Privacy by design was first widely presented by the Information and Privacy Commissioner of Ontario, and pertained the notion of embedding privacy measures and privacy enhancing technologies (PETs) directly into the design of information technologies and systems. Nowadays, privacy by design, or its variation data protection by design, is regarded as a multifaceted concept, involving various technological and organisational components, which implement privacy and data protection principles in systems and services.
The General Data Protection Regulation (GDPR) for the first time addresses data protection by design as a legal obligation for data controllers and processors, making an explicit reference to data minimization and the possible use of pseudonymisation. On top of this, it introduces the obligation of data protection by default, going a step further into stipulating the protection of personal data as a default property of systems and services.
ENISA has been working in the field of privacy technologies over the last years, following an engineering approach.
In 2014 we issued our first Report on Privacy and Data Prorection by Design, providing an inventory of existing privacy by design approaches, strategies, and technical building blocks of various degrees of maturity.
In 2015 we provided a specific Report on Privacy by Design in Big Data, aimed at analysing privacy by design strategies and tools in the era of big data analytics.
We aim to continue our work in this area in close collaboration with privacy experts from academia, industry and regulatory authorities.
For more information, please also visit our related section on Privacy Enhancing Technologies (PETs).