Privacy by design: Difference between revisions

Privacy by Design is an approach to System Engineering which takes privacy into account throughout the whole engineering process. The concept is an example of Value Sensitive Design, i.e. to take human values into account in a well defined matter throughout the whole process and may have been originally derived from this. The concept originates in a joint report on “Privacy-enhancing technologies” by a joint team of the Information and Privacy Commissioner of Ontario, Canada, the Dutch Data Protection Authority and TNO in 1995 ^[1][2]. The Information & Privacy Commissioner of Ontario, Dr. Ann Cavoukian, has marketed the concept of Privacy by Design since the late 90’s.

Trilogy of Applications

Privacy by Design can be applied to information technology, business practices, and physical design/networked infrastructure.^[3]

Information Technology

Technology itself is not inherently a threat to privacy. The key lies in how it is used. For example, technology allows us to protect privacy through methods such as severing personal identifiers from data, or by encrypting personal information in a manner such that it can only be viewed by those who are authorized to do so. As technological innovations continue to pose new threats to privacy, Privacy-Enhancing Technologies can minimize these threats.

Accountable Business Practices

Too often, organizations protest that implementing serious privacy measures increase operating costs while adding nothing to the value of their business. Dr. Cavoukian has always advocated the idea that privacy is good for business. Her message to both public and private sector organizations: privacy should be treated as a business issue, not a compliance issue. Privacy by Design allows businesses to achieve a competitive advantage, by developing and maintaining accountable business practices.

Physical Design and Networked Infrastructure

When discussing privacy, the physical design of areas where personal information is shared or stored is often overlooked. Think of a pharmacy or hospital waiting room where individuals are often obliged to share personal health information in front of, and within earshot of, others. Similarly, you can have customer records stored safely away in a filing cabinet, but if there are no locks on the filing cabinets, then the privacy of those records cannot be assured. The importance of making sure that an organization’s physical assets and infrastructure address privacy requirements cannot be stressed enough.

The 7 Foundational Principles of Privacy by Design

The objectives of Privacy by Design — ensuring privacy protection and gaining personal control over one’s own information and, for organizations, gaining a sustainable competitive advantage — may be accomplished by practicing the 7 Foundational Principles:^[4]

1. Proactive not Reactive; Preventative not Remedial

   The Privacy by Design approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. Privacy by Design does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.

2. Privacy as the Default Setting

   We can all be certain of one thing — the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system, by default.

3. Privacy Embedded into Design

   Privacy by Design is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system, without diminishing functionality.

4. Full Functionality — Positive-Sum, not Zero-Sum

   Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum win-win manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security – demonstrating that it is possible to have both.

5. End-to-End Security — Full Lifecycle Protection

   Privacy by Design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. This ensures that all data are securely retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, Privacy by Design ensures cradle to grave, secure lifecycle management of information, end-to-end.

6. Visibility and Transparency — Keep it Open

   Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify.

7. Respect for User Privacy — Keep it User-Centric

   Above all, Privacy by Design requires architects and operators to protect the interests of the individual by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric.

Global Adoption

The 7 Foundational Principles of Privacy by Design have been translated into over 30 official languages.^[5] In October 2010, regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection.^[6]

This was followed by the U.S. Federal Trade Commission’s recognition of Privacy by Design in 2012 as one of its three recommended practices for protecting online privacy in its report entitled, Protecting Consumer Privacy in an Era of Rapid Change – a major validation of its significance.^[7]

More recently, Privacy by Design has been incorporated into the European Commission plans to unify data protection within the European Union with a single law – the General Data Protection Regulation.^[8]

Criticism

Privacy by Design has been critiqued as "vague"^[9] and leaving "many open questions about their application when engineering systems."^[10] It has also been pointed out that Privacy by Design is similar to voluntary compliance schemes in industries impacting the environment, and thus lacks the teeth necessary to be effective.^[9] Some critics have pointed out that certain business models are built around customer surveillance and data manipulation and therefore voluntary compliance is unlikely.^[11] The credibility of Privacy by Design has been undermined by the close relationship between Dr. Cavoukian and surveillance-inclined businesses such as Google and Facebook, as well as their sponsorship of Privacy by Design Conferences.^{[citation needed]}

