CDT1) What is Privacy by Design?

CDT has submitted comments to the Federal Trade Commission for the second in a series of public roundtable discussions the agency is sponsoring exploring the privacy challenges posed by 21st-century technology and business practices that involve the collection and use of consumer data. CDT views these roundtable sessions as a historic opportunity for the FTC to develop and announce a comprehensive privacy protection policy for the next decade.

As new technologies enable the collection of greater amounts of data online, it is essential that companies consider privacy at each stage of product development. “Privacy by Design,” a concept prominently championed by Ontario’s Information and Privacy Commissioner Anne Cavoukian, presents a set of “foundational principles” to guide innovation in a manner that is consistent with Fair Information Practices (FIPs). Privacy by Design offers a roadmap to integrate privacy considerations into business models, product development cycle, and new technologies. We urge the FTC to encourage the integration of Privacy by Design into corporate practices and innovation.

As described by Cavoukian, “Privacy by Design asserts that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation.” Privacy by Design presents a set of “foundational principles” that can help companies innovate in ways that are consistent with FIPs. These seven principles are:

  • Proactive, not Reactive; Preventative, not Remedial
  • Privacy as the Default
  • Privacy Embedded into Design
  • Full Functionality – Positive-Sum, not Zero-Sum
  • End-to-End Lifecycle Protection
  • Visibility and Transparency
  • Respect for User Privacy

Continue reading.