ELI5: What is Privacy by Design?
It’s like building a treehouse with a door that locks from the start, instead of adding a lock after someone already peeked inside. Privacy by design means thinking about protecting people’s personal information from the very beginning of a project.
Definition
Privacy by Design (PbD) is a framework and philosophy developed by Ann Cavoukian that calls for privacy to be embedded into systems and processes from the earliest design stages, rather than added as an afterthought or as a compliance checkbox. It operates on 7 foundational principles: proactive not reactive, privacy as the default, privacy embedded into design, full functionality (no trade-offs), end-to-end security, visibility and transparency, and respect for user privacy. GDPR formally incorporates Privacy by Design requirements (Article 25).
Key Details
- Privacy as the default: systems should be configured to maximize privacy protection automatically, without requiring user action
- Data minimization: collect only the data necessary for the specific purpose — a core PbD principle aligned with GDPR
- PbD requires Data Protection Impact Assessments (DPIAs/PIAs) for high-risk processing activities before development begins
- Applies to software development, business processes, physical infrastructure, and network architecture
- Exam tip: GDPR Article 25 requires Data Protection by Design and by Default; PbD is the legal standard for GDPR compliance in system development
Connections
- Parent: privacy — privacy by design is a proactive privacy protection philosophy
- See also: privacy-impact-assessment-pia
- See also: gdpr