Privacy by Design means that privacy protections should be built in: A proactive mitigation of potential risk that includes Privacy by Default as one element of a broader approach. Privacy by Design is the practice of building privacy protections and privacy-enhancing technologies into the development of new operations, products, or services. 

Privacy by Default is where privacy is established as the baseline setting. Privacy controls are set to the highest possible standard as the default option and no user action should be necessary to maintain or privacy. 

The 7 Privacy by Design Principles  

The concept of PRIVACY BY DESIGN was developed based on seven foundational principles  

1. Proactive not reactive; preventative not remedial  

The first guiding principle of PbD highlights that a proactive approach must be taken, not a reactive one. This means that implementing PbD should help organizations to predict and prevent privacy risks before they happen.    

2. Privacy as the default setting  

The second principle of PbD states that the highest possible privacy settings should be in effect by default. This means that individuals should not have to take any action in order for their privacy to be protected.  

3. Privacy embedded into design  

The third principle echoes the first. PbD should be embedded into the design stages of a project, not as an afterthought or add-on. This builds privacy into the core functionality of the project, product, or system.  

4. Full functionality – positive-sum, not zero-sum  

The fourth principle of PbD is that the approach should consider and provide for all legitimate interests and objectives, described as positive-sum or win-win. This principle aims to demonstrate that the interests of multiple stakeholders can be incorporated, and no unnecessary compromises need to be made.  

5. End-to-End security – full lifecycle protection  

The fifth principle takes information security into account. PbD should extend through the full lifecycle of the data, and data security is essential for ensuring privacy from start to finish. Collection, retention, and destruction of information should all be considered.  

6. Visibility and transparency – keep it open  

The sixth principle of PbD aims to ensure transparency is factored into the approach. All relevant stakeholders should have visibility into the stated objectives of a project and these objectives can be subject to independent verification.  

7. Respect for user privacy – keep it user-centric  

The seventh and final principle of PbD is possibly the most important: The interests of the individual must be at the center of any project design. Keep it user-centric.