Privacy by Design

What is Privacy by Design?

Thinking about data protection from the very beginning 

Privacy by Design is the data protection compliant technical design and development of IT systems. The GDPR regulates this principle in Article 25 and the Recital 78. It makes sense to examine possible data protection problems already in the development phase and to data protection to be included in the conception from the outset, instead of having to solve these problems afterwards in a tedious and time-consuming way. The Privacy by Design approach includes, among other things, the requirement of data economy, the separation of personal identifiers and content data, the use of the pseudonymisation and the anonymisation and the timely deletion of personal data.

What is the difference between Privacy by Design and Privacy by Default?

The three most important principles of Privacy by Design are firstly, transparency of data processing and the possibility of control by the data subject, secondly, the use of procedures that meet technical security standards, and thirdly, privacy by default. This serves to protect the users, especially if users have limited IT knowledge and are therefore not in a position to take the necessary technical measures themselves.

An implementation example of Privacy by Default is the tracking settings of browsers. The browser automatically informs the visited websites that the user does not want or is not allowed to be tracked. The user can also switch off this protection and agree to tracking. This is called opt-in.

Consequences for data protection

The Privacy by Design approach should be as binding on technology manufacturers and developers as it is on those who are responsible for data processing and decide on the procurement and use of IT systems.

Apps, for example, should be designed in such a way that, by default, they process only those data that are necessary for basic functionality. Other functions that require further data of the person concerned must first be activated by the user. Prior to this, the user must be informed in a few sentences about the benefits, the recipients authorised to access the data and the storage period of the data.

The data subject should always be in control of his or her data and should be able to check which app function requires which data for which purpose and should be able to activate or deactivate individual functions. Observance of Privacy by Design also leads to an analysis of the future susceptibility of technologies to misuse. Therefore, the validity period of certificates should not be too long. Systems must be designed in such a way that security measures can be improved and added at a later date.

You want to minimise your risk and implement data protection automatically and with guidance? Inform yourself about the features of the Robin Data Software or via the order of our qualified Data Protection Officer. Data protection made easy.

Learn more

Can data protection-friendly technology be a competitive advantage?

At first glance, Privacy by Design seems to inhibit the profitable use of personal data that many companies are striving for. However, the use of privacy enhancing technologies and information about them leads to a higher acceptance among those affected and to more legal certainty for companies. A win-win situation for both sides, so to speak. In contrast, non-transparent data processing without the participation of the data subject strengthens the public's distrust of the processing of their data. The pseudonymisation of data is particularly important in this context, as it only rarely contradicts an economically effective data analysis. Large online advertising networks have long recognized this.

Companies should not only rely on Privacy by Design for legal but also for economic reasons. If those affected are informed about the use of their data and can actively control it through data protection-friendly system design, acceptance of IT systems and services will increase. The active reference to the use of Privacy by Design can give companies an advantage.

Prof. Dr. Andre Döring
Latest posts by Prof. Dr. Andre Döring (see all)

This might interest you too:

Data protection of children

Data protection of children on the Internet

Information by parents and concrete rules on media use are useful. How can the use of digital media be taught?
E-Privacy Regulation

The ePrivacy Regulation

The e-Privacy Regulation is controversial. Economic interests are opposed to data protection. Learn how your company has to prepare.
Privacy by Design

Privacy by Design

The technical conception and development of IT systems in conformity with data protection regulations has consequences for data protection and advantages for companies.