"Privacy by Design": Nice-to-have or a Necessary Principle of Data Protection Law?
Privacy by Design is a term that was coined in 1997 by the Canadian privacy expert and Commissioner for Ontario, Dr Ann Cavoukin, but one that has recently been receiving more attention in terms of its inclusion as a positive requirement into EU, US and Canadian data protection frameworks. This paper argues that the right to personal privacy is a fundamental right that deserves utmost protection by society and law. Taking privacy into consideration at the design stage of a system may today be an implicit requirement of Canadian federal and EU legislation, but any such mention is not sufficiently concrete to protect privacy rights with respect to contemporary technology. Effective privacy legislation ought to include an explicit privacy-by- design requirement, including mandating specific technological requirements for those technologies that have the most privacy-intrusive potential. This paper discusses three such applications and how privacy considerations were applied at the design stages. The recent proposal to amend the EU data protection framework includes an explicit privacy-by- design requirement and presents a viable benchmark that Canadian lawmakers would be well-advised to take into consideration.
Canadian Privacy Law
EU Data Protection Regulation
Right to Privacy