
Understand why CIPA lawsuits are rising and how to minimize privacy risk on your website.
Thank you!
Please check your email to view the guide.

Privacy by design means applying privacy principles and controls throughout the entire lifecycle of a product or system.
Since the concept emerged in 1995 as a set of seven principles, versions of privacy by design have been adopted by the International Standards Organization (ISO) in its ISO 31700-1:2023 framework—and by the EU in its General Data Protection Regulation (GDPR).
With new privacy and data protection laws passing all over the world, forward-thinking companies are “baking in” privacy. Privacy by design can help reduce risk, enhance trust, and create sustainable, long-term growth.
Privacy by design is, essentially, an approach to systems engineering. Privacy by design principles can help guide engineering and development teams as they build products and manage data.
In this context, “design” extends beyond the initial stages of building a product. Privacy by design applies at all stages, across all systems—from developing your company’s internal processes to providing ongoing product maintainance.
Each stage of the development lifecycle presents opportunities for applying privacy by design.
Here are a few examples in the software development context. Privacy by design can help you:
In January 2023, the world’s leading standards-setting body, ISO, adopted a privacy-by-design standard: ISO 31700-1:2023. This framework provides controls for implementing privacy by design across both technical and organizational contexts.
The original privacy by design model was developed by Canadian privacy champion Anne Cavoukian. This version of privacy by design centers around the following seven principles:
Later privacy-by-design models have changed and expanded these principles, but the seven original principles remain a great model for implementing privacy by design.
Let’s consider each privacy-by-design principle in turn, with examples of how they apply in practice.
Prevention is better than cure. Privacy by design means anticipating privacy issues and preventing them—not fixing problems once they arise.
Example: A company is developing a ticket-booking app that provides notifications for local concerts based on the user’s current city. Collecting precise geolocation information is particularly risky as it can reveal sensitive information about the user’s personal life.
Anticipating this, the developers collect coarse location data at the city level only, and provide an option for the user to enter their location manually. The information is deleted each session unless the user asks the app to remember their location.
You should always assume the user does not want you to collect or use their data. By default, a a product or service should only process personal data if necessary to deliver a service that the user has requested.
Example: An exercise tracking app runs in two modes: Private—where workout history and results are visible only to the user—and Public—where leaderboards show which users have the best running times across popular local routes.
The app should run in Private mode by default, with Public mode available for users who opt in.
Privacy should be at the core of every system, not bolted on as an afterthought. Make privacy a part of the conversation throughout the entire system development lifecycle, from planning to maintenance.
Example: A company is planning a local government project to analyze the number of cars passing through key areas of a city. From the outset, the company should consider how to minimize the project’s privacy impact.
For example, can the company distinguish individual cars without identifying drivers? How can the company notify the public about the data it collects? Can the company deidentify data once it’s collected? When and how will the company delete the data?
The privacy-by-design philosophy treats privacy as a win-win. An organization should aim to leverage privacy to deliver its finished product—not expect trade-offs between privacy and useability.
Example: A company uses marketing cookies on its website, which require the company to obtain consent from users in certain jurisdictions.
The website has an intrusive cookie pop-up that prevents users from accessing the page unless they accept cookies. Employing the “full functionality” principle, the company replaced the pop-up with a non-intrusive cookie banner offering users a free choice.
The win-win: While the proportion of users accepting cookies goes down, the overall number of users accepting cookies goes up as more people visit and remain on the fully-functioning website.
Security and privacy overlap and intertwine. The “end-to-end security” principle means keeping personal data secure from collection to deletion and at every stage between.
Example: A marketplace app for selling used clothing allows users to message each other.
The company should consider preventing users from seeing unnecessary information about each other, securing its payment process, encrypting personal messages, storing personal data securely, and developing a breach notification policy, among other things.
Be honest and open about your data processing practices. Transparency builds trust. If you’re worried about spooking your users, consider whether you’re using their personal data in a fair and ethical way.
Example: A banking app requests its customers’ date of birth for legitimate security and know-your-customer purposes. The bank implements a “just in time” notice alongside the web form, explaining why the bank requires the data and how it will be used.
Privacy by design means keeping the user’s privacy and other rights in mind at all times. When assessing whether you need to collect or use personal data, approach the question from the user’s perspective.
Example: A productivity app lets users block time-wasting websites. The provider wants to understand its user base by analyzing which websites each user blocks. The marketing team says collecting this data will benefit users in the long term by helping to attract investment.
However, collecting this data is unnecessary from the user’s perspective and would go against many users’ reasonable expectations. Therefore, the company should consider different approaches to learning about its user base—or at least turn this functionality off by default.
