Skip to content

Privacy by Design

Privacy by Design

A Privacy Framework Embedded from the Design Stage

1. Overview of Privacy by Design — A Proactive Privacy Principle That Embeds Data Protection from the Design Stage Onward

    flowchart LR
    A["Compliance after<br/>the fact<br/>(security patches<br/>post-development)"] --"Embed from the<br/>design stage onward"--> B["Apply the 7<br/>Privacy by Design<br/>principles"] --"Technical and<br/>organizational<br/>implementation"--> C["A system built on<br/>privacy trust"]

    style A fill:#FFEBEE,stroke:#D32F2F,color:#000
    style B fill:#E3F2FD,stroke:#1976D2,color:#000
    style C fill:#E8F5E9,stroke:#388E3C,color:#000
  

Definition: A privacy approach proposed by Dr. Ann Cavoukian that embeds privacy protection as the default from the design stage of systems, services, and business processes, realizing a privacy model centered on proactive prevention rather than after-the-fact remediation.

Characteristics: (Legal basis for GDPR) The concept underlying GDPR Article 25, “Data protection by design and by default.” (Compatible values) Treats functionality and privacy not as a trade-off but as compatible values. (Enterprise-wide framework) An enterprise-wide framework integrating technical measures (encryption, anonymization) with organizational measures (policy, training).


2. Core Structure of Privacy by Design

A. The Seven Foundational Principles

    flowchart TD
    subgraph R1[" "]
        direction LR
        P1["1. Proactive not Reactive<br/>Prioritize preventive<br/>measures before a<br/>breach occurs"]
        P2["2. Privacy as the Default<br/>Guarantee maximum<br/>protection without<br/>any extra action"]
        P3["3. Privacy Embedded<br/>into Design<br/>Integrate privacy into<br/>core system functions"]
        P4["4. Full Functionality<br/>Security and privacy<br/>coexist (avoid<br/>zero-sum trade-offs)"]
    end
    subgraph R2[" "]
        direction LR
        P5["5. End-to-End Security<br/>Protect data across its<br/>full lifecycle, from<br/>collection to disposal"]
        P6["6. Visibility and<br/>Transparency<br/>Operate openly,<br/>allow independent<br/>verification"]
        P7["7. Respect for User<br/>Privacy<br/>Design centered on<br/>data-subject rights<br/>and consent"]
    end

    style P1 fill:#E3F2FD,stroke:#1976D2,color:#000
    style P2 fill:#F3E5F5,stroke:#7B1FA2,color:#000
    style P3 fill:#FFF3E0,stroke:#F57C00,color:#000
    style P4 fill:#E8F5E9,stroke:#388E3C,color:#000
    style P5 fill:#FFEBEE,stroke:#D32F2F,color:#000
    style P6 fill:#E0F2F1,stroke:#00796B,color:#000
    style P7 fill:#E8EAF6,stroke:#3949AB,color:#000
    style R1 fill:none,stroke:none
    style R2 fill:none,stroke:none
  
PrincipleCore ContentApplication
1. Proactive not ReactiveIdentify and prevent privacy risk in advanceConduct a DPIA (Data Protection Impact Assessment) at the design stage
2. Privacy as the DefaultMaximum protection even if the user does nothingImplement data minimization and purpose limitation as default settings
3. Privacy Embedded into DesignPrivacy is part of the core architecture, not an add-on featureApply privacy patterns, follow secure coding guidelines
4. Full FunctionalitySecurity and privacy are not treated as a zero-sum relationshipAchieve both security and privacy simultaneously through encryption
5. End-to-End SecurityProtection across the entire data lifecycle, from collection to disposalImplement a data-lifecycle management policy and automated deletion
6. Visibility and TransparencyDisclose how the system operates and allow independent verificationPublish the privacy policy, accept external audits
7. Respect for User PrivacyPlace data-subject rights, choice, and consent at the centerConsent-management platform (CMP), handling access/deletion requests

B. Technical and Organizational Implementation

    flowchart LR
    subgraph TECH["Technical Implementation"]
        direction TB
        T1["Data minimization<br/>Collect only necessary data<br/>Block use beyond purpose"]
        T2["Pseudonymization/<br/>anonymization<br/>Render unidentifiable<br/>Use for stats/analysis"]
        T3["Access control<br/>Principle of least privilege<br/>Role-based access"]
        T4["Encryption<br/>At-rest and in-transit<br/>End-to-end encryption"]
    end

    subgraph ORG["Organizational Implementation"]
        direction TB
        O1["Perform DPIA<br/>Data protection impact<br/>assessment<br/>Pre-review high-risk processing"]
        O2["Appoint a DPO<br/>Data protection officer<br/>Independent oversight role"]
        O3["Employee training<br/>Privacy-awareness<br/>programs"]
        O4["Records of processing<br/>Maintain RoPA<br/>Audit-trail system"]
    end

    TECH --- ORG

    style TECH fill:#E3F2FD,stroke:#1976D2,color:#1E3A5F
    style ORG  fill:#E8F5E9,stroke:#388E3C,color:#1B5E20
  
Implementation AreaCore TechniqueRelated GDPR Article
Data minimizationMinimizing collected fields, auto-deleting unnecessary dataArticle 5(1)(c) — the data-minimization principle
Pseudonymization/anonymizationTokenization, masking, k-anonymity, differential privacyArticle 4(5) — definition of pseudonymization
Consent managementCMP (consent management platform), granular consent, withdrawal capabilityArticle 7 — conditions for consent
DPIAPerforming an impact assessment on high-risk processing activities in advanceArticle 35 — data protection impact assessment
DPO appointmentAppointing and empowering an independent data protection officerArticles 37–39 — DPO obligations

3. Expected Benefits and Application of Privacy by Design

CategoryKey BenefitApplication in Practice
Regulatory complianceProactively satisfying GDPR/privacy-law design obligationsMandating a DPIA checklist when developing new services
Building trustImproved user trust through transparent handling of personal dataPublishing a user-facing dashboard of personal-data processing status
Cost savingsMinimizing upfront design cost relative to after-the-fact breach responseBuilding and reusing a library of privacy patterns
AI/data utilizationEstablishing lawful grounds for data use via anonymization/pseudonymizationAdopting federated learning and differential privacy