universal privacy Commons: 3/5

Privacy by Default

Also known as:

1. Overview

Privacy by Default is a fundamental principle of data protection that mandates systems, services, and products to be configured with the highest possible level of privacy protection as the standard, out-of-the-box setting. The core idea is that users should not have to take any action to protect their privacy; it should be the default state. This pattern directly addresses the problem of user data being unnecessarily exposed or exploited due to complex or obscure privacy settings. By making privacy the default, the burden of protection shifts from the individual to the organization designing the technology, ensuring that personal data is automatically safeguarded.

The concept of Privacy by Default is intrinsically linked to the broader framework of Privacy by Design, which was developed by Dr. Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, Canada, in the 1990s. Privacy by Design consists of seven foundational principles, with Privacy by Default being one of the most critical. The principle gained significant legal and international recognition with the advent of the General Data Protection Regulation (GDPR) in the European Union, which explicitly requires data protection by design and by default under Article 25. This has solidified its importance as a global standard for responsible data handling.

For organizations and commons, adopting Privacy by Default is not merely a matter of legal compliance; it is a crucial element in building and maintaining trust with users and stakeholders. In an era of increasing data breaches and growing public concern over data surveillance, demonstrating a commitment to privacy can be a significant competitive differentiator. It fosters a culture of respect for user autonomy and data rights, which in turn can lead to greater user engagement, loyalty, and a more resilient and sustainable commons. By prioritizing privacy from the outset, organizations can mitigate the risks of privacy harms, reduce the likelihood of costly regulatory fines, and create a more ethical and trustworthy digital environment for everyone.

2. Core Principles

  1. Proactive, not Reactive; Preventative, not Remedial: This principle emphasizes anticipating and preventing privacy-invasive events before they happen. Rather than addressing privacy breaches after they have occurred, the goal is to build systems that are inherently privacy-protective from the start.

  2. Privacy as the Default Setting: Personal data should be automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system by default.

  3. Privacy Embedded into Design: Privacy should be an essential component of the core functionality being delivered. It should not be an add-on or an afterthought, but an integral part of the system’s architecture and design from the very beginning.

  4. Full Functionality — Positive-Sum, not Zero-Sum: This principle seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner. It avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible to have both without compromising functionality.

  5. End-to-End Security — Full Lifecycle Protection: Having been embedded into the system prior to the first element of information being collected, privacy is extended throughout the entire lifecycle of the data involved, from start to finish. This means that from the point of collection, through to the secure destruction of the data, the privacy of the data is maintained.

  6. Visibility and Transparency — Keep it Open: The component parts and operations should remain visible and transparent to users and providers alike. It is about being open and accountable, ensuring that individuals understand how their data is being used and that there are no hidden processes.

3. Key Practices

  1. Data Minimization: Collect only the personal data that is strictly necessary for the specific purpose for which it is being processed. Avoid collecting data on a “just in case” basis.

  2. Purpose Limitation: Be clear and specific about the purposes for which you are collecting personal data, and do not use it for other, incompatible purposes without further consent.

  3. Default to Non-Tracking: All tracking and monitoring functionalities should be turned off by default. Users should have to actively opt-in to tracking, rather than having to opt-out.

  4. Use of Privacy-Enhancing Technologies (PETs): Implement technologies such as anonymization, pseudonymization, and encryption to protect personal data and reduce the risk of re-identification.

  5. Provide Clear and Concise Privacy Notices: Inform users in a clear and easily understandable way about what data is being collected, why it is being collected, and how it will be used. This should be provided at the time of data collection.

  6. Granular Privacy Controls: Offer users granular control over their privacy settings, allowing them to choose what data they share and with whom. These controls should be easy to find and use.

  7. Regular Privacy Audits: Conduct regular audits and assessments of your systems and practices to ensure that they remain compliant with Privacy by Default principles and that privacy protections are effective.

4. Implementation

Implementing Privacy by Default requires a systematic and proactive approach that integrates privacy considerations into the entire development lifecycle. The first step is to conduct a comprehensive Data Protection Impact Assessment (DPIA) to identify and mitigate privacy risks associated with a project or system. This assessment should inform the design and development process, ensuring that privacy is a core consideration from the outset. Based on the DPIA, organizations should define and implement default privacy settings that are the most restrictive and privacy-protective. These settings should be applied automatically without requiring any user intervention.

