Privacy by design and privacy by default

Michał Mikulski
GDPR should not only be a law imposed on companies to follow, it should also be a guideline for creating a more secure future. To do that, it is time to take another step in personal data protection. Privacy by design and privacy by default are the way to do it.

European GDPR laws, reflected in other regulations over the world like CCPA in the USA, are just the first step in promoting personal data protection. Another important trend is promoting 'privacy by design' and 'privacy by default' concepts. Both aren't new but they gained attention after adoption of European Data Protection Board Guidelines in 2019. These concepts, as simple as they are, need some clarification.

Privacy by design vs privacy by default

As said before, both concepts aren't new and have been known for years now. There are some key differences between them, but it is good to understand that privacy by design and default are both complementary.

Privacy by design

Even if it is counterintuitive, it is easier to implement data protection in a new structure than 'build it over' an existing one. That's why GDPR was so troublesome for many companies at the beginning. Creating a service or a policy with privacy in mind from scratch means making the right decisions and being familiar with good privacy practices. A great example of this will be adding automated image or video anonymization to a process of data collection. That being part of the process ensures data safety.

Other examples of privacy by design include using encrypted drives to store data or even creating a clear and understandable data collecting policy. Data protection and privacy specialists in an organization should be conscious about privacy from the start. Privacy by design means embedding privacy into organization structures.

Privacy by default

With privacy by default we take a step further. Let's imagine creating a new social media platform that uses a lot of video-related data. Developers make sure that data is automatically anonymized and stored on secure, encrypted drives. That's a design aspect of data protection. Now, privacy by default would mean that all the default settings in our new social media platform are as private as possible. Our platform stores a minimal amount of data for it to operate correctly, doesn't give a false sense of privacy safety, and gives control over privacy to the user. In a nutshell, that is privacy by default.

Automated image and video anonymization

When talking about privacy and storing huge amounts of video and images, one needs to talk about anonymization. Anonymized data is in line with GDPR requirements and gives an organization a simple way to make sure that user privacy is secured. That's why implementing into an organization is an important way of ensuring privacy by design. uses AI to automatically anonymize personal information in videos and images. It's convenient, efficient and doesn't require special skill or equipment to operate. The demo version of is available for free.