About GPS By Design Centre

The Privacy by Design Centre of Excellence is intended to serve as the Gold Standard for privacy and data protection. It rests on advancing the need to take proactive measures to embed privacy and security into all operations – both systems-related and policy/legal matters. By identifying the risks, we can avoid them through the implementation of the 7 Foundational Principles of Privacy by Design – we can largely prevent the privacy harms from arising. PbD offers a system of prevention, much like a medical model of prevention, attempting to prevent privacy infractions and data breaches from arising, thereby enhancing the protection of the data, right from the outset. Surveillance is the antithesis of privacy. Privacy by Design makes every effort to eradicate government surveillance, which remains largely invisible. The International Foundation for Global Privacy and Security, by Design, extends PbD to ensure the use of positive-sum models and the avoidance of zero-sum.

Our Mission

Our mission is to spread the word on how to operationalize Privacy by Design, especially given its inclusion in the new E.U. General Data Protection Regulation. We must make every effort to banish the dated model of zero-sum, win/lose paradigms, in favour of doubly-enabling, full/positive-sum models, wherein multiple parties may jointly “win.” We must have privacy AND security, privacy AND data analytics – not one interest “winning” at the expense of the other. Here’s to advancing research on how to embed privacy into the design of all technology touching upon the use of personally identifiable data: machine learning, Artificial Intelligence, neural networks, etc. We can do this!

Dr. Ann Cavoukian

Executive Director of the Global Privacy & Security By Design Centre

Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. She is presently the Executive Director of the Global Privacy & Security by Design Centre and is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University. Until June 2019, Dr. Cavoukian was the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. Appointed as the Information and Privacy Commissioner of Ontario, Canada in 1997, Dr. Cavoukian served an unprecedented three terms as Commissioner. During that time, she elevated the Office of the Information and Privacy Commissioner from a novice regulatory body to a first-class agency, known around the world for its cutting edge innovation and leadership. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In October 2010, regulators at the International Conference of Data Protection Authorities and Privacy Commissioners unanimously passed a Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. This was followed by the U.S. Federal Trade Commission’s inclusion of Privacy by Design as one of three recommended practices for protecting online privacy – a major validation of its significance. Since then, PbD has been translated into 39 languages, giving it a true global presence. Dr. Cavoukian is the author of two books, “The Privacy Payoff: How Successful Businesses Build Customer Trust" with Tyler Hamilton and “Who Knows: Safeguarding Your Privacy in a Networked World" with Don Tapscott. She has also written numerous articles and Op-Eds, and has been invited to sit on many Boards.

Dr. Cavoukian’s expertise has been recognized in many ways. She was ranked among the top 25 Women of Influence, recognizing her contribution to the Canadian and global economy; named one of the top 100 City Innovators Worldwide by UBM Future Cities for her passionate advocacy of Privacy by Design; chosen as one of the Power 50’ by Canadian Business magazine for her tireless efforts as a privacy champion; awarded an Honorary Doctor of Laws from the University of Guelph; selected for Maclean’s Magazines ‘Power List’ of the top 50 Canadians; picked as one of the top 10 women in data security, compliance, and privacy you should follow on Twitter; recognized as a Founder of Canada’s Digital Economy at Identity North 2016; named as one of the Top 100 Leaders in Identity, 2017; she was awarded Meritorious Service Medal for her outstanding work on creating Privacy by Design and taking it global (May, 2017); named as one of the 50 most impactful Smart Cities Leaders (November, 2017) and most recently, was named among the Top Women in Tech.

The 7 Foundational Principles of Privacy by Design

The objectives of Privacy by Design — ensuring strong privacy and gaining personal control over one’s information, and, for organizations, gaining a sustainable competitive advantage — may be accomplished by practicing the 7 Foundational Principles, which are intended to serve as the foundation of one’s privacy practices.
Principle 1: Proactive not reactive: preventative not remedial
The Privacy by Design (PbD) framework is characterized by the taking of proactive rather than reactive measures. It anticipates the risks and prevents privacy invasive events before they occur. PbDdoes not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred —it aims to identify the risks and prevent the harms from arising. In short, Privacy by Design comes before-the-fact, not after.
Principle 2: Privacy as the default setting
We can all be certain of one thing —the default rules! Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice, as the default. If an individual does nothing, their privacy still remains intact. No action is required on the part of the individual in order to protect their privacy —it is already built into the system, by default.
Principle 3: Privacy embedded into design
Privacy measures are embedded into the design and architecture of IT systems and business practices. These are not bolted on as add-ons, after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is thus integral to the system, without diminishing functionality.
Principle 4: Full functionality: positive-sum, not zero-sum
Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner, not through the dated, zero-sum (either/or) approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is indeed possible to have both.
Principle 5: End-to-end security: full lifecycle protection
Privacy by Design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved —strong security measures are essential to privacy, from start to finish. This ensures that all data are securely collected, used, retained, and then securely destroyed at the end of the process, in a timely fashion. Thus, Privacy by Design ensures cradle to grave, secure lifecycle management of information, end-to-end.
Principle 6: Visibility and transparency: keep it open
Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact, operating according to the stated promises and objectives, subject to independent verification. The data subject is made fully aware of the personal data being collected, and for what purpose(s). All the component parts and operations remain visible and transparent, to users and providers alike. Remember, trust but verify!
Principle 7: Respect for user privacy: keep it user-centric
Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. The goal is to ensure user-centredprivacy in an increasingly connected world. Keep it user-centric.

AI Ethics by Design

Ann Cavoukian, Ph.D., LL.D. (Hon), M.S.M

Executive Director,
Global Privacy & Security
by Design Centre

1 – Transparency and accountability of algorithms essential;

2 – Ethical principles applied to the treatment of personal data: avoid bias and discrimination;

3 – Algorithmic oversight and responsibility must be assured;

4 – Respect for privacy and strong data governance, by Design;

5 – Data protection/personal control via privacy as the default;

6 – Proactively identify the security risks, thereby minimizing the harms;

7 – Strong documentation to facilitate ethical design and data symmetry.