Privacy expert Ann Cavoukian recently published an article discussing the importance of privacy in the world of artificial intelligence (AI). The paper's key points indicate that privacy principles are essential to addressing AI-related risks, and international standards such as ISO 31700-1 help drive innovation with privacy values in mind.
Today we will remind you what privacy by design and by default means, how this term appeared, and why it is important now.
One of the articles of the GDPR, namely Article 25, imposes the following requirement on online businesses: to create systems with built-in protection of users' personal data and "privacy by default" systems - Privacy by Design and by Default
The history of the very term "privacy by design and privacy by default" goes back to the 90s, when the world was just beginning to think about the fact that the protection of personal data would one day become the basis of all online activity.
In 2009, Ann Cavoukian, Ontario's Special Information and Privacy Commissioner, published a document titled Privacy by Design: 7 Essential Principles. This document emphasizes that online businesses must pay attention to privacy issues throughout the lifecycle of users' personal data. Moreover, the beginning of this process lies in the design phase. Such protection provides the user with reliable storage and timely destruction of his personal data. Privacy by design ensures continuous and secure management of the data lifecycle and must operate without harming the business.
The principles outlined in this document live on today. And, they not only live, but are also a kind of philosophy of personal data protection in the network:
Here they are:
1. Apply preventive measures, and not just eliminate the consequences
2. Be guided by the Privacy by default principle
3. Adhere to Privacy by Design (Built-in Privacy)
4. Provide functionality with mutual benefit - for the business and for the user
5. To protect personal information during the entire cycle of its collection, storage, processing and destruction
6. Availability and transparency
7. Respect for privacy. The system must be user-oriented
The principles of privacy by design and privacy by default, developed by Cavoukian, are today a standard in the field of personal data protection.
The personal data protection system should be built into all processes at an early stage of development. At the same time, this system must be continuously supported at all stages of design and operation.
Privacy by design is a business commitment to protect personal data. It is an obligation to anticipate privacy risks
Privacy by default assumes (by default) that the user, when interacting with the business, should not take any steps to protect his privacy. Privacy should be by default.
Privacy by default means that the principle of built-in privacy Privacy by design should be included by default in any system or business, so that personal data is automatically protected without any action on the part of the user.
The right to inviolability of private life should be protected "automatically" as a setting by default.
The most important elements of the privacy by design and by default approach are transparency, legality, integrity, purpose limitation, accuracy, storage limitation, integrity and privacy.
In fact, the philosophy of privacy by design and by default goes far beyond information technology and jurisprudence. It can be said that this should become a vital principle of any product development: data protection, "built-in" at the beginning of the project and carefully "protected" throughout its life Guided by this principle, many European startups win by this criterion.
Privacy by design and privacy by default are principles that increase the investment attractiveness of the project, can be an element of the company's "unique selling proposition" and be a winning criterion for "rebuilding" from competitors.
Today, developers are no longer faced with the question "what is better" - to ensure the protection of personal data of users in a finished product or service, or to first build privacy into the system. Privacy by design and privacy by default become a professional, but also a vital principle of the developer.
Returning to the legal aspect of the Privacy by design and privacy by default approach, it should be said that Article 25 of the GDPR sets special requirements for ensuring built-in protection of personal data and privacy by default. Today, to comply with the requirements of Article 25 of the GDPR, as well as to avoid large fines, every online business must analyze how, where, and when the personal data of users is processed, and also ensure that one of the main human rights - the right to privacy life - was taken into account at every stage of processing, starting from the initial design phase.
If you have questions about GDPR compliance, contact Avitar Lawyers.
Subscribe to our channels on social networks:
Contact us:
business@avitar.legal
Violetta Loseva
,
Serhii Floreskul
,
