What are the 7 Principles of Privacy by Design?

14 MIN READ

What are the 7 Principles of Privacy by Design?

Topics: Data Privacy

By Calligo on 17 December 2019

Privacy by Design is based on seven principles that help businesses be proactive when it comes to data privacy and build privacy into the very heart of their projects, processes and core activities. The concept was created and defined by Dr Ann Cavoukian, Ph.D, an Executive Director of the Global Privacy & Security by Design Centre and previously the Information and Privacy Commissioner, Ontario, Canada. Work began in 1995 but it was formally launched and accepted in 2010. 

 

Why is it important?

Privacy by Design is one of the key principles of data optimization – the art and science of making the most of your business’ data without compromising your legal obligations or data ethics.

 

It’s not just a framework to aspire to; privacy laws, such as GDPR explicitly mandate that organizations need to consider Privacy by Design at the earliest stages possible of any project, and throughout the entire lifecycle. This is key to ensuring ongoing adherence to the regulation – and many more as the structure of GDPR is emulated in more and more territories’ own privacy legislation.

 

When is it relevant?

Fundamentally, if any activity is dependent upon or even tangentially connected to, the use of personal data (so, most activities then), Privacy by Design is essential to ensure that you are continuously treating your data subjects legally, appropriately and frankly, ethically.

 

   building new IT systems for storing or accessing personal data

 

    developing legislation, policy or strategies that have privacy implications

 

     embarking on any data-sharing initiative, however small

 

     using data for new purposes

       …and plenty more besides.

 

What are the 7 principles of privacy by design?

 1. Proactive not reactive; preventative not remedial
Proactively anticipate privacy-invasive events before they happen, rather than rely on identifying and reacting to issues as they threaten.
 

2. Privacy as the default

This insists that the maximum degree of privacy should be delivered by default, from the very start and throughout its lifecycle, automatically. A key part of this is ensuring that only as much data as is genuinely necessary is collected, no more. If this is ensured, then the potential to undermine privacy is markedly reduced.
 

3. Privacy embedded into design

To ensure that privacy is integrated into the initial stages of a product’s design and architecture as well as IT systems and business practices. By considering privacy at the design stage, privacy can be achieved at the same time as ensuring the functionality and productivity of the project. In contrast, if privacy is retro-fitted, it will invariably hinder the project’s capability as the original design will have relied upon illicit freedom in the use of data.
 

 4. Full functionality — positive-sum, not zero-sum

This ensures that whilst privacy is embedded at the very core, functionality doesn’t suffer. Businesses need to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made.
 

5. End-to-end security — lifecycle protection

An essential part of data privacy and protection is security. Privacy by Design ensures that IT security is present from data collection, through to storage and eventual deletion.
 

 6. Visibility and transparency

This makes sure that all stakeholders (particularly data subjects) are informed of the business’ privacy practices and policies and that they clearly state how data will be processed, stored and erased, as well as any technologies used.
 

7.  Respect for user privacy

Provide data subjects with all the tools required to uphold their privacy rights – from clear and transparent privacy notices, strong privacy defaults and user-friendly interfaces. As well as ensuring all personal data is accurate and up-to-date.
 

The seven principles of Privacy by Design enable organizations to design better products and ensure that they are privacy compliant from the very start.

 

If your business is facing a new IT project, our team of Privacy Architects can help. With equal expertise in cloud technology and data privacy legislation, they’ll ensure IT project’s ambition does not overtake your Privacy by Design obligations. Find out more by clicking below.New call-to-action