Privacy by Design
Privacy by Design is an approach to software development which takes privacy into account throughout the whole process of development. The concept is an example of value sensitive design, that takes human values into account in a well-defined manner throughout the whole process and may have been derived from this.
Privacy by Design advances the view that the future of privacy cannot be assured solely by compliance with legislation and regulatory frameworks; rather, privacy assurance must become an organisation’s default mode of operation. It is an approach that promotes privacy and data protection compliance from the start. Unfortunately, these issues are often bolted on as an after-thought or ignored altogether.
Why do we need it?
Today personal data are the new “oil”, they are among the most interesting source of income both for commercial organisations and criminal activities, then, it is very important and necessary to protect that sensitive data. Medical data is being sold for an average price up to $50 per individual dataset. The medical record retains much longer their value; it gives criminals the time to sell this kind of data.
Ensuring privacy and security—through every phase of the data lifecycle (e.g. collection, use, retention, storage, disposal or destruction)—has become crucial to avoiding legal liability, maintaining regulatory compliance, protecting your organisational image, and preserving the confidence of customers. Principles of Privacy by Design may be applied to all types of personal information but should be applied with special vigour to sensitive data such as medical information and financial data. The strength of privacy measures tends to be commensurate with the sensitivity of the data and is based on ‘7 foundational principles’:
- Proactive not reactive; Preventative not remedial
- Privacy as the default setting
- Privacy embedded into design
- Full functionality – positive-sum, not zero-sum
- End-to-end security – full lifecycle protection
- Visibility and transparency – keep it open
- Respect for user privacy – keep it user-centric
The “privacy by design and privacy by default” is one of the main new principles introduced by the EU Commission in the proposal of the new legal framework for the protection of personal data; the General Data Protection Regulation.
Role of GPDR
The General Data Protection Regulation (GDPR) for the first time addresses data protection by design as a legal obligation for data controllers and processors, making an explicit reference to data minimization and the possible use of ‘pseudonymisation’. On top of this, it introduces the obligation of data protection by default, going a step further into stipulating the protection of personal data as a default property of systems and services. Article 25 of the GDPR codifies both the concepts of privacy by design and privacy by default.
Delivering full secure authentication environment with ConsentID
In this digital world, security, privacy, and integrity are essential. As a part of AET Europe’s commitment to delivering a secure environment for both end users as customers, we offer Privacy by Design. AET provides flexible, simple to deploy, and easy to use mobile authentication, seamlessly integrated into the login process: ConsentID. Organisations are able to establish ‘the minimum of information’ by using ConsentID. For example: if a person is older than 18 or is enrolled in a university, without the need for the person to disclose personal information, such as name, address, date of birth, etc. For the use of ConsentID, we do not collect any personal data or credentials. We only need the token from the identity provider to obtain a unique identifier for the users, for the purpose of providing service for authentication.