April 2018

With the due-date for implementation of the GDPR fast approaching, it is clear that this newEuropeanprivacy regulation has been shaking up businesses world-wide, not to mention putting a spotlight onoutdated privacy laws in other jurisdictions. This paper will recommend considering the beneCits ofPrivacy by Design’s approach to privacy -- addressing multiple interests in addition to privacy, whichinevitablyleadstoimprovedprivacygovernance.

GDPRandthePrivacyShake-up:TimetoAbandonZero-SumModelsandShifttoPositive-SumThinkingAnnCavoukian,Ph.D.,LL.D.(Hon.),M.S.M.CreatorofGlobalPrivacyandSecuritybyDesignDistinguishedExpert-in-Residence,PrivacyandDataAnalyticsPrivacybyDesignCentreofExcellence,RyersonUniversity,Ontario,CanadaEmail:ann.cavoukian@ryerson.ca

Acknowledgements:TheauthorwishestoacknowledgethecontributionsofMichelleChibba,RyersonUniversityandJakeWard,DataCatalyst,fortheirinputandfeedbackonvariousdraftsofthispaper.

Shift to Positive-Sum (Not Zero-Sum) Thinking

2

The implementation of the European Union’sGeneralDataProtectionRegulation (GDPR) inMayof 2018 introduces new obligations for anyorganisation that handles data about EU citizens,whether or not that organisation is located in theEU. The new pan-European privacy framework isambitious, and at times, complex and strict. Theimpetus of the European efforts and the dominoeffect cascading on other jurisdictions withoutdatedprivacy laws, creates theneed for,andanopportunity to create innovative, effective privacyframeworksthataresustainableandpositivesum–win/win!This regulatory action is a result of the last twodecadesoverwhichtheInternetenteredhas intoanew phase. It is no longer just a communicationsnetwork, but rather, a platform for computing -- avast, interconnected, virtual supercomputer. Thisnew digital ecosystem presents complex securityandprivacychallenges.Legitimatedatatransactionsraise privacy concerns, particularly as geo-locationdatabecomesmorepersonallyidentiCiablewiththeincreased use of mobile devices. In this era ofubiquitousmobile, social and cloud computing,weare producing unprecedented data points, and inturn, losing control over our personal information.Questions are being raised -- What will privacymean,andhowwillprivacysurvive,letalonethrive,as a viable human right, operational value, andcriticalenabling trust factor, inaworldwhere theindividual is less and less directly present in themidst of data-rich transactions? Privacy equalscontrol – personal control over the uses of one’spersonalinformation.

The Perfect Storm

[1]https://iapp.org/news/a/canadian-privacy-commissioner-announces-proactive-approach-to-enforcement/ [2]https://www.priv.gc.ca/en/opc-actions-and-decisions/ar_index/201617/ar_201617/#heading-0-0-3-1[3]http://www.colinbennett.ca/data-protection/is-canada-still-adequate-under-the-new-general-data-protection-regulation/ [4]https://www.itworldcanada.com/article/canadas-privacy-laws-need-to-be-be-updated-but-dont-look-to-europe-or-the-us-for-guidance-canadian-experts-say/385134

Against this backdrop of radical technologicaladvances, and the Snowden revelations unearthingmassive surveillance, you have the unraveling of aprivacy regime that was considered adequate tosupport cross-border Clows of personal data fromEurope to the U.S. In 2015, the European Court ofJustice invalidated the Safe Harbor Agreement,declaring Safe Harbor inadequate; the EU-USPrivacy Shieldwas then established in 2016, in aneffort to replace Safe Harbor (which has yet to bedetermined). Here in Canada, there are no fewer discussions orquestionsaboutthereadinessofcompaniestomeetthesechallengesintimeforMayof2018. Likewise,questions about the adequacy of Canadian privacyregimes to the new European reality are beingraised. Indeed, in a recent talk, Canada’s PrivacyCommissioner, Daniel Therrien warned that,“Canada could face European adequacy issues inlight of the new regulation” and indicated that hehas been urging the Canadian Federal governmenttoupgradeourprivacy laws,[1] recommending thatPrivacy by Design be included. He noted:“Organizationsmust also bemore transparent andaccountable for their privacy practices. Becausethey know their business best, it is only right thatweexpect them to Cindeffectiveways,within theirownspeciCiccontext,toprotecttheprivacyoftheirclients, notably by integrating approaches such asPrivacy by Design.”[2] Other privacy experts andstakeholdershavealsoweighedinontheimpactofthe GDPR to Canada’s privacy laws, includingimplications for small and medium-sizedbusinesses.[3][4]

3

So many events over the last two decades havestrongly pointed to the need to improve privacypolicy, and data-driven policy overall. Theimportance of privacy cannot be overstated. In anincreas ingly interconnected world , bothgovernment