Application Areas

Much of the Privacy by Design research is directly related to one of nine key application areas:

1. CCTV/Surveillance Cameras in Mass Transit Systems^{[12] [13]}
2. Biometrics Used in Casinos and Gaming Facilities^{[14] [15]}
3. Smart Meters and the Smart Grid^{[16] [17] [18]}
4. Mobile Devices & Communications^[19]
5. Near Field Communications (NFC) ^[20]
6. RFIDs and Sensor Technologies^{[21] [22] [23]}
7. Redesigning IP Geolocation Data^[24]
8. Remote Home Health Care ^{[25] [26] [27]}
9. Big Data and Data Analytics ^[28]

References

1. Hes, R. "Privacy Enhancing Technologies: the path to anonymity".
2. Hustinx, Peter. "Privacy by design: delivering the promises".
3. Cavoukian, Ann. "Applications for Privacy by Design".
4. Cavoukian, Ann. "7 Foundational Principles of Privacy by Design". Information and Privacy Commissioner/Ontario.
5. Cavoukian, Ann. "PbD in 33 Languages".
6. "Resolution on Privacy by Design" (PDF). 32nd International Conference of Data Protection and Privacy Commissioners (October 2010).
7. "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business and Policy-makers" (PDF). FTC Report (March 2012).
8. "REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)". European Commissioner (January 2012).
9. van Rest, Jeroen. "Designing Privacy by Design".
10. "Engineering Privacy by Design" (PDF). Seda G?urses, Carmela Troncoso, and Claudia Diaz.
11. "Privacy by Design: A Counterfactual Analysis of Google and Facebook Privacy Incidents". Ira Rubinstein and Nathan Good.
12. Cavoukian, Ann. "Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report" (PDF).
13. Cavoukian, Ann. "Guidelines for the Use of Video Surveillance Cameras in Public Places" (PDF).
14. "Privacy-Protective Facial Recognition: Biometric Encryption Proof of Concept" (PDF). Ann Cavoukian, and Tom Marinelli.
15. "Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy" (PDF). Ann Cavoukian, and Alex Stoivanov.
16. "Applying Privacy by Design Best Practices to SDG&E's Smart Pricing Program". Ann Cavoukian and Caroline Winn.
17. "Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart Grid" (PDF). Office of the Information and Privacy Commissioner of Ontario, Canada, Hydro One, and Toronto Hydro Corporation.
18. "Building Privacy into Ontario's Smart Meter Data Management System: A Control Framework" (PDF). Office of the Information and Privacy Commissioner Ontario, Canada, and Independent Electricity System Operator.
19. "The Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers, and Users" (PDF). Ann Cavoukian, and Marilyn Prosch.
20. Cavoukian, Ann. "Mobile Near Field Communications (NFC) "Tap 'n Go" – Keep it Secure and Private" (PDF).
21. Cavoukian, Ann. "Adding an On/Off Device to Activate the RFID in Enhanced Driver's Licences: Pioneering a Made-in-Ontario Transformative Technology that Delivers Both Privacy and Security" (PDF).
22. "RFID and Privacy: Guidance for Health-Care Providers" (PDF). Office of the Information & Privacy Commissioner of Ontario, Canada, and Hewlett-Packard.
23. Cavoukian, Ann. "Privacy Guidelines for RFID Information Systems (RFID Privacy Guidelines)" (PDF).
24. "Redesigning IP Geolocation: Privacy by Design and Online Targeted Advertising" (PDF). Ann Cavoukian and Bering Media.
25. "Sensors and In-Home Collection of Health Data: A Privacy by Design Approach" (PDF). Ann Cavoukian, Alex Mihailidis, and Jennifer Boger.
26. "Remote Home Health Care Technologies: How to Ensure Privacy? Build It In: Privacy by Design" (PDF). Ann Cavoukian, David A. Hoffman, and Scott Killen.
27. "Innovative Wireless Home Care Services: Protecting Privacy and Personal Health Information" (PDF). Office of the Information & Privacy Commissioner of Ontario, Canada, Research In Motion, Healthanywhere Inc. and MedShare.
28. "Privacy by Design in the Age of Big Data" (PDF). Ann Cavoukian and Jeff Jonas.