Abstract
Countering prevalent myths about informational and digital privacy, many promoted and propagated throughout the decades by big tech boosterism, Jaap-Henk Hoepman’s book, Privacy Is Hard and Seven Other Myths, argues for the importance of privacy by design (PbD): a framework that builds in privacy as the default setting throughout the entire engineering process. Through many illustrative examples provided in each chapter, which take on specific privacy myths, Hoepman highlights how systems architecture and design can shape privacy protection and argues that the tenets of PbD are essential, as commercial markets, law, and legislation, and the mere good will of corporations and designers cannot be depended upon to ensure robust and resilient privacy-respecting systems for citizens and consumers. Hoepman’s book is a valuable contribution to the interdisciplinary field of critical data studies and privacy studies and will be useful for students and scholars in these fields, as well as those in human-computer interaction (HCI), user experience design (UX) and human-centered data science, along with design practitioners and policymakers.
The concept of PbD was developed in the mid-1990s by Ann Cavoukian during her three-term tenure as Information and Privacy Commissioner of Ontario and expanded upon by a joint Canadian-Dutch team. PbD posits that privacy as the default should be embedded throughout the design, development, and deployment of the information lifecycle. It includes seven fundamental principles: (1) measures are proactive, not reactive; preventive, not remedial; (2) privacy is the default setting; (3) privacy is embedded into design (business practices, tech infrastructure); (4) allows for full functionality (positive); (5) embeds end-to-end security; (6) is visible and transparent; and (7) respects user privacy, is user-centric privacy (Cavoukian, 2011).
PbD is recognized by data protection and privacy commissioners as an essential component for privacy protection. This began with the Resolution on Privacy by Design (2010) from the 32nd International Conference of Data Protection and Privacy Commissioners, where commissioners from Canada, Berlin, New Zealand, and the Czech Republic, concerned about widespread networked technological advances and the limitations of regulation and policy, perceived PbD as a holistic concept applicable across system design, organizational operations, and networked infrastructure. Two years later, the Federal Trade Commission (2012) recognized PbD in their 2012 report on protecting consumer privacy, stating that PbD should be built into all stages of business operations, from product development to service deployment. The European Union (EU) General Data Protection Regulation (GDPR), adopted in 2016 and enforceable in 2018, explicitly incorporated PbD principles into Article 25, Data protection by design and by default (Regulation (EU) 2016/679). Given the influence of the GDPR in shaping privacy law in other jurisdictions, the inclusion of PbD is indeed globally significant.
Hoepman astutely skewers common myths about privacy (for instance, “You have zero privacy anyway—get over it,” infamously exclaimed by Scott McNealy, former CEO of Sun Microsystems) via vivid examples and clear technical explanations from everyday interactions and experiences in which data technologies deleteriously and subtly impact our privacy. Importantly as well, he offers alternative and practical approaches for privacy-enhancing design. For instance, in the chapter, “I’ve got nothing to hide,” Hoepman reinforces the social value of privacy for autonomy, agency, integrity, and control, in contrast to the more loaded perspective that secrecy equates to illicitness, and demonstrates modes to keep data confidential, including encryption and methods of statistical disclosure control and differential privacy.
Hoepman contends that it is necessary to go beyond PbD as a mere design philosophy (for instance, we can agree that data collection should be minimal, proportional, and aggregated) and thus be prepared to operationalize it. He emphasizes that design choices made in the initial developmental phase and in the lower layers of the data structure stack can shape the behavior or performance of the system, impacting whether privacy is built in and resilient throughout the system. He details the various phases of systems development to address privacy: ideation, definition, design, development, deployment, operation, evaluation, and decommissioning, concluding that “privacy isn’t hard if you try” (pp. 213–215).
While it is key to call out designs that often feature the default as the least privacy protective, and work toward amelioration, Hoepman also argues that we need to go beyond technical attributes for ensuring PbD and address the various contexts, organizational structures, and social circumstances that can ensure robust privacy. Indeed, user design including clear and actionable choices in privacy supportive apps and services can engender consumer trust. It is key, then, that organizational design teams be supported to create privacy protective attitudes and practices. It is also essential that consumers become privacy literate and demand transparent control of their personal data. And, to ensure that PbD does not become a mere branding exercise by corporations, there need to be effective enforcement mechanisms in law and legislation. As Hoepman concludes, good privacy protective measures are possible, through iterative dialogue and engagement about what level of privacy protection is suitable for particular contexts, in order to “advance the state of the art and its application in practice, and thus slowly raise the bar” (p. 215).
