Former Information and Privacy Commissioner of Ontario, Ann Cavoukian, originally developed Privacy by Design as a way to approach the design of any technology system with privacy taken into consideration throughout the entire engineering process.
The concept entered the collective consciousness of the digital advertising industry in recent years after the European Union unleashed the General Data Protection Regulation (GDPR) in 2018. It has garnered renewed focus with the impending deprecation of third-party cookies in Google’s Chrome browser and Apple’s new restrictions on the iOS IDFA advertising identifier.
First introduced in 1995, and then codified into an official framework in 2009, Privacy by Design consists of seven foundational principles. However, there is one principle from this framework that may sound familiar:
Privacy as a default setting: If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual to protect their privacy − it is built into the system by default.
Privacy as a default setting materializes in some form in article 25 of the GDPR, as “Data Protection by Design and by Default.” While similar, these two concepts are very different, and it’s crucial to understand that distinction.
“Data protection by design and by default” assumes that a system will collect personal data and should take care to protect this data. “By default” is the idea that a system should only collect what is necessary for a specific purpose and no more.
In contrast, with “privacy by design,” there is no need to consider the protection of personal data because there is no collection or use of personal data. Platforms considering privacy by design would not drop cookies, share identifiers, or store personal information to serve digital advertisements.
This concept could sound shocking to anybody who has worked in ad tech. Pervasive tracking and user identification form the bedrock of modern-day digital advertising. Understanding user behavior and their interests are critical to power the detailed measurement and audience targeting capabilities that make digital such an attractive alternative to traditional forms of advertising.
But what if there was a way to retain the advanced targeting and measurement benefits of digital advertising while adhering to privacy by design? There are political, social, and business undercurrents that may carry privacy by design from a fringe concept to a core tenet of any advertising platform.