On Privacy by Design and by Default
Data protection by design means embedding data protection into the design specifications of new systems and technologies. This may be technical like encryption or pseudonymization or organizational like staff training programs or internal policies.
Example: Even during the design process, the developer of a mobile app must consider using technical measures such as encryption or storing data in a structured, commonly used and machine readable format so that it may be easily ported to another database.
The utilization of deceptive design patterns in personal data processing activities is tantamount to deception and coercion which may result in the vitiation of the consent given by data subjects and the infringement of their data privacy rights. “Deceptive Design Patterns” refer to design techniques embedded on an analog or digital interface that aim to manipulate or deceive a data subject to perform a specific act relating to the processing of their personal data.
Data protection by default requires companies to implement appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose of the processing are processed.
Example: Social media applications must, by default, limit or minimize the amount of personal data that they collect.