The mobile apps installed on our smartphones are one of the biggest threats to ourdigital privacy.
They are capable of collecting vast amounts of personal data, often highly sensitive.
The consent model on which privacy laws are based doesnt work.
Penalties have become harsher.
This complexity can create a significant compliance burden.
An app developer may have no idea how to translate abstract legal principles into concrete engineering steps.
As a result, regulators have looked to the concept ofprivacy by designas a way to bridge this divide.
Privacy by design goes beyond privacy policies and in-app permission configs.
It requires developers to think about privacy from the first moment of the design process.
Cavoukian set out seven foundational principles for a privacy by design approach.
Build in the maximum degree of privacy into the default parameters for any system or business practice.
Doing so will keep a users privacy intact, even if they choose to do nothing.
But enforcing that approach will require tighter legal regulation of third party data sharing.
Change of mindset
Applying a privacy by design approach requires a change of mindset by developers.
They should also anonymize or delete the data as soon as possible.
Privacy should become a key component of design methodology, selection of technical tools, and organizational value statements.
In the EU data protection by design and by default is nowa legal obligationof the General Data Protection Regulation.
But I found that privacy laws do not comprehensively or consistently address this third party sharing.
Their terms and conditions typically place full responsibility for privacy compliance by the app on the app developer.
This may leave app users unprotected.
But it could also expose the app developer to unforeseen legal liability.
For example, app developers using the Facebook Software Development Kit are sharing personal data with Facebook.
This change appears to have followed repeated bug reports filed on the developers platform.
