Currently set to Index
Currently set to Follow
Skip main navigation

Privacy by Design

An article about the Privacy-by-Design notion and its essence.
Ann Cavoukian
© University of Groningen
Starting from scratch, just like various technical solutions including social networking servers are built up, we need to comprehend how the rights to privacy and data protection can be implemented in practice. In order to have a good understanding of the GDPR and the obligations those who handle personal data have, it is essential to consider Privacy by Design and explain what it means at an early stage. In Week 3, we will touch upon the notion of data protection by design and by default that is related to the Privacy by Design concept and entails important duties that should be taken into account by those who are involved in the processing of personal data.
Privacy by Design is a significant notion contributing to the implementation of the rights to privacy and data protection. This is especially relevant in the age when numerous systems are designed to process personal data and are deployed on a large scale. It has been introduced by the Canadian Information and Privacy Commissioner Ann Cavoukian and seeks to promote the idea that these rights can and should be protected not merely by regulatory measures but by implementing certain principles by design and by default by organisations in the systems that process personal data. In this regard, 7 principles of Privacy by Design are of importance:
  1. The Privacy by Design approach must adopt a proactive rather than reactive stance and aim at preventing privacy risks and not at addressing them after they occur;
  2. Privacy is to be used as a default setting;
  3. Privacy must be embedded into design;
  4. Privacy by Design ensures full functionality and seeks to achieve both privacy and security;
  5. Security must be made an integral part of the systems throughout their whole lifecycle;
  6. It seeks to achieve visibility and transparency;
  7. Systems are to be kept user-centric and users interests and needs must be taken into account.
In Article 25 of the GDPR, a reference is made to the data protection by design and by default that constitutes a more specific notion given the nature of this legislative act and focuses on the obligations of controllers that will be discussed in the coming weeks.
© University of Groningen
This article is from the free online

Understanding the GDPR

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education