What Is Privacy by Design?
Privacy by Design is sometimes considered too abstract. We, therefore, share tips and tactics for engineers to implement each of the seven principles.
Join the DZone community and get the full member experience.
Join For FreePrivacy by Design (PbD) is an approach to systems engineering that aims to embed privacy into every stage of the development process and across the entire organization from day one.
Privacy is too often overlooked or solely an afterthought. Policies get developed following harmful incidents such as data breaches or privacy invasions, at which point it is too late. Privacy by design aims to correct this through instilling conscious and proactive privacy management, with the impact on the data subject remaining the center of attention.
The privacy-by-design concept is not new. It was developed in the 1990s by Ann Cavoukian, one of the first privacy experts to investigate and expand on the role of privacy within organizational systems. In 2009, Ann published a framework for achieving the objectives of privacy by design: to ‘ensure privacy and gaining personal control over one’s information and, for organisations, gaining a sustainable competitive advantage.’
It may surprise you that we’re still discussing these principles long after they were created. However, these principles have increased in relevance due to the growth in personal data collection, the rising value of this data, and the increasing awareness of the potential harms from privacy malpractices.
As a result, there has been a significant expansion in privacy legislation, which often places privacy-by-design principles at the heart of the regulations. The International Organization for Standardization also established a new set of ISO standards (ISO 31700) for Privacy by Design in 2023, further demonstrating the continued importance of Privacy by Design.
The Role of Privacy by Design in Legislation
Privacy by design principles are highly influential in shaping modern privacy legislation. For example, they form an essential component of the European Union’s General Data Protection Regulation (GDPR), which established the world’s strongest set of data privacy and security laws when it came into effect in 2018.
‘… the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.` — Article 25 (Recital 78) of the GDPR
GDPR also has a broad impact on the rest of the world due to the extra-territorial application of the regulations: any organization that handles the information of data subjects in the EU must comply with the rules, irrespective of their location.
GDPR has influenced many countries, which have subsequently adopted their own modern privacy laws, such as Brazil’s Lei Geral de Protecao de Dados (LGPD), the UK’s GDPR, and America’s proposed ADPPA legislation. Within Australia, privacy by design is considered a best practice and recommended by the OAIC.
How Can Engineers Address the Seven Principles of Privacy by Design?
There are seven foundational principles of privacy by design.
- Proactive, not Reactive; Preventative, not Remedial
- Privacy as the Default Setting
- Privacy Embedded into Design
- Full Functionality — Positive-Sum, not Zero-Sum
- End-to-End Security — Full Lifecycle Protection
- Visibility and Transparency — Keep it Open
- Respect for User Privacy — Keep it User-Centric
For each of these principles, developers can use various tactics and technologies to incorporate privacy by design within their organization.
1. Proactive, Not Reactive, Preventative, Not Remedial
Take a proactive approach, anticipating risks and preventing privacy-invasive events before they occur.
Actions for an engineering team include:
- Define and assign clear privacy responsibilities so every individual is aware and accountable for their actions.
- Develop a strong culture of commitment to privacy across the entire organization, from the top down, and ensure privacy is not a second-order priority.
- Incorporate privacy needs (e.g., principles, regulations) into documentation and templates (such as product requirement documents (PRDs) and user stories).
- Introduce systematic reviews of data collection and handling processes in conjunction with risk and compliance teams (if applicable).
- Monitor changes in privacy legislation within the jurisdictions within which your organization collects data.
2. Privacy as a Default Setting
Automatically protect personal information in IT systems and business practices as the default.
Actions an engineering team can take:
- Purpose specificity: ensure a legitimate purpose for data collection is clearly defined and agreed upon in advance.
- Data minimization: limit the collection of personal data to only information directly relevant and necessary to accomplish the specified purpose.
- Use limitation: prevent data from being used for purposes beyond those specified in advance, consented to by the data subject, and in accordance with laws and regulations.
- Implement strict data retention limits to ensure data is only stored until the specified purpose is fulfilled and operational mechanisms to enforce and document compliance.
- Restrict access to personal data to the minimal number of people who ‘need to know’ to process it. Approaches may include anonymization controls for admins and maintaining separate developer and admin access to production environments.
- Adopt early redaction through anonymization or pseudonymization, such as k-anonymity, as early as feasible.
3. Privacy Embedded Into Design
Embed privacy into the design of any systems, services, products, and business practices. You should ensure that privacy becomes one of the core functions of any system or service.
Actions to consider include:
- Adopt systematic and repeatable practices, such as:
- Privacy impact assessments.
- Document privacy risks and decisions as standard.
- Regularly check network elements, audit trails, and logs for metadata collection on users, which may pose a privacy risk.
- Monitor data sinks for involuntary data collection (such as chatbot responses), implement deterrents, and refine input controls to minimize sensitive data collection.
- Shift privacy left within the SDLC: just as security shifted left within the software development life cycle, so should privacy.
4. Full Functionality: Positive-Sum, Not Zero-Sum
Incorporate all legitimate interests and objectives in a ‘win-win’ manner, not through a ‘zero-sum’ (either/or) approach. This will avoid unnecessary trade-offs, such as privacy versus security, demonstrating that it is possible to have both.
The fourth principle can be implemented with the following actions:
- Embed privacy into the design to the maximum extent possible. Adding privacy should be considered an addition or feature enhancement for the technology.
- Assume different interests and objectives may legitimately coexist. Establish effective channels of communication for collaboration to align interests.
- Do not discriminate the provision of feature functionality or service level based on whether users consent to share their data (unless entirely necessary).
5. End-To-End Security — Full Lifecycle Protection
Put in place strong security measures throughout the ‘lifecycle’ of the information involved. Process personal information securely and then destroy it securely when you no longer need it.
