While discussing my privacy design strategies paper at PLSC 2013, an interesting issue came up. The question was whether privacy by design can be used to enforce proportionality. That question was asked to me before, and my standard response was that it only partially can. You can use strategies like minimisation and, to a lesser extent, aggregation to ensure that the system only processes the personal data that it needs. However, whether that need itself is proportional, or even legitimate, is not something the design itself can guarantee.

And then it dawned on me: privacy by design only prevents unintended privacy infringements. It does not prevent companies like Facebook or Google to collect massive amounts of data about us, because it is their core business interest to do so. Similarly, privacy by design in the context of government surveillance is merely a fig leaf to pretend that they have dealt with privacy concerns. It does not stop the mass surveillance itself at all.

This means that the often used analogy between privacy protection and the protection of the environment is fundamentally flawed. No (sane) company will have the pollution of the environment as its core business. Its production process for a certain product may be very environmentally unfriendly, but the product itself is not pollution. Pollution is an externality. Not so for personal data. The main asset of Google and Facebook is us, their audience, and everything they know about us. Their main service is the sale that personal data of their audience to others.

Does this all make privacy by design a useless concept? I don’t think so.

First of all, it does prevent the unintended collection and abuse of personal data. For example, it does ensure that companies that process personal data design their system including proper security measures from the start. This reduces the risk of data breaches, and as such reduces consumer risk.

Secondly, if a company has no explicit reason to collect certain personal data however, the principle of privacy by design will ensure (to a certain extent) that the system it designs will indeed not collect that data. Therefore, privacy by design does ensure that the choice to collect personal data must be made more explicitly. Companies are increasingly aware of the damage that a disdain for privacy can inflict on customer trust and the strength of their brand. Explicit decisions to collect personal data
will be challenged in the ongoing debate about our civil rights online, and will therefore be made with more caution by those companies.