• MarTech Today
  • Sections
    • Ads
    • Marketing
    • Content
    • Sales
    • Analytics
    • Management
    • Resources
    • More
    • Home
  • Follow Us
    • Follow
  • MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Mgmt
  • Resources
  • More
  • Events
    • Follow
  • SUBSCRIBE

MarTech Today

MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Management
  • Resources
  • More
  • Events
  • Newsletters
  • Home
Martech: Analytics & Data

What is privacy by design? A deeper dive into this GDPR requirement

Experts agree that integrating privacy principles into the development phase makes sense for businesses and their customers.

Robin Kurzer on March 20, 2018 at 12:57 pm
  • More

Privacy by design (PbD) is a pretty simple concept: It’s essentially a procedural reminder to build user privacy principles into the development of a product or tool. It’s also a key tenet of the European Union’s upcoming General Data Protection Regulation (GDPR), a sweeping regulation that affects any organization with European users or members.

Privacy by design came into the popular lexicon in the 1990s, introduced by Ann Cavoukian, who was information and privacy commissioner of Ontario at the time. In 2012, the Federal Trade Commission began calling it a best practice for data privacy, along with transparency and simplified choice.

Why isn’t privacy by design used by everyone?

One reason might be the persistent tug between creative freedom and rules that are seen to inhibit innovation.

“Privacy by design is a really great framework from which to think about privacy and security because it looks at potential harms and asks us to consider what ‘could’ happen, and not just what’s ‘likely’ to happen,” Fatemah Khatibloo, a principal analyst at Forrester told me.

“But in engineering circles,” he said, “the legacy thinking has been that privacy and security requirements stifle innovation. Badly secured data, though, has cost companies real and actual harms, and that’s been a forcing function for design and engineering teams to embed security into products and services. We haven’t gotten there with privacy — yet.”

PbD as a brand benefit

After several years of massive data breaches and calls for more transparency in ad tech, the notion of building tools with privacy in mind has become more appealing — a trend that not only protects the companies building these tools but offers a “safer” brand to advertisers and consumers.

“PbD is definitely gaining traction as a result of GDPR — but most marketers (and other business leaders) still struggle with the concept. It’s really hard to get revenue-generating teams to think about PbD — or really, any risk-based approach to data collection and use — because that’s just not how they are measured or compensated. That’s why we turn the idea on its ear and talk about PbD and contextual privacy as opportunities to build transparency and trust with customers,” Khatibloo said, explaining that contextual privacy is a business practice in which the collection and use of personal data is consensual, within a mutually agreed upon context, for a mutually agreed-upon purpose.

She shared the graphic below as an explanation of this concept.

Integrating PbD into the development process

Lewis Barr, general counsel and vice president of privacy at customer profile and identity management software Janrain, told me that companies should include PbD as a default.

“Any martech solution provider or consumer-facing organization that processes personal data regularly should develop privacy by design and default practices as a means of being more customer-friendly, building trust and reducing liability exposure,” Barr said. “Although it shouldn’t take a government mandate to adhere to these principles, privacy by design is on track to become law anyway; GDPR is the culmination of an overall movement toward requiring privacy by design that started at the beginning of this decade.”

Ben Hoxie, director of product management at mParticle, said that companies should consider adding PbD to be a production decision.

“My interpretation is to add an operational step and say, ‘do we need this?'” Hoxie said. “Ask, ‘What do we need to complete or product, or add value, or run our business,’ rather than say, ‘Let’s take everything and maybe it will be useful later.'”

“For me, it’s really an operational piece, in the same way that a lot of companies have a security review process. It’s a similar step to say let’s talk to the privacy department and make sure we’re doing this according to the law,” Hoxie said, adding that PbD should prevent companies from developing tools that collect data for data’s sake.

“I think the intention behind that in the GDPR is to avoid companies hoovering up everything they could possibly gather and hoping to find a use for it later,” Hoxie told me. “That’s what they’re trying to get away from. They’re trying to make it so that customer data is carefully and diligently analyzed and assessed before it’s collected, and then it doesn’t live forever.”

Janrain’s Barr said that with the advent of stronger privacy laws like GDPR, companies that don’t implement privacy by design at the beginning of the development process will face a much harder task than if it was simply built in:

Today, we are entering the era of consumer privacy advocacy. Where a decade ago software vendors were enamored with emerging technology’s ability to collect invaluable personal data unbeknownst to consumers, customers now want a say in how their personally identifiable information (PII) is collected and used. GDPR and similar regulations around the globe are amplifying their voice. Now, there will be a financial hit to a brand’s bottom line if it does not get data privacy right, in the form of a reputation hit or fines.

Unfortunately for vendors that didn’t incorporate PbD into their designs from the beginning, it’s much harder to “retrofit” existing applications than bake privacy by design into a product from the outset. It is not unlike auto manufacturers that didn’t prioritize energy efficiency in the 1970s. When regulations and economics began to promote fuel economy in the 1980s and beyond, they found themselves at a disadvantage vis-a-vis competitors that built efficiency into their design.

Forrester’s Khatibloo said that PbD will be good for businesses and users.

“Privacy by design is good business practice. And I think, in the not-too-distant future, that practices like privacy by design and contextual privacy will be trumpeted as proudly as ‘cruelty-free’ and ‘American-made’ are in consumer products today. Marketers would do well to start shifting their data collection and use practices in that direction today,” she said.



About The Author

Robin Kurzer
Robin Kurzer started her career as a daily newspaper reporter in Milford, Connecticut. She then made her mark on the advertising and marketing world in Chicago at agencies such as Tribal DDB and Razorfish, creating award-winning work for many major brands. For the past seven years, she’s worked as a freelance writer and communications professional across a variety of business sectors.

Related Topics

Channel: Martech: Analytics & DataDMP: Data Management PlatformsGeneral Data Protection Regulation (GDPR)

Subscribe to receive daily martech news and expert insights. See terms.


We're listening.

Have something to say about this article? Share it with us on Facebook and Twitter.

Get the daily newsletter digital marketers rely on.
See terms.

ATTEND OUR EVENTS

MarTech 2021: March 16-17

MarTech 2021: Sept. 14-15

MarTech 2020: Watch On-Demand

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

White Papers

  • Digital Marketing Report Q4 2020: Benchmarks and Insights for 2021
  • Data SEO – The Next Big Adventure
  • Getting Started with Email Marketing Automation
  • The State of Local Marketing Report 2020-2021
  • Quality CRM Data: The Key to Delivering Great Customer Experiences
See More Whitepapers

Webinars

  • How to Avoid the Digital Transformation Trap
  • How to Build a Marketing System of Record
  • Meet BIMI: The brand-boosting email security marketers must have for 2021
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

Receive daily martech news and analysis.
Martech Today
Download the Martech Today app on iTunes
Download the Martech Today App on Google Play

Channels

  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • Home

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars
  • MarTech Conference

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff
  • Connect With Us

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • Instagram
  • RSS
  • iOS App
  • Google Play

© 2021 Third Door Media, Inc. All rights reserved.

Your privacy means the world to us. We share your personal information only when you give us explicit permission to do so, and confirm we have your permission each time. Learn more by viewing our privacy policy.Ok