The beginning of human data rights
In the past few years, giants such as Facebook and Yahoo have leaked and illegally used data without their users’ consent, respectively, which is why GDPR was first created, back in mid-2016. Once these allegations went public, they were heavily criticized by Zuckerberg and other CEOs. However, the Senate testimony of Zuckerberg back in April revealed to us that Facebook’s creator not only sold data without consent and didn’t know the purpose of this data, but he somewhat disagreed with the senators concerning government-imposed data & privacy regulations.
Before the GDPR went into effect, Zuckerberg was invited as a guest in the E.U.’s Parliament as well, where he wasn’t received well by its members. Nevertheless, Facebook justifies using part of the personal information with consent for marketing purposes. In their own words, “It’s better to know what customers like and serve them quality content, content that truly matters to them.”
Privacy by design
Part of the GDPR, the ‘privacy by design’ concept is what truly matters to designers. According to this, there are seven fundamental principles to follow when this process occurs.
1. Proactive, not reactive
This simple rule explains that DPOs and designers should act before things turn sour, instead of waiting for it to happen, then react.
2. Privacy as the default setting
It means that you, as a designer, will deliver the maximum amount of privacy by ensuring all personal data is by default – protected in any given system.
3. Privacy embedded into design
In short, every designer must include privacy as a fundamental part of the system’s core. Functionality must not suffer on account of incorporating privacy protection methods, yet the latter must remain intact.
4. Full functionality
How to achieve full functionality? No idea, but you need to achieve a ‘win-win’ situation where both privacy and security will be present in the product/solution.
5. End-to-end security
Another important feature of GDPR’s ‘Privacy by Design’ concept is the end-to-end security. Basically, what happens to gata is being born, used, and destroyed in a finite period of time. No data can be left behind this process.
6. Visibility and transparency
Trust is gained by showing everything you’ve done with the data provided, increasing the levels of transparency and visibility. Every individual stakeholder has the right to request this, so get ready to show what you’ve done with the data. On the other hand, hiding certain acts is punishable according to GDPR.
7. Respect for user privacy
Finally, there should be strong privacy defaults, timely notice concerning anything connected to data, and protective user-friendly choices.
All seven of these fundamentals should be respected, as your data protection officer would ensure of it. However, this beautiful turn of events for data protection just created a world of chaos for web designers all around the world, as most of them now have tons of extra tasks, including the re-work of old designs and careful creation of new ones. In the end, everyone will agree it’s for the greater good.