Privacy

Privacy by Design

An approach that embeds privacy protections into systems and processes from the start, rather than adding them later.

Privacy by design (and by default) is the principle that data protection should be integrated into the design and architecture of systems, products, and business practices from the outset.

Seven Foundational Principles

Proactive, not reactive — anticipate and prevent privacy issues
Privacy as the default — no action required by the individual to protect their privacy
Privacy embedded into design — built into the architecture, not bolted on
Full functionality — privacy and functionality are not trade-offs
End-to-end security — full lifecycle protection
Visibility and transparency — keep practices open and verifiable
Respect for user privacy — keep the individual's interests central

In Practice

Data minimization — collect only what you need
Pseudonymization where possible
Default settings should be the most privacy-protective
Regular privacy impact assessments

Legal Reference

GDPR Article 25.

Related Terms

Data MinimizationPrivacy

The principle that only the minimum amount of personal data necessary should be collected and processed.

DPIAPrivacy

Data Protection Impact Assessment — a risk assessment required before high-risk data processing activities.

PseudonymizationPrivacy

Processing personal data so it can no longer be attributed to a specific person without additional information kept separately.

Privacy Impact AssessmentCompliance

A systematic process for evaluating how a project or system will affect the privacy of individuals.

Privacy Shield Profiling