Privacy by Design, Simplified!
Rajesh Dangi
Technology Advisor, Founder, Mentor, Speaker, Author, Poet, and a Wanna-be-farmer
Privacy by design, like security by design, is an essential part of the software development process and a risk reduction strategy for software engineers.?Going beyond the software engineering there are many facets to privacy by design, including emerging technologies and Industry 4.0 eco-systems as well as administrative elements (e.g. legal, policy, procedural), other organizational controls, and inter-operating contexts. Privacy by design evolved from early efforts to express fair information practice principles directly into the design, build and operation of information and communications technologies and resonate the efforts all the way into application and database systems, practices, and processes so that they ensure the existence of privacy from the very beginning while rolling out new project initiatives to engrave the broader systems and processes in which PETs were embedded and operated by default.
Broadly, The very need or notion behind Privacy by Design (Read, PbD) is to encourage business entities to become aware, adopt and implement strategic, technical and organizational measures and establish controls at the earliest possible stages while setting up?organizational priorities, project objectives, further into the design processes and planning operations, It is essential to deal with personal data of the users securely and treat privacy issues as fundamental tenet of the business value proposition. PbD proposed that for all consumer focused business entities data privacy must be part of the user-focused digital journey while designing secure and private experiences to increase brand trust, improving the product’s user-experience, and thus builds stronger relationships with the user audience. it is indeed a powerful narrative that continues to evolve alongside regulation and social conversations.
"While privacy by design has made significant progress in legal, technological and conceptual development, it is still far from unfolding its full potential for the protection of the fundamental rights of individuals. The following sections of this opinion provide an overview of relevant developments and recommend further efforts" - Giovanni Buttarelli, Former European Data Protection Supervisor?(EDPS)
Fundamental Principles
Today, many data protection legislations contain basic principles for safeguarding the privacy of data subjects with relevant requirements for data protection and security are contained in the data protection regulation, business practices and policies for data protection and information security, various security standards, codes of conducts, best practices or other relevant laws and regulations relating to the sector is driving Privacy by design by default to ensure that the information systems and applications we use fulfil these data protection principles safeguarding the rights of individuals.
For example while user is installing an application all settings should, by default, be configured to the most privacy-friendly setting. The user should be making a conscious choice to change the setting after the installation that may result in a less privacy-friendly configuration or intend opening up his information such as location, contact details or share the data with others. If the user wishes to use such features, he or she must actively choose to change the settings but should by-default be protected.
Additionally, Clear and concise information about how the personal data of the user will be used by the application or the business entity owning the application is fundamental to ensure protection of user rights. The software must make it easy for the users or data subjects to exercise their rights, such as access, information, rectification, restriction, and data portability. Principles of Privacy by Design (PbD) may thus be applied to all types of personal information, but should be applied with special vigour to sensitive data such as medical information and financial data. The strength of privacy measures tends to be commensurate with the sensitivity of the data. This may be accomplished by practicing the following seven foundational?principles:
Organizations prone to regulations must put in place appropriate technical and organisational measures designed to implement the data protection principles effectively, integrate and demonstrate safeguards into the processing so that they can meet the regulatory requirements to protect individual rights. European union was the first who took the steps and established the GDPR, and now policymakers in other countries are working on laws and legislations in their country to define the data protection regimes securing the cyber future.
领英推荐
New data-conscious paradigm now poses a problem for artificial intelligence (AI) that thrives on huge amounts of data and the inferences thereof. We must figure out a ways to train machines on significantly smaller data sets while protecting the privacy and data of users, this will bring right balance between the digital wellbeing and intelligent automation. A new way of federated learning is now evolving as a method of training machine learning models in a way that the user data does not leave its location, keeping it safe and private wherein the process of learning takes place in a decentralized manner across a network of nodes/edge devices, and the results are aggregated centrally to create a unified model and?differs from the traditional centralized machine learning methods that require the data to be aggregated in a centralized location for learning.
From the industry standards perspective, ISO/PC?317,?Consumer protection: privacy by design for consumer goods and services, was developed by ISO/COPOLCO, the ISO committee that deals with consumer issues in standardization. Its remit is to develop a standard that will not only enable compliance with regulations, but generate greater consumer trust at a time when it is needed most via implementing the standard to help comply with regulations and avoid potentially devastating data breaches that erode consumers’ confidence in the digital world.
Implementation Approach
Globally, in most of the countries PbD adoption is not a mandated by law as yet thus remains as a best practice to help manage the data privacy aspects and is often criticized for the lack of practical guidance and too many open questions about its implementation. The regulations focus on the outcomes and effective controls of data protection and provide forthcoming suggestions /?recommendations around the principles of the PbD for adoption. On the other hand, in EU, PbD is now a legal obligation since the introduction of the General Data Protection Regulation (GDPR) in 2018 and infringement carries heavy fines, taking right steps towards the data protection and enforcements.
In India, The?Justice Sri Krishna Committee Report on Data Protection?commented upon incorporating organisational measures, broadly designed as ‘privacy by design’. Thus the?Personal Data Protection Bill, 2019 (“PDP Bill”)?introduces the concept of privacy by design policy for the first time in the Indian legislation governing data protection and privacy laws. The PDP Bill was introduced in the Lok Sabha on December 11, 2019 by the Minister of Electronics and Information Technology.
In Summary, Privacy is a fundamental human right that has become one of the most elusive and least understood topics of the Internet. However, the time is coming for change, and it’s up to us whether that’s going to happen wilfully or through regulation. Profiling, automated recommendations for biased decision-making and personalised advertisements have become part of our day-to-day lives without our knowledge or consent. These trends often involve collection, categorization and processing of personal and behavioural data on a large scale while users expect services to be secure and safeguard their privacy in an effective manner. Unlike the businesses who take take data protection issues seriously and build trust, most of the social media thrives on the data monetization. Thus, strong data protection measures are essential and be a competitive advantage for businesses that value and respect data privacy. Regulators and policy makers are defining the boundaries to operate in a fairness of respecting the user privacy, the intent will drive the PbD enforcement. The force is getting stronger day by day!
***
Apr 2022. Compilation from various publicly available internet sources, authors views are personal.
#DataPrivacy #Dataprotection #PrivacybyDesign #PET #Infosec #GDPR #Personaldataprotection #Cyberrisks #Softwareengineering
Public Relations, Branding and Corporate Communication | MA International Public Relations and Global Communications Management at Cardiff University
2 年Great post! It's so important that social media business models and other emerging platforms look at developing algorithms that ensure user data protection and reduce digital footprints. It's great that there are already some emerging social media platforms doing that.
Founder at HUSSY & DAKSH SMART SOLUTIONS
2 年People don't even recognise that they are being manipulated using their own behavioural data. MYn is the way to go...
Associate - Partner Business at NxtGen Infinite Datacenter & Cloud Technologies
2 年Ashok Upadhyay Vivek kumar N Praveen Meghta Suraj Bhatt Hrishikesh Bhingardive Samir Jhaveri Gowri govardhan
Chief of Operations (COO)North Sify Technologies
2 年Absolutely imperative to understand ….it’s ONLY up to us ….the ‘time’ is ripe ….remember the tag line of early days …‘Zara Sochiye’ ??
Vice President- Sales
2 年That's something great...