Key considerations during implementation include ensuring that privacy controls are user-friendly and easily accessible. The user interface should be designed to empower users to make informed decisions about their data, with clear explanations of what each setting does. It is also crucial to train employees on privacy best practices and the importance of Privacy by Default, fostering a culture of privacy within the organization. Common tools and frameworks that can aid in implementation include the NIST Privacy Framework, which provides guidance on managing privacy risk, and various privacy-enhancing technologies (PETs) that can be integrated into systems to protect data.

Success in implementing Privacy by Default can be measured through a combination of technical and user-centric metrics. Technical metrics include the number of privacy vulnerabilities identified and remediated, the percentage of data that is encrypted or anonymized, and the results of regular privacy audits. User-centric metrics can be gathered through user surveys and feedback channels to assess user trust and satisfaction with privacy controls. Ultimately, the goal is to create a system where privacy is so seamlessly integrated that users can trust that their data is protected without having to navigate complex settings or read lengthy privacy policies.

5. 7 Pillars Assessment

Pillar Score (1-5) Rationale
Purpose 5 The purpose of Privacy by Default is exceptionally clear and aligned with ethical data handling: to protect individual privacy proactively. It directly serves the goal of creating a trustworthy and rights-respecting digital environment.
Governance 4 Effective governance is crucial for implementing Privacy by Default, requiring clear policies, roles, and responsibilities. While the principle provides a strong framework, its success depends on the organization’s commitment to enforcement.
Culture 4 A culture of privacy is essential for this pattern to succeed. It requires a shift in mindset from viewing privacy as a compliance burden to seeing it as a core value and a source of competitive advantage.
Incentives 3 The incentives for adopting Privacy by Default are primarily driven by regulatory compliance and the desire to build user trust. However, these incentives can sometimes conflict with business models that rely on data monetization.
Knowledge 4 Implementing Privacy by Default requires specialized knowledge of data protection laws, privacy engineering, and user experience design. Organizations need to invest in training and expertise to apply the principle effectively.
Technology 5 Technology is at the heart of Privacy by Default, with a wide range of privacy-enhancing technologies (PETs) available to support its implementation. These tools are essential for building privacy into the design of systems.
Resilience 4 By proactively addressing privacy risks, this pattern enhances the resilience of a system to data breaches and privacy failures. It reduces the attack surface and minimizes the potential harm to individuals in the event of a breach.
Overall 4.1 Privacy by Default is a powerful and essential pattern for building trustworthy systems, though its effectiveness is dependent on strong governance and a supportive organizational culture.

6. When to Use

  • Social media platforms: To protect user data from being over-shared by default and to give users more control over their digital footprint.
  • E-commerce websites: To build trust with customers by ensuring that their personal and financial information is protected by default.
  • Healthcare applications: To safeguard sensitive health information and comply with strict data protection regulations like HIPAA.
  • Internet of Things (IoT) devices: To prevent the unauthorized collection and use of data from smart home devices and wearables.
  • Any service that collects personal data from children: To provide the highest level of protection for a particularly vulnerable group of users.
  • New product or service development: To embed privacy into the core design of a product from the very beginning, rather than trying to add it on later.

7. Anti-Patterns & Gotchas

  • Obscure privacy settings: Making privacy controls difficult to find or understand, thereby discouraging users from customizing their settings.
  • Using dark patterns: Employing deceptive user interface designs that trick users into sharing more data than they intend to.
  • Over-collection of data: Collecting more personal data than is strictly necessary for the stated purpose, even if it is protected by default settings.
  • Lack of transparency: Failing to be open and honest with users about what data is being collected and how it is being used, even if the default settings are privacy-protective.
  • Treating privacy as a one-time fix: Implementing Privacy by Default as a one-off project rather than an ongoing process of monitoring, auditing, and improvement.
  • Ignoring user feedback: Failing to listen to and act on user feedback regarding privacy concerns and preferences.

8. References

  1. Data Privacy Manager: 7 principles of Privacy by Design and Default
  2. GDPR-info.eu: Privacy by Design
  3. ICO: Data protection by design and by default
  4. Akitra: How to Implement Privacy by Default
  5. Wikipedia: Privacy by design