-
Privacy should be a cornerstone of any system or business process. It's important to design practices with the assumption that individuals will want to safeguard the privacy of their information. This is what we refer to as "privacy by default".
-
Data protection should not be an afterthought or an add-on to an existing application. Instead, it should be a fundamental component of the core architecture and functionality.
-
Privacy By Design rests on 7 core principles:
-
Be proactive, not reactive, and preventive, not remedial. This means foreseeing and preventing privacy invasive events before they happen.
-
Privacy should be the default setting. Personal data must be automatically protected in any system or business practice.
-
Privacy must be embedded into design. It is an integral part of the system, not an add-on.
-
Aim for full functionality, or a "positive-sum" approach, instead of trade-offs or "zero-sum" scenarios.
-
Ensure end-to-end security, offering full lifecycle protection of data.
-
Prioritise visibility and transparency. Users should be informed about how their data is being used and protected.
-
Always respect user privacy by keeping everything user-centric.
-
Product & Engineering