Privacy by Design
Privacy by Design
A Privacy Framework Embedded from the Design Stage
1. Overview of Privacy by Design — A Proactive Privacy Principle That Embeds Data Protection from the Design Stage Onward
flowchart LR
A["Compliance after<br/>the fact<br/>(security patches<br/>post-development)"] --"Embed from the<br/>design stage onward"--> B["Apply the 7<br/>Privacy by Design<br/>principles"] --"Technical and<br/>organizational<br/>implementation"--> C["A system built on<br/>privacy trust"]
style A fill:#FFEBEE,stroke:#D32F2F,color:#000
style B fill:#E3F2FD,stroke:#1976D2,color:#000
style C fill:#E8F5E9,stroke:#388E3C,color:#000
Definition: A privacy approach proposed by Dr. Ann Cavoukian that embeds privacy protection as the default from the design stage of systems, services, and business processes, realizing a privacy model centered on proactive prevention rather than after-the-fact remediation.
Characteristics: (Legal basis for GDPR) The concept underlying GDPR Article 25, “Data protection by design and by default.” (Compatible values) Treats functionality and privacy not as a trade-off but as compatible values. (Enterprise-wide framework) An enterprise-wide framework integrating technical measures (encryption, anonymization) with organizational measures (policy, training).
2. Core Structure of Privacy by Design
A. The Seven Foundational Principles
flowchart TD
subgraph R1[" "]
direction LR
P1["1. Proactive not Reactive<br/>Prioritize preventive<br/>measures before a<br/>breach occurs"]
P2["2. Privacy as the Default<br/>Guarantee maximum<br/>protection without<br/>any extra action"]
P3["3. Privacy Embedded<br/>into Design<br/>Integrate privacy into<br/>core system functions"]
P4["4. Full Functionality<br/>Security and privacy<br/>coexist (avoid<br/>zero-sum trade-offs)"]
end
subgraph R2[" "]
direction LR
P5["5. End-to-End Security<br/>Protect data across its<br/>full lifecycle, from<br/>collection to disposal"]
P6["6. Visibility and<br/>Transparency<br/>Operate openly,<br/>allow independent<br/>verification"]
P7["7. Respect for User<br/>Privacy<br/>Design centered on<br/>data-subject rights<br/>and consent"]
end
style P1 fill:#E3F2FD,stroke:#1976D2,color:#000
style P2 fill:#F3E5F5,stroke:#7B1FA2,color:#000
style P3 fill:#FFF3E0,stroke:#F57C00,color:#000
style P4 fill:#E8F5E9,stroke:#388E3C,color:#000
style P5 fill:#FFEBEE,stroke:#D32F2F,color:#000
style P6 fill:#E0F2F1,stroke:#00796B,color:#000
style P7 fill:#E8EAF6,stroke:#3949AB,color:#000
style R1 fill:none,stroke:none
style R2 fill:none,stroke:none
| Principle | Core Content | Application |
|---|---|---|
| 1. Proactive not Reactive | Identify and prevent privacy risk in advance | Conduct a DPIA (Data Protection Impact Assessment) at the design stage |
| 2. Privacy as the Default | Maximum protection even if the user does nothing | Implement data minimization and purpose limitation as default settings |
| 3. Privacy Embedded into Design | Privacy is part of the core architecture, not an add-on feature | Apply privacy patterns, follow secure coding guidelines |
| 4. Full Functionality | Security and privacy are not treated as a zero-sum relationship | Achieve both security and privacy simultaneously through encryption |
| 5. End-to-End Security | Protection across the entire data lifecycle, from collection to disposal | Implement a data-lifecycle management policy and automated deletion |
| 6. Visibility and Transparency | Disclose how the system operates and allow independent verification | Publish the privacy policy, accept external audits |
| 7. Respect for User Privacy | Place data-subject rights, choice, and consent at the center | Consent-management platform (CMP), handling access/deletion requests |
B. Technical and Organizational Implementation
flowchart LR
subgraph TECH["Technical Implementation"]
direction TB
T1["Data minimization<br/>Collect only necessary data<br/>Block use beyond purpose"]
T2["Pseudonymization/<br/>anonymization<br/>Render unidentifiable<br/>Use for stats/analysis"]
T3["Access control<br/>Principle of least privilege<br/>Role-based access"]
T4["Encryption<br/>At-rest and in-transit<br/>End-to-end encryption"]
end
subgraph ORG["Organizational Implementation"]
direction TB
O1["Perform DPIA<br/>Data protection impact<br/>assessment<br/>Pre-review high-risk processing"]
O2["Appoint a DPO<br/>Data protection officer<br/>Independent oversight role"]
O3["Employee training<br/>Privacy-awareness<br/>programs"]
O4["Records of processing<br/>Maintain RoPA<br/>Audit-trail system"]
end
TECH --- ORG
style TECH fill:#E3F2FD,stroke:#1976D2,color:#1E3A5F
style ORG fill:#E8F5E9,stroke:#388E3C,color:#1B5E20
| Implementation Area | Core Technique | Related GDPR Article |
|---|---|---|
| Data minimization | Minimizing collected fields, auto-deleting unnecessary data | Article 5(1)(c) — the data-minimization principle |
| Pseudonymization/anonymization | Tokenization, masking, k-anonymity, differential privacy | Article 4(5) — definition of pseudonymization |
| Consent management | CMP (consent management platform), granular consent, withdrawal capability | Article 7 — conditions for consent |
| DPIA | Performing an impact assessment on high-risk processing activities in advance | Article 35 — data protection impact assessment |
| DPO appointment | Appointing and empowering an independent data protection officer | Articles 37–39 — DPO obligations |
3. Expected Benefits and Application of Privacy by Design
| Category | Key Benefit | Application in Practice |
|---|---|---|
| Regulatory compliance | Proactively satisfying GDPR/privacy-law design obligations | Mandating a DPIA checklist when developing new services |
| Building trust | Improved user trust through transparent handling of personal data | Publishing a user-facing dashboard of personal-data processing status |
| Cost savings | Minimizing upfront design cost relative to after-the-fact breach response | Building and reusing a library of privacy patterns |
| AI/data utilization | Establishing lawful grounds for data use via anonymization/pseudonymization | Adopting federated learning and differential privacy |