Privacy by Design and by Default

150 150 webmaster

What is Privacy by Design?

Privacy by design means applying the necessary data protection guarantees from the initial planning phase for any technological development, such as an application or program, an app, an e-commerce development, the internet of things (IoT), etc. provided that personal data is going to be processed by the new development.

This obligation is a precaution that will also protect Management, since it is easier to plan from the beginning based on an adequate legal framework. The alternative may be having to redesign the product or service from scratch for not complying, with the consequent extra cost.

This privacy by design can also help us when choosing standard software on the market since currently many of them do not comply with the legal requirements regarding data protection.

Privacy by design is a proactive measure (prevents, not remedies) and seeks protection throughout the entire life cycle of the product or service. 

What is Privacy by Default? 

Privacy by default consists of offering the maximum guarantees of privacy in those apps, programs or applications or services that are going to process personal data. That is, if there are several privacy settings, those that offer greater guarantees of privacy to the interested party should be marked by default.

The default privacy implies:

  • The minimization of data, that is, the minimum possible data will be collected so that the product or service can fulfil its purpose.
  • Access control: Only the personnel who really need to access the data for the development of their work will have access to said data.
  • The data will not be transferred to third parties if this transfer is not necessary, not mandatory or not explicitly informed and consented to by the third party. For this, pseudo-anonymization techniques can be applied.
  • The data retention periods must be informed and will be limited.
  • Transparency. The data owners will be given clear, concise and understandable information about the processing of their personal data.

An example of Non-Privacy by Default:A practical example of how not to do it can be found in some game apps where, for example, the game requests access to phone contacts, camera images, SMS and phone calls … all of them not necessary to play the game.