A version of privacy by design is a legal requirement under the GDPR, which applies across all countries in the European Economic Area (EEA) and the UK.
Here’s the full Article 25 of the GDPR, “Data protection by design and by default”:

This section of the GDPR requires “controllers” (who decide how and why to collect or use personal data) to implement “data protection by design” and “data protection by default”, which are similar to the classic “privacy by design” principles.
The GDPR’s version of “privacy by design”—“data protection by design”—is all about taking “technical and organizational measures”: Safeguards, policies, and techniques designed to safeguard people’s privacy and other rights.
According to Article 25 (1) of the GDPR, you must implement appropriate technical and organizational measures both:
These technical and organizational measures must:
When deciding which technical and organizational measures to employ, you must consider the following factors:
The GDPR only gives one example of a “technical measure” for achieving data protection by design: “pseudonymization”, which involves removing identifiers from a dataset and storing them separately.
The GDPR’s version of “privacy by default”—”data protection by default”—also revolves around technical and organizational measures. This time, such measures help give users more control over the amount of personal data controllers collect.
Under Article 25 (2) of the GDPR, you must implement appropriate technical and organizational measures to ensure that you only process the personal data necessary for a specific purpose.
The principle of data protection by default applies to:
It’s particularly important to ensure that, by default, personal data is not made accessible to an “indefinite” number of people unless the user enables this.
“Privacy by design” and “privacy by default” overlap. But it’s useful to understand how these two concepts differ. So let’s contrast them across some key areas.
The “privacy by design” model has been helping organizations integrate privacy into their operations for nearly 30 years.
The principles of privacy by design require that you:
Remember: Privacy (or data protection) by design and by default is a legal requirement under the GDPR.
1. What does "privacy by design" mean?
- "Privacy by design" refers to the proactive integration of privacy considerations into all stages of product or system design and development.
2. What is "privacy by design"?
- It's an approach that emphasizes embedding privacy principles from the outset of any system, product, or process development, rather than adding them later.
3. How is "privacy by design" implemented?
- This can be done by following its foundational principles, such as proactively addressing potential issues, ensuring privacy defaults, and embedding privacy throughout the entire lifecycle of projects.
4. What are "privacy by design" and "privacy by default"?
- While "privacy by design" is about embedding privacy considerations throughout the design process, "privacy by default" ensures that the default settings of a product or service are the most privacy-friendly.
5. What is the GDPR's take on "privacy by design"?
- The GDPR mandates a similar approach called "Data protection by design and by default," legally requiring companies operating in the EU to integrate data protection principles into their processes.
6. What are the principles of "privacy by design"?
- The principles emphasize proactivity, privacy as a default setting, full lifecycle security, transparency, and always prioritizing the user's privacy.
7. When is "privacy by design" used?
- It should be used throughout the entire development and operational lifecycle of any product, system, or service that deals with personal data.
8. When should "privacy by design" be implemented?
- It should be implemented from the very beginning or outset of any system or product development and continued throughout its lifecycle.
9. Why should we care about "privacy by design"?
- It helps in anticipating and preventing privacy breaches, maintaining user trust, and meeting legal and ethical obligations.
10. How do "privacy by design" and "privacy engineering" operate together?
- While "privacy by design" offers a foundational framework and principles, "privacy engineering" provides the technical methodologies, tools, and practices to actualize and ensure those principles in real-world systems.
11. Which of these are foundational principles of "privacy by design"?
- The foundational principles include being proactive, ensuring privacy as a default setting, embedding privacy from the outset, end-to-end security, transparency, and always considering the user's perspective.
12. When should privacy by design be implemented?
- Privacy by design should be implemented at every stage of the systems development life cycle. You should apply the privacy by design principles from the first step of developing a product to the final step—and at each stage in between.
13. Why should we care about privacy by design?
- From your organization’s perspective, you should care about privacy by design because it can improve your development processes, increase efficiency, reduce risk, and enhance customer trust. Getting privacy right from the outset means making better products and growing a healthier business.
14. How do privacy by design and privacy engineering operate together?
- Privacy by design and privacy engineering go hand in hand—privacy engineering can help automate core privacy-by-design processes such as data minimization, storage limitation, and data security. Privacy by design requires that you consider privacy enhancements at every stage of development. Implementing privacy engineering techniques such as encryption, code scanning, and data flow modelling is vital to meet this requirement.
15. What are the foundation principles of privacy by design?
- The foundation principles of privacy by design are as follows: