Cavoukian's Privacy by Design (PbD) | Cost of User Privacy and Security, Part 2

In this series of articles, we are discussing economic models that deal with privacy and security.?

In the last article, we covered some overviews. In this article, we are covering Privacy by Design, or PbD developed by Dr. Ann Cavoukian.

Is user privacy a tradeoff? Or an option?

When it comes to the design of information technology systems, this is the generally accepted notion.?

Privacy measures are often not considered default components of system design that enhance the quality of the system. Rather, privacy is something that is considered to be “dealt with” to follow the regulations.

The problem with such a way of thinking is that user privacy becomes the last thing to be considered while designing a system. So, the system is designed as it is, and then privacy measures are retrofitted to meet the regulatory requirements.

?

This is probably the biggest reason why most technology systems are insufficiently equipped to deal with user privacy threats as experienced by increasing privacy breaches.?

Privacy by Design or PbD as introduced by Dr. Ann Cavoukian, offers a departure from such an approach. The fundamental idea of PbD is “Privacy by Default”. This approach considers privacy as an integral and indispensable part of system design and not an option or tradeoff.

Interestingly, PbD is more than thirty years old and was nearly forgotten before some major privacy regulations such as GDPR etc, started incorporating PbD in the regulations.?

Okay, let us cover the basic principles of PbD now.??

Principles of PbD

1. Proactive, not Reactive: PbD focuses on preventing privacy breaches before they occur rather than reacting to them afterward. It entails a commitment to high privacy standards, continuous improvement, and innovative approaches to identify and rectify privacy issues preemptively.

1. Privacy as the Default: PbD ensures that personal data are automatically protected in any IT system or business practice. Individuals don't need to take action to safeguard their privacy; it's built into the system from the start, with clear communication about purposes, limited data collection, and strict minimization of identifiable information.

1. Privacy Embedded into Design: PbD integrates privacy into the design and architecture of systems, rather than adding it as an afterthought. This ensures that privacy is an integral component of the system without compromising functionality, requiring systemic, principled approaches, privacy impact assessments, and risk mitigation strategies.

1. Full Functionality – Positive-Sum, not Zero-Sum: PbD aims to accommodate all legitimate interests and objectives in a positive-sum manner, avoiding unnecessary trade-offs between privacy and other goals. It rejects false choices such as privacy vs. security and enables full functionality while satisfying multiple objectives, emphasizing creativity and innovation in finding integrative solutions.

1. End-to-End Security – Lifecycle Protection: PbD extends securely throughout the entire lifecycle of data, ensuring strong security measures from collection to destruction. It requires continuous protection and accountability, with adherence to security standards, encryption, access control, and logging methods.

1. Visibility and Transparency: PbD ensures that all stakeholders can verify that systems operate according to stated promises and objectives, with visible and transparent operations. It emphasizes accountability, openness, compliance, and user-friendly options, empowering individuals to manage their data effectively and fostering trust through transparency.

1. Respect for User Privacy: PbD prioritizes the interests of individuals by offering strong privacy defaults, appropriate notice, and user-friendly options. It emphasizes informed consent, data accuracy, access rights, and complaint mechanisms, while also promoting human-centered interfaces and operations that prioritize user needs and privacy considerations.

Please read this for a detailed discussion of the principles.

Economic Modeling for Privacy using PbD

Now, we can build an economic model for privacy using PbD by comparing two scenarios - with and without PbD.?

For each scenario, we have some expected costs and some expected benefits.

With PbD

Let us start with the scenario in which the organization chooses to implement PbD.

?

Costs:

No doubt implementing PBD involves costs. Keep in mind that implementation of PbD may involve organization-level initiatives and specific function-level initiatives may not suffice. The costs may be explicit such as changes in technology stack and training or may be quite implicit such as productivity losses, can be short-term costs such as consultant fees, or long-term costs such as change management costs, etc.?

Anyways, estimating these costs may require guidance from experts.

Benefits:

The benefits are primarily long-term in nature.?

Cost Savings: Reduction in expenses associated with addressing privacy breaches retroactively, such as regulatory fines, legal liabilities, and reputational damage.

Enhanced Trust and Reputation: Improvement in consumer trust and loyalty due to the demonstration of a commitment to privacy, leading to long-term relationships with customers and stakeholders.

Competitive Advantage: Differentiation from competitors by offering privacy-enhancing products and services, leading to increased market share and revenue.

Innovation: Stimulus for innovation in developing privacy-friendly solutions to meet consumer demand and regulatory requirements.

Without PbD

Now, the base scenario in which PbD is not implemented.?

Costs:?

Estimating these costs may involve statistical analysis of privacy breaches and costs to the company.?

Reactive Measures: Expenses linked with dealing with privacy threats after they occur, including the costs of investigating breaches, mitigating damages, and implementing remedial actions.?

Compliance Costs: Costs associated with achieving compliance with privacy regulations and standards reactively, including fines, penalties, and legal fees.

Loss of User Satisfaction: Decrease in user satisfaction and trust due to privacy incidents, leading to potential loss of customers, negative publicity, and damage to brand reputation.

Benefits:

Well, basically you will save the costs related to PbD.?

Okay, it is one thing to list down the costs and benefits, and another to understand the implications.

The role that the internet plays in our lives changed drastically in the last few decades. When PbD was introduced more than 30 years ago, social media did not exist, e-commerce was in its very basic form, cloud computing did not exist, and smartphones were just introduced.

We are currently living in an age when our personal and financial data is moving online like never before, most web services are served from the cloud, and mobile has become the dominant device for web access.?

The cost and impact of privacy breaches are drastically more significant. Actually, drastic might be an understatement. A privacy breach now can completely ruin a person’s life - it was really difficult to imagine this 30 years ago.

These factors tilt the scale in favor of PbD quite significantly.

Okay, let us end this article here.