The IT Law Wiki


Privacy by design (PbD) (also privacy-by-design)


Privacy by Design and the 7 Foundational Principles represents the next wave of privacy. They incorporate universal principles of fair information practices, but go well beyond them, to seek the highest global standard possible, representing a significant raising of the bar. . . .

Privacy by Design is a concept developed by Commissioner Ann Cavoukian back in the '90s to address the ever-growing and systemic effects of information and communication technologies, and of large-scale networked data systems. Privacy by Design advances the view that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization's default mode of operation.

Privacy by Design extends to a trilogy of encompassing applications: 1) IT systems; 2) accountable business practices; and 3) physical design and networked infrastructure. Principles of Privacy by Design may be applied to all types of personal information, but should be applied with special vigor to sensitive data. The strength of the privacy measures taken tends to be commensurate with the sensitivity of the data.[4]

Such protections include providing reasonable security for consumer data, collecting only the data needed for a specific business purpose, retaining data only as long as necessary to fulfill that purpose, safely disposing of data no longer being used, and implementing reasonable procedures to promote data accuracy.

Companies also should implement and enforce procedurally sound privacy practices throughout their organizations, including, for instance, assigning personnel to oversee privacy issues, training employees on privacy issues, and conducting privacy reviews when developing new products and services.

PbD has become a worldwide standard, and was recognized as 'an essential component of fundamental privacy protection' through an International Resolution unanimously passed at the International Data Protection and Privacy Commissioners' Conference in October 2010. PbD shows organizations that, by considering privacy from the outset, they can achieve a positive-sum scenario — meeting both privacy and functionality requirements.[5]

The 7 Foundational Principles of Privacy by Design[]

1. Proactive not Reactive; Preventative not Remedial. The Privacy by Design (PbD) approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.

2. Privacy as the Default Setting. We can all be certain of one thing — the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy — it is built into the system, by default.

3. Privacy Embedded into Design. Privacy by Design is embedded into the design and architecture of IT systems and business practices. It is not bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is integral to the system, without diminishing functionality.

4. Full Functionality — Positive-Sum, not Zero-Sum. Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible to have both.

5. End-to-End Security — Full Lifecycle Protection. Privacy by Design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved — strong security measures are essential to privacy, from start to finish. This ensures that all data are securely retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, Privacy by Design ensures cradle to grave, secure lifecycle management of information, end-to-end.

6. Visibility and Transparency — Keep it Open. Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. Its component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify.

7. Respect for User Privacy — Keep it User-Centric. Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Keep it user-centric.[6]


  1. Privacy By Design is an approach that Ann Cavoukian, Ph.D., Information and Privacy Commissioner of Ontario, has advocated. See Privacy by Design, Information & Privacy Commissioner of Ontario (full-text).
  2. Building Privacy Into Mobile Location Analytics (MLA) Through Privacy by Design, at 6.
  3. NSTAC Report to the President on the Internet of Things, at 15.
  4. Building Privacy into Ontario's Smart Meter Data Management System: A Control Framework, at 12.
  5. Smart Meters in Europe: Privacy by Design at its Best, at 2.
  6. Id. at 26-27.


See also[]

External resources[]

  • Operationalizing Privacy by Design: The Ontario Smart Grid Case Study (full-text).
  • Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart Grid (full-text).
  • Ann Cavoukian, Privacy by Design: The 7 Foundational Principles (2011) (full-text).
  • SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation (full-text).
  • The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices (full-text).