Information Commissioner publishes Privacy by Design report

The Information Commissioner has published his Privacy by Design report.

Despite more than 20 years of data protection legislation in the UK and efforts to encourage the adoption of privacy friendly technologies and ways of working, progress has been disappointing and data protection and privacy safeguards are often bolted on as inadequate afterthoughts rather than built into new developments from first principles.

With the current drive for increased information sharing, large centralised databases and increasing use of biometrics, the ICO sees the concepts at the heart of ‘privacy by design’ as helping ensure that essential safeguards against potential unwarranted risks to individuals’ information and privacy are put in place in new developments. The ICO wants to try to help bridge the current gap in both the public and private sectors.

The Privacy by Design report is the first step in this process. It explores the barriers to good privacy practices, what can be done to remove those barriers, and how privacy can be embedded in every stage of the systems lifecycle.

The report, and its supporting materials, can be downloaded here.

[Declaration of interest: The Enterprise Privacy Group team wrote the Privacy by Design report]

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Hi Toby. I presume the Privacy by Design event went well. I believe that Phorm wasn't on the agenda but I am guessing that it may have been discussed on passing amongst the attendees. There were certainly a lot of flyers being passed around. A while ago you stated your recommendations in the report would have implications for behavioural advertising and that you would blog on them as soon as you are able. I look forward to reading any further comments you may have soon. Best regards.
I'm not aware of any specific discussion of Phorm yesterday - I need to have a think about how PbD would apply to their business model. We discussed the idea of 'bad compliance', and I suspect that might be a starting point...