the Privacy by Design framework
The Privacy by Design framework is a useful tool for developing for user privacy. Developed in Canada in the 1990s, it is now a legal requirement under Europe's GDPR.
The framework has seven principles:
- Privacy must be proactive, not reactive, and must anticipate privacy issues before they reach the user. Privacy must also be preventative, not remedial.
- Privacy must be the default setting. The user should not have to take actions to secure their privacy, and consent for data sharing should not be assumed.
- Privacy must be embedded into design. It must be a core function of the product or service, not an add-on.
- Privacy must be positive sum and should avoid dichotomies. For example, PbD sees an achievable balance between privacy and security, not a zero-sum game of privacy or security.
- Privacy must offer end-to-end lifecycle protection of user data. This means engaging in proper data minimization, retention and deletion processes.
- Privacy standards must be visible, transparent, open, documented and independently verifiable. Your processes, in other words, must stand up to external scrutiny.
- Privacy must be user-centric. This means giving users granular privacy options, maximized privacy defaults, detailed privacy information notices, user-friendly options and clear notification of changes.
Some of these principles are easily visible within the proposed open source guidelines, while others should be the focus of discussion.
Questions for self-evaluation
The UK's data protection regulator, the ICO, suggests these open-ended questions to evaluate a project's PbD health:
We consider data protection issues as part of the design and implementation of systems, services, products and business practices.
We make data protection an essential component of the core functionality of our processing systems and services.
We anticipate risks and privacy-invasive events before they occur, and take steps to prevent harm to individuals.
We only process the personal data that we need for our purposes(s), and that we only use the data for those purposes.
We ensure that personal data is automatically protected in any IT system, service, product, and/or business practice, so that individuals should not have to take any specific action to protect their privacy.
We provide the identity and contact information of those responsible for data protection both within our organisation and to individuals.
We adopt a ‘plain language’ policy for any public documents so that individuals easily understand what we are doing with their personal data.
We provide individuals with tools so they can determine how we are using their personal data, and whether our policies are being properly enforced.
We offer strong privacy defaults, user-friendly options and controls, and respect user preferences.
We only use data processors that provide sufficient guarantees of their technical and organisational measures for data protection by design.
When we use other systems, services or products in our processing activities, we make sure that we only use those whose designers and manufacturers take data protection issues into account.
We use privacy-enhancing technologies (PETs) to assist us in complying with our data protection by design obligations.