November 2018 - Security

Privacy by Design in Product Development

Data protection and user privacy have become much more important for the development of digital products. Jutta Horstmann from eyeo explains how companies can implement a Privacy by Design approach in product development, and how this can support rather than hinder innovation.

Privacy by Design in Product Development

© francescoch |

Watch the 12-minute video above or on YouTube, or read the transcript below:


DOTMAGAZINE: Can you briefly explain the concept of Privacy by Design and its requirements?

JUTTA HORSTMANN: The interesting fact about Privacy by Design, first, is that it is not a new concept at all, it is something that already stems from the 90s. There was this Canadian Data Protection Officer by the name of Ann Cavoukian and she was the one who devised this concept, which has now gained some popularity due to its being enforced by the GDPR. 

There are seven criteria that Privacy by Design defines, and I think the most important ones are that, first, privacy in product development should be something proactive and not reactive. This means that privacy topics should not come as an afterthought. If you’re doing product development you should think about privacy and security topics from the beginning. So, this is the first important thing.

The other thing is, when you are planning a product roadmap, there are always so many features that you want to get into it, based on your usability tests and your marketing research. And there is so much stuff that is very important on the product roadmap, and anything related to privacy gets de-prioritized. And in the end, because time is running out and you have some deadlines for delivery, then all of these features just drop out.  

So, the second requirement in Privacy by Design is that you put privacy as a core feature on your product roadmap so that it just does not get left out.

Another very important thing is about transparency. This means that the user always needs to know what you are doing with their data, and that the information that you’re giving to the user about this needs to be able to be verified by a third-party audit. 

Another very important criterion of Privacy by Design is the sovereignty of the user. This means – and this is I think something of the core of the whole thing – that it is the user who owns the data. It’s not that the user gives the data to you and then you own it as somebody who is doing product development, but the ownership of the data always stays with the user – which means that they can always decline your use of the data, they can ask you to delete it. And you need to comply with this.

So, these are very important facts about Privacy by Design which, when incorporated into a product development roadmap, will just make the whole product more user-friendly and show users you really care deeply about their privacy. 

DOT: What role does Privacy by Design play in the interplay between innovation and data protection? 

HORSTMANN: It is always seen as a kind of a tradeoff. You can either have innovation or you can have privacy. But the main idea about Privacy by Design is that the people that are doing product design - not only in making things beautiful, but in making things useful, in providing real benefits to the user - that they think about: How can we make privacy into a feature that is desirable for the user, and that is very easy to use? 

So, in terms of getting more innovative: If, in product development, this idea of Privacy by Design is getting more important and is also leading to the idea of Privacy by Default – so that the first and foremost configuration of a software is always there to provide the user with the most privacy – then product development teams really need to come up with innovative ideas. Privacy by Design can foster innovation, and it should. There are several ways to think about it: One is about from the user perspective and one more a back-end perspective. An example for the user perspective is that – and this is now more from the security point of view – when you have your email client and you get an email where you think, “oh, this is kind of strange, this could be a phishing attack,” then there are companies that implement in their mail clients just a button where the user can click on it and then it gets sent to their security department and it is taken care of.



From the back-end perspective, what could also be an innovative feature is that the GDPR requires companies to give the user the opportunity to delete all of their data. This is a really tedious task and sometimes it’s just not possible, because when you provide a service to the user there are many systems working together to provide it. If the whole software development community would take this into account – that this is now a requirement – and really do this Privacy by Design thinking now,  then in every new feature development, the idea

of, “If I now gather this data of the user, how do I delete it just on the click of a button?”, so that if you’re providing a service and the user just wants to get all of the data deleted, you – from a service provider perspective – have this one button and then the data gets deleted everywhere, because all of the related parts provide the same protocols and APIs. So, this would be something that is not there yet, but from an innovation point of view it would be immensely helpful. So again another example where I think that the idea of Privacy by Design definitely can foster innovation.

DOT: Aside from questions of compliance, what other advantages are there for companies to invest in following a Privacy by Design approach to development?

HORSTMANN: What I think, and also what I see in companies, is that if they really invest in this, they acquire much larger customer loyalty and trust, because their customers recognize the efforts. This also means that you need to put this into a campaign, that marketing needs to really drive the point that you are doing something like this. And then the customer loyalty grows.

If you are very transparent about what you are doing and why you are doing it and how the user can opt in or out of everything, there is much larger safety on the user side – making them feel good and making them like your product, and really growing this customer loyalty and trust.

DOT: Can you provide some examples of best practices for the implementation of Privacy by Design?

HORSTMANN: At the moment, the concrete examples and best practices always are around involving people with privacy knowledge from the beginning. So at eyeo, our DPO is involved in all of our feature development – and not as an afterthought, again, but really from the beginning. Anything that is related to user data always needs to get past her, and if she is good with it, then the thing can go out to the user. So, this is an example of that. 

Then, because the whole company is very privacy-friendly and open and it is really part of our DNA – this is also from the product design perspective – there are no things that are put on a product roadmap which would be against users’ privacy. So, it is very important to involve the whole product department into this concept so that people really know that this is our strategy.

In terms of feature development itself, it is a lot about data minimization – requiring as little as possible from the user. But this also means that you don’t know that much about your users, so you need to come up with other smart ideas. What we’re providing is very strong user support, so that we can keep in close contact with our users and if they have a question, they have a group of people that they can go to and get all of their questions answered. And all of the topics that come up there can also fuel our product development. And when we’re doing product development, then we also do usability tests. So we have some idea, and with this we go to our users and we ask them: Do you like this? Do you understand this? And based on this we rethink our concepts. I think these are approaches that at least make it not as necessary anymore to collect such a large amount of data from your users to improve your products.

And then I think what is also done quite well at eyeo is transparency about what we get from our users – because we have to have some opt-in features. For example, the issue reporter: where a user that sees ads, even if they have an AdBlocker installed, then they can report this issue to us, and this means that they need to send us data. This is an opt-in feature and also there we provide the user with the option to send us a screenshot, and in the screenshot they can blacken out all of the probably private things that they don’t want to send us. Additionally, they get the full report – they can check it out: what all of the data is that gets sent to us. So, they just know what is happening. I think these are some nice examples about how to do things nicely.

Still I think what also we can do more is really invest into these innovative efforts and in making privacy features something that is really a great thing for a user. 

Jutta Horstmann is a computer science graduate with 20 years of experience in the IT sector. Formerly, she was founder/CEO of a software development company focussing on open source software; currently, she is Head of Filters for eyeo (parent company to Adblock Plus), responsible for ABP's own filter lists as well as the close coordination with the global community of filter list contributors. 

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.