Privacy by Design

Privacy by Design is an approach to systems engineering which takes privacy into account throughout the whole engineering process. The concept is an example of value sensitive design, i.e., to take human values into account in a well-defined manner throughout the whole process and may have been derived from this. The concept originates in a joint report on “Privacy-enhancing technologies” by a joint team of the Information and Privacy Commissioner of Ontario, Canada, the Dutch Data Protection Authority and the Netherlands Organisation for Applied Scientific Research in 1995.

Privacy by Design is based on 7 "foundational principles":

The seven foundational principles of Privacy by Design have been translated into over 30 languages. Germany released a statute (§ 3 IV TDDG) already in July 1997. In October 2010, regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a resolution recognizing Privacy by Design as an essential component of fundamental privacy protection.

This was followed by the U.S. Federal Trade Commission’s recognition of Privacy by Design in 2012 as one of its three recommended practices for protecting online privacy in its report entitled, Protecting Consumer Privacy in an Era of Rapid Change – a major validation of its significance.

Data protection by Design has been incorporated into the European Commission plans to unify data protection within the European Union with a single law – the General Data Protection Regulation. However, since the latest proposal does not define or give references for definitions of either data protection by design or privacy by design, it is not clear what is meant by the concepts. There are some initiatives that try to address this issue like the OWASP Top 10 Privacy Risks Project for web applications that gives hints on how to implement privacy by design in practice.

Privacy by Design has been critiqued as "vague" and leaving "many open questions about their application when engineering systems." It has also been pointed out that Privacy by Design is similar to voluntary compliance schemes in industries impacting the environment, and thus lacks the teeth necessary to be effective, and may differ per company. In addition, the evolutionary approach currently taken to the development of the concept will come at the cost of privacy infringements because evolution implies also letting unfit phenotypes (privacy invading products) live until they are proven unfit. Some critics have pointed out that certain business models are built around customer surveillance and data manipulation and therefore voluntary compliance is unlikely.

...
Wikipedia