Data Protection by Design is an approach that promotes privacy by ensuring that data protection safeguards are being built into products and services from the earliest stage of development of a software


1::Software engineers prefer to use Privacy Policies.
2::Privacy is a social issue and not an engineering problem.
3::The lack of appropriate tools to realise Protection-by-Design.

Unfortunately this is not the correct answer in the context of this scenario. Privacy Policies are the common name of documents/statements used by service providers in which it is detailed how your privacy is treated and how your personal data can be used by them (i.e. which personal data are being collected, for which purposes, recipients of your data etc.). Data Protection by Design ensures better privacy than Privacy Policies.

The second reason is the lack of appropriate software tools to realise it.

See for more information the ENISA report Privacy and Data Protection by Design: https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design

Note that the need for Data Protection by Design is also addressed in the General Data Protection Regulation 2016/679 (the Regulation entered into force on 24 May 2016, and shall apply from 25 May 2018; it is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf).

 

While Privacy is indeed also a social issue, in our interconnected and digital world this can be regulated and protected with proper design; that is why we refer to Data Protection by Design.

The second reason is the lack of appropriate software tools to realise it.

See for more information the ENISA report Privacy and Data Protection by Design: https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design

 Note that the need for Data Protection by Design is also addressed in the General Data Protection Regulation 2016/679 (the Regulation entered into force on 24 May 2016, and shall apply from 25 May 2018; it is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf).

 

Indeed this is the second reason as to why traditional software engineering approaches have limitations in the Data Protection by Design. It becomes therefore important that tools become more available to the software engineering community.

See for more information the ENISA report Privacy and Data Protection by Design: https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design

Note that the need for Data Protection by Design is also addressed in the General Data Protection Regulation 2016/679 (the Regulation entered into force on 24 May 2016, and shall apply from 25 May 2018; it is available here: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf).

 


(note that the term Privacy by Design can be also met in several texts)

Traditionally however the engineering of software has had limitations in building technologies that by design ensure privacy. There are two main reasons why traditional software approaches have limitations in the Data Protection by Design. The first reason is the lack of awareness of developers and data controllers.

What is the second reason?