On privacy by design
Today we want to focus on why designers should care about privacy, even if they do not directly work with data or code. The concept of Privacy by Design was first implemented into legislation via the General Data Protection Regulation (GDPR). Although the Regulation requires Privacy by Design, it does not provide a definition or instructions on how to implement it.
Article 25 of GDPR, titled ‘Data protection by design and by default’, refers to technical and organisational measures that must be implemented “at the time of the determination of the means for processing and at the time of the processing itself. These technical and organisational measures should aim at implementing the GDPR requirements and protect the rights of individuals in an effective manner.
In other words, GDPR requires all products and services that involve the processing of user data, to integrate privacy as part of the design and development process. Privacy is now a mandatory part of the user journey. The scope of a designer’s work is being expanded as design professionals must understand and integrate privacy requirements into products.
From our experience, we currently see three main approaches to implementing privacy by design:
(i) Many established companies, such as Google and Facebook, are retro-fitting privacy into their products and services. They are working around an existing business model, trying to pivot in order to gain back the trust of their customers. While going through the retro-fitting process, these companies have to mitigate the risks of a complex, non-compliant product. Time will tell how expensive and risky this strategy will turn out to be.
(ii) New European companies and startups are integrating privacy early enough to comply with GDPR. These companies usually have a minimum viable product or a market ready service and hire a GDPR-consultant to verify that they are compliant. More often than not, these companies need to adjust their product or service in order to be more privacy inclusive.
(iii) A few companies are creating products or services in a collaborative process that considers tech, product, design and legal requirements. In this case, GDPR provisions are a part of the ideation phase, where legal requirements are built into design.
As privacy by design became an indispensable product requirement, all of us should be keeping it in mind from the beginning and consider it at the early stages of product development.
Our tip for today is: these six simple steps that can help audit your product’s interactions for clarity and transparency and re-envision the product’s privacy on-boarding experience.
Our Newsletter started from the idea of looking into privacy by design case studies and how product design, user experience, code and law can blend together to create amazing solutions that will be both innovative and ethical.
This and other articles of the #Privacy_Issues publication, unless specified otherwise, are a product of joint creative energy of the team behind the Privacy Issues project. To receive regular updates on the latest developments in the field of data protection and privacy with regards to product design, development, marketing and more sign up for our Newsletter here.
