In this article, we will talk about Privacy By Design, a principle of personal data protection to integrate from the beginning of IT projects (applications, products, services). It is a relatively recent principle since it has been applied since the end of May 2018 for all companies that process personal data and which use can identify a person, either directly or indirectly.
What is the concept of Privacy by design?
The objective of this concept is to assure users that privacy protection will be integrated, from the design stage, in new commercial and technological applications.
What does it mean, concretely?
From now on, companies are obliged to integrate this rule of personal data protection from the very beginning of projects that involve data processing in a structure. The company must therefore take the necessary measures upstream of the project, both technically and organizationally, in order to process personal information correctly. Data processors and data processing companies aim to offer their users a high level of protection for each new application, product or service that processes personal data.
What is it for?
The principle is first and foremost a “solution” to the problems caused by Big Data and data leakage due to the automation of the collection of personal data. Indeed, the collection of massive personal data is a major issue today, but above all a major concern for privacy. For companies, it is a form of wealth, but one that must be handled with care, since it must be in line with customer expectations.
It is at the heart of the General Regulations for Data Protection (RGPD), that we find the principle of Privacy By Design. The idea is to prioritize the digital economy by creating an environment of trust for users. This trust must therefore be achieved by strengthening the protection and security of all users’ data. This is the purpose of this principle of “Privacy By Design”.
The 7 Principles of Privacy By Design
The "Privacy By Design" is based on 7 fundamental principles:
-
The implementation of preventive, proactive and non-corrective measures,
-
A principle of protection, by default, of personal data,
-
Taking into account the protection of users' privacy,
-
For users whose personal data is or has been collected, security and protection of their privacy,
-
Transparency,
-
Respect for the privacy of the persons concerned,
-
Optimal protection.
Privacy By Design and Privacy By Default
The principle of “Privacy By Design” is linked to the principle of “Privacy By Default” for which companies that process personal data must guarantee a maximum level of data protection by default.
The use of the “Privacy By Default” principle and Privacy Enhancing Technologies (PET*) can play an important role in making companies more accountable for implementing effective data protection compliance policies and mechanisms.
* PETs are mechanisms, tools and applications integrated into online services that allow users to protect their personally identifiable information and also to control its use. In particular, they allow users to control, minimize or anonymize any data they share. In some cases, it is possible to negotiate the terms and conditions for the processing of user data by online services or applications.
The risks of neglecting the principle of "Privacy By Design"
In the event of negligence with regard to “Privacy By Design” issues, there can be risks and therefore serious consequences for companies, namely:
- Legal proceedings
- Professional data theft
- A loss of market share
- Damage to brand image
It is therefore important to take the principle of “Privacy By Design” seriously, since optimal consideration of this principle and these issues can greatly improve the reputation of the brand and the company, give confidence to customers.
The advantages of the "Privacy By Design" principle
The principle of “Privacy By Design” has many advantages in the development of an application or service.
For the user, the advantages are such as:
-
The reduction of risks related to the improper use of personal information
-
A strong confidence in the use of the services offered
For the company, the advantages are such as:
-
The reduction of risks related to the improper use of personal data
-
The reduction of risks due to its liability
-
Ability to provide services in compliance with legislation
-
Competitive advantages and reduction of costs related to the development of services
-
Reducing service development costs by integrating the principle of "Privacy By Design" from the outset into project management
-
Reducing legal risks in the event of a breach of regulations
In application on your projects
Applying this principle of “Privacy By Design” makes it possible to put in place preventive measures in order to limit the potential risks of violation of personal data upstream and from the very beginning of a project. The measures related to this principle must prevent the collection of personal data that takes place without a legitimate reason and, therefore, imply the deletion of personal data in a database if it is not necessary to store it for later.
The biggest challenge remains the application of these data protection principles while preserving the business stakes of this new project. However, in new projects of this type, it is imperative to take data protection into account at every stage and progress of the project in question.
What is essential is to think about adopting these methods and techniques upstream and from the outset in order to protect personal data properly and appropriately, as required by the DPMR.
A study of consent interfaces is necessary, but to integrate the principle of “Privacy By Design”, the measures go much further. There must be involvement from each member and department of the company and at all hierarchical levels.
