Martech: Martech is Marketing Logo
  • Topics
    Digital Transformation
    Marketing Operations
    Data
    Customer & Digital Experience
    Performance Marketing
    Marketing Management
    Special Reports
    MarTech Topics
  • Conference
  • Webinars
  • Intelligence Reports
  • White Papers
  • What is MarTech
    Mission
    Staff
    Newsletter
    Search Engine Land
    Third Door Media

Processing...Please wait.

MarTech » Data » What is privacy by design? A deeper dive into this GDPR requirement

What is privacy by design? A deeper dive into this GDPR requirement

Experts agree that integrating privacy principles into the development phase makes sense for businesses and their customers.

Robin Kurzer on March 21, 2018 at 10:04 am

Privacy by design (PbD) is a pretty simple concept: It’s essentially a procedural reminder to build user privacy principles into the development of a product or tool. It’s also a key tenet of the European Union’s upcoming General Data Protection Regulation (GDPR), a sweeping regulation that affects any organization with European users or members.

Privacy by design came into the popular lexicon in the 1990s, introduced by Ann Cavoukian, who was information and privacy commissioner of Ontario at the time. In 2012, the Federal Trade Commission began calling it a best practice for data privacy, along with transparency and simplified choice.

Why isn’t privacy by design used by everyone?

One reason might be the persistent tug between creative freedom and rules that are seen to inhibit innovation.

“Privacy by design is a really great framework from which to think about privacy and security because it looks at potential harms and asks us to consider what ‘could’ happen, and not just what’s ‘likely’ to happen,” Fatemah Khatibloo, a principal analyst at Forrester told me.

“But in engineering circles,” he said, “the legacy thinking has been that privacy and security requirements stifle innovation. Badly secured data, though, has cost companies real and actual harms, and that’s been a forcing function for design and engineering teams to embed security into products and services. We haven’t gotten there with privacy — yet.”

PbD as a brand benefit

After several years of massive data breaches and calls for more transparency in ad tech, the notion of building tools with privacy in mind has become more appealing — a trend that not only protects the companies building these tools but offers a “safer” brand to advertisers and consumers.

“PbD is definitely gaining traction as a result of GDPR — but most marketers (and other business leaders) still struggle with the concept. It’s really hard to get revenue-generating teams to think about PbD — or really, any risk-based approach to data collection and use — because that’s just not how they are measured or compensated. That’s why we turn the idea on its ear and talk about PbD and contextual privacy as opportunities to build transparency and trust with customers,” Khatibloo said, explaining that contextual privacy is a business practice in which the collection and use of personal data is consensual, within a mutually agreed upon context, for a mutually agreed-upon purpose.

She shared the graphic below as an explanation of this concept.

Integrating PbD into the development process

Lewis Barr, general counsel and vice president of privacy at customer profile and identity management software Janrain, told me that companies should include PbD as a default.

“Any martech solution provider or consumer-facing organization that processes personal data regularly should develop privacy by design and default practices as a means of being more customer-friendly, building trust and reducing liability exposure,” Barr said. “Although it shouldn’t take a government mandate to adhere to these principles, privacy by design is on track to become law anyway; GDPR is the culmination of an overall movement toward requiring privacy by design that started at the beginning of this decade.”

Ben Hoxie, director of product management at mParticle, said that companies should consider adding PbD to be a production decision.

“My interpretation is to add an operational step and say, ‘do we need this?'” Hoxie said. “Ask, ‘What do we need to complete or product, or add value, or run our business,’ rather than say, ‘Let’s take everything and maybe it will be useful later.'”

“For me, it’s really an operational piece, in the same way that a lot of companies have a security review process. It’s a similar step to say let’s talk to the privacy department and make sure we’re doing this according to the law,” Hoxie said, adding that PbD should prevent companies from developing tools that collect data for data’s sake.

“I think the intention behind that in the GDPR is to avoid companies hoovering up everything they could possibly gather and hoping to find a use for it later,” Hoxie told me. “That’s what they’re trying to get away from. They’re trying to make it so that customer data is carefully and diligently analyzed and assessed before it’s collected, and then it doesn’t live forever.”

Janrain’s Barr said that with the advent of stronger privacy laws like GDPR, companies that don’t implement privacy by design at the beginning of the development process will face a much harder task than if it was simply built in:

Today, we are entering the era of consumer privacy advocacy. Where a decade ago software vendors were enamored with emerging technology’s ability to collect invaluable personal data unbeknownst to consumers, customers now want a say in how their personally identifiable information (PII) is collected and used. GDPR and similar regulations around the globe are amplifying their voice. Now, there will be a financial hit to a brand’s bottom line if it does not get data privacy right, in the form of a reputation hit or fines.

Unfortunately for vendors that didn’t incorporate PbD into their designs from the beginning, it’s much harder to “retrofit” existing applications than bake privacy by design into a product from the outset. It is not unlike auto manufacturers that didn’t prioritize energy efficiency in the 1970s. When regulations and economics began to promote fuel economy in the 1980s and beyond, they found themselves at a disadvantage vis-a-vis competitors that built efficiency into their design.

Forrester’s Khatibloo said that PbD will be good for businesses and users.

“Privacy by design is good business practice. And I think, in the not-too-distant future, that practices like privacy by design and contextual privacy will be trumpeted as proudly as ‘cruelty-free’ and ‘American-made’ are in consumer products today. Marketers would do well to start shifting their data collection and use practices in that direction today,” she said.


New on MarTech

    How clean, organized and actionable is your data?
    Replacement Survey: The top 5 solutions replaced
    What’s the biggest hidden secret in Google Ads?
    Native video tops social media in brand awareness study
    Worsening economy has more shoppers getting online info before making in-store purchases

About The Author

Robin Kurzer
Robin Kurzer started her career as a daily newspaper reporter in Milford, Connecticut. She then made her mark on the advertising and marketing world in Chicago at agencies such as Tribal DDB and Razorfish, creating award-winning work for many major brands. For the past seven years, she’s worked as a freelance writer and communications professional across a variety of business sectors.

Related Topics

DataMarketing Operations

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS The MarTech Conference logo.

September 28-29, 2022: Fall

Start Training Now: Master Classes

Start Discovering Now: Spring



The SMX Conference logo.

Start Training Now:: SMX Advanced

November 14-15, 2022: SMX Next

March 8-9, 2022: Master Classes

Webinars

Agencies: Grow Revenue Streams Through Web Accessibility & Compliance

Protect Your Paid Advertising Spend Against Ad Fraud and Invalid Traffic

Build an Integrated Search Strategy Across Google, Amazon and YouTube

See More Webinars
Intelligence Reports

Enterprise SEO Platforms: A Marketer’s Guide

Enterprise Identity Resolution Platforms

Email Marketing Platforms: A Marketer’s Guide

See More Intelligence Reports
Featured White Paper

Site Search 101

See More Whitepapers

Receive daily marketing news & analysis.

Processing...Please wait.

Topics

  • Transformation
  • Operations
  • Data
  • Experience
  • Performance
  • Management
  • All Topics
  • Home

Our Events

  • MarTech
  • Search Marketing Expo - SMX

About

  • What is MarTech
  • Contact
  • Privacy
  • Terms Of Use
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2022 Third Door Media, Inc. All rights reserved.