I have always argued that privacy is the foundation upon which democracy is built. Our right to control the collection, use and disclosure of information about ourselves is the right upon which our other freedoms rest. Thus, to preserve our privacy is to preserve that which we cherish, but often take for granted – the freedom and liberty that define the open society in which we live.
It is this understanding that has fuelled my longstanding interest in the privacy rights of individuals, and that has so powerfully cemented my dedication to this cause. In my two decades as a privacy professional, I have seen how the growth of technology has brought new challenges to the protection of privacy. Consumers are now constantly subjected to new forms of data collection from all kinds of businesses. Emerging privacy-invasive technologies such as biometrics, Radio Frequency Identifiers (RFIDs) and video surveillance have intensified the need to address privacy and the methods that may be used to protect it.
However, unlike some critics, who strictly see technology as eroding privacy, I have always taken the view that technology is inherently neutral. As much as technology has the ability to take away privacy, its support can also be enlisted to protect privacy through the use of Privacy-Enhancing Technologies (PETs). The concept of PETs was actually predicated on a deeper philosophy – that of embedding privacy into the design specifications of technology itself, thereby ensuring its ongoing presence.
Back in the ’90s, it was clear to me that the time was upon us when regulation and policy would no longer be sufficient to safeguard privacy. In my view, with the increasing complexity and interconnectedness of information technologies, nothing short of building privacy right into system design would suffice. So I developed the concept of Privacy by Design (PbD), to capture the philosophy of embedding privacy proactively into technology itself – making it the default, which could be delivered through various PETs.
More recently, I’ve evolved the concept of PETs into “PETs Plus,” by adding a crucial component – a positive-sum paradigm. The prevailing zero-sum model, where privacy is invariably sacrificed for security or some other functionality, is fundamentally misguided and based on a false dichotomy. If we change the paradigm to the inclusive positive-sum model, which allows for the growth of both privacy and security, hand-in-hand, then the future of privacy grows more certain. PETs Plus recognizes the role of infrastructure, design, and architecture in enhancing privacy and building user confidence and trust. Take this a step further and you can achieve what I call Transformative Technologies, which have the power to transform otherwise privacy-invasive technologies, into privacy-protective ones – positive-sum all the way.
So, what exactly is PbD?
In brief, PbD refers to the philosophy and approach of ensuring that privacy is embedded into the design specifications of various technologies and business practices employed by various organizations. This may be achieved by building the principles of Fair Information Practices (FIPs) into the design, operation and management of information processing technologies and systems.
As a broad overarching concept, PbD encompasses:
1. Recognition that privacy interests and concerns must be addressed;
2. Application of basic principles expressing universal spheres of privacy protection;
3. Early mitigation of privacy concerns when developing information technologies and systems, across the entire information life cycle – end-to-end;
4. Need for qualified privacy leadership and professional input; and
5. Adoption and integration of privacy-enhancing technologies (PETs and PETs Plus).
For further information on PbD, I encourage you to read my publications, Privacy by Design … Take the Challenge, and Privacy by Design: The 7 Foundational Principles, both available at www.privacybydesign.ca/publications.htm.
Dr. Ann Cavoukian is the Information and Privacy Commissioner of Ontario, Canada and will be posting regularly on matters relating to privacy. Next: How Privacy is Good for Business
