles, and the guidelines mentioned in it have strictly adhered while implementing the technology. Let’s take a look at the guidelines in brief.
The ideal framework has to be proactive and not reactive meaning it should be used as a preventive method instead of implementing it as a remedial measure. The framework should ideally prevent the attacks rather than having to resort to counter-measures.
- Confidentiality- Default priority
The confidentiality of personal data is integrated by default with the framework, and an individual doesn’t have to take any special action on his/her part.
- User-oriented Design
The framework has to be designed keeping in mind the priority has to be given to user experience, and it should be made user-friendly.
The framework is expected to be transparent and should be able to provide all the information on the data subjects.
- Positive Sum
The framework has to be made keeping in mind the positive win-win approach rather than the traditional zero loss approach. In simpler words, it means to achieve the end result with the positive outcome rather than preventing an adverse outcome.
- End-to-End Security
The privacy by design framework has to prevent the user data from the all the end-points leading to the Total Security of the Data Subject.
- Embedded into the design as Essential part
The most important thing is that the privacy is integrated into the framework as the default part of the framework design and it has to be given the utmost importance.
The significance of Privacy by Design
The privacy by design was inculcated in the General Data Protection Rule aka GDPR, and the importance of the privacy by design has grown ever since. As it places the user data privacy at its core values, the privacy by design approach has changed the way the developers develop the websites. And with the implementation of EU GDPR, the tasks of data analysts and programmers have only increased.
The impact of Privacy by Design
Although the term was well known in the technology community, the GDPR only heightened its importance. J. Beckwith Burr, Chief Privacy Officer of Neustar, focuses on the struggles of IT Heads and Business Heads coming to terms with the framework.
The GDPR has stated that voluntary and transparent certification is available and many companies avail of the certifications for a successful implementation of Privacy by Design.
The Privacy by design has gained a lot of traction with the implementation of GDPR and with the impending implementation of the similar law in the US; the significance of it is only going to increase emphatically.