Privacy by Design – Recommendation or Requirement?
The GDPR incorporates Privacy by Design through articles 25(1) and 25(2) of the General Data Protection Regulation (GDPR), which outlines the obligations of data Controllers concerning ‘Data Protection by Design and Data Protection by Default’. The GDPR requires Controllers to put in place appropriate technical and organisational measures to implement the data protection principles effectively and safeguard individual rights.
This concepts of Data Protection by Design and Default although new under the GDPR is synonymous with Privacy by Design. Privacy by Design which was originally conceptualised by Dr. Ann Cavoukian. is an approach taken when creating new technologies and systems. This is when privacy is proactively incorporated into tech and systems, by default. It means a product is designed with privacy as a priority, along with whatever other purposes the system serves. Essentially technologists should make room for legal and privacy experts in product engineering processes.
Seven Foundational Principles
According to Dr. Cavoukian, seven Foundational Principles embody Privacy by Design: