In a very instructive description of the difference between the US and the EU in the legal protection of on-line privacy, I read something very surprising. It said that in a recent meeting commissioner Reding introduced "privacy-by-default" as a new concept and as one of the pillars on which the revision of the EU data protection laws will be based. The idea is that privacy settings are designed to be easily found and manipulated by the user, so that "you don't have to be an engineer to set your privacy settings." Surprisingly though, privacy-by-default does not mean that your privacy should be protected by default, and does not imply an opt-in requirement to privacy invasions.
Surely, this must be a mistake. If not, the term "privacy-by-default" is a nasty form of EU newspeak.
On the spot, it seems that Ann Cavoukian’s privacy by design is actually privacy by default, whereas Reding’s privacy by default is about HMI (human machine interfacing). The big and remaining problem in both cases is that we have no clue which profiles are built and applied based on the data we leak.