The scandal that touched Facebook in March 2018 and the arrival of GDPR in Europe have served a purpose, i.e. to increase public awareness of the need to protect their data. What they needed was privacy by design.
The Need to Empower Users
We live in an environment where the technology is changing rapidly, adapting to these innovations is not an easy task. More and more people have started using a smartphone, and very few know what is happening. The same goes for personal data. The problem before the arrival of the GDPR is that the awareness and interest on these issues were almost zero for users. The technology used on these products is not accessible and understandable by all, and the consequences were not concrete.
The 7 Laws of Privacy by Design
Privacy by design is defined by 7 laws called “laws of identity”:
- Be proactive and don’t wait until your data leak.
- The protection of personal data must be a default setting. Any information/data must be protected, whatever it may be.
- The protection must be included in the design; it is not just another plug-in in the system that adds privacy.
- It must be “fully-functional”. By disabling permissions, the user must not be penalised.
- It has to be end-to-end security, so it’s encrypted end-to-end and users know what’s going on.
- They need to be able to access this information and be it open, documented, available, with points of contact.
- Keeping the user at the center of his initiatives, the user is our client and not our advertising agency.
Privacy by Design in Design, Implementation and Execution
Now, how does this translate into practice? From the designing stage, it is necessary to begin to integrate the privacy in the service and to list the points to control. Each time a new feature is added, it must be ensured that this feature and the elements fulfil the requirements of the checklist.
In execution, the care must be taken to collect the only data that is needed. We must also ensure:
- Minimising data exchanged with third-party services.
- Pseudonymizing the data.
- Checking the forms. At each data entry, data is created. If you add a new field, go back through the checklist step and ask your user for consent.
- Deleting the collected data regularly. The data has a lifetime, once it is no longer used, remove it from the database.
- Providing users with simple adjustments and clear instructions.
Recommended For You:
Has GDPR’s Wide Acceptance Led to Change in Data Strategy?
7 Cybersecurity Trends to Watch Out for in 2019