Conceptual Model of Privacy by Design

ABSTRACT

The use of the internet and related smart devices encourages mass processing of an individual`s personal data, which commonly leads to a reduction in privacy. In the European Union legislators faced this challenge decisively in 2018, when the General Data Protection Regulation (GDPR) was enforced. Through the idea of “data protection by design and by default”, GDPR seeks to direct the development and use of information communication technology in a way in which personal data processing, taking into account the legitimate interest of the public and private sector, interferes as little as possible with the privacy of individuals. The purpose of this paper is to find out how the GDPR understands “data protection by design and by default”, to analyze and compare different approaches of other authors on understanding “privacy by design”, and to propose a synthesized conceptual model of privacy by design.

KEYWORDS:

• Personal data protection
• privacy by design
• conceptual model

Notes

¹ Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data.²

² Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.³

³ Stands for “Information and Communication Technologies.” ICT refers to technologies that provide access to information through telecommunications. It is similar to Information Technology (IT), but focuses primarily on communication technologies. This includes the Internet, wireless networks, cell phones, and other communication mediums.

⁴ The privacy-friendly aspect of such solutions is represented by PET – Privacy Enhanced Technology.^4,5

⁵ In some special cases specified by the GDPR, the implementation of additional requirements, e.g. the appointment of a data protection officer.