To achieve ‘end-to-end security,’ engineers can consider the following actions:
- Implement end-to-end encryption to ensure that personal data is stored as cipher text instead of plain text throughout the entire lifecycle.
- Utilize privacy-enhancing computational technology (PECTs), such as differential privacy, federated learning, fully-homomorphic encryption, multi-party computation, and secure enclaves to preserve privacy while data is in use.
- Implement data destruction at the end of its lifecycle, utilizing automated and documented processes to guarantee the outcome.
- Conduct due diligence before implementing third-party technologies or components to ensure they do not introduce vulnerabilities or privacy violations within your product. Any deprecated modules should be removed.
6. Visibility and Transparency — Keep It Open
Ensure that whatever business practice or technology you use operates according to the stated promises and objectives and is independently verifiable. Make people fully aware of the personal information being collected and for what purpose.
Actions for an engineering team include:
- Ensure your privacy policy is easily accessible and up-to-date, and the information provided is transparent, concise, and clear for all audiences. Data subjects should understand the scope, purpose, and approach to data processing and how they can exercise their rights to manage their information.
- Provide detailed security and privacy FAQs with clear sign-posting within product documentation where necessary.
- Develop communication channels to enable accurate and responsive support, including fostering a supportive community (if appropriate).
7. Respect for User Privacy — Keep It User-Centric
Keep the interest of individuals paramount in the design and implementation of any system or service. You can do this by offering strong privacy defaults and user-friendly options and ensuring appropriate notice is given.
To address the seventh and final principle, developers can implement the following:
- Provide complete information to users for fully informed, free, and unambiguous consent.
- Ensure data subjects can freely access their data and revise consent anytime.
- Adopt the mindset that user data belongs to the user. It is not your product to leverage as an incremental revenue or data stream.
- Live in your customers’ shoes and adopt a ‘no surprises’ mentality (‘If I were the customer, would I expect the company to have this data, and am I happy for it to be used for these purposes?’).
Why Is Privacy by Design Important for Software Engineers?
Privacy by design can benefit all stakeholders, including customers, developers, and the broader organization. These include:
- Build trust: The customer should be at the heart of what you build, and customers consistently expect their data to be private and protected. Many consumers are willing to take action, even avoiding their favorite brands, if they do not respect their privacy. Trust can also extend to employees whose data needs careful protection.
- Reduce technical debt: Privacy engineering is critical, yet many products only retrospectively build privacy into the design, which can increase costs and deliver a suboptimal outcome. Identifying privacy needs upfront and shifting privacy left in the software development life cycle (SDLC) reduces privacy debt.
- Meet regulations: Privacy legislation is expanding, with more countries and industries adopting laws to protect citizens’ information. Privacy by design typically underpins regulatory practices (such as GDPR).
- Minimise risk: Organizations that handle personal information (PII) face material reputational and financial harm in the event of a breach or incident. However, consumers are the ultimate victims who face their own potential damages. Strong privacy-by-design practices can minimize the likelihood and scale of an incident.
- Engineer, rather than process, privacy: Privacy by design supports an organization to maximize privacy through adopting technology. Privacy-enhancing technologies (PETs) can minimize the points of exposure, reduce the potential for human error, and maintain encryption throughout the entire lifecycle, thereby increasing privacy standards.
Implementing best privacy practices can be an asset amidst an environment of growing privacy concerns. Organizations can capitalize on the opportunity to build a competitive advantage by building trust, establishing stronger customer relationships, higher quality products, and lower organizational risks, all supported by a solid approach to privacy.
The Challenges and Pitfalls of Implementing Privacy by Design
There are various challenges to implementing the principles of privacy by design, which will vary according to the specific organization’s size, maturity, and culture. Difficulties implementing privacy by design will often be driven by one or more of the following factors:
- Lack of privacy-first culture: Adopting privacy by design best practices requires a shift in culture for many organizations, placing privacy first rather than as an afterthought. The following examples can both inhibit a privacy-first culture:
- A lack of dedicated roles (e.g., DPO, Chief Privacy Officer) with accountability and authority across the organization.
- Prioritising short-term shareholder value creation: Myopic planning and a heavy focus on immediate returns to shareholders will likely undermine a privacy agenda and generate conflicting priorities.
- Lack of collaboration: Implementing privacy is a multi-disciplinary practice that requires buy-in from various stakeholders across different divisions and seniority from the start.
- Poor data hygiene: When organizations suffer from data sprawl and orphaned data, it is complicated to identify privacy risks and implement effective processes.
- Expanding regulatory complexity: Growing regulations and a lack of coordination are creating a complex patchwork of laws whereby companies must comply with local data handling rules for the jurisdiction of each data subject.
- Rapidly evolving technology: The speed of technological developments represents opportunities and threats. An organization should remain up-to-date on the latest technology to aid in processing and preserving data privacy while being aware of emerging threats from potentially malicious actors.
The Adoption of Privacy by Design Within Organizations
Despite the longevity of ideas and widespread acceptance of the benefits, only 30% of respondents in the 2023 ISACA Privacy in Practice survey revealed that they were strong practitioners who ‘always’ practice privacy by design, while a further 30% ‘frequently’ practice privacy by design.
This inconsistent adoption is a loss for everyone:
- Citizens are exposed to higher data privacy risks;
- Organizations face more substantial reputational and financial damages from a breach; and,
- Trust between citizens and organizations is weakened.
Therefore, the adoption of privacy by design principles should be a priority for all developers in today’s world. With growing consumer expectations and escalating regulatory risks, companies can no longer afford to treat privacy as an optional consideration or as an afterthought. Privacy by design provides the foundational principles engineering teams can adopt to address these needs.
Published at DZone with permission of Xander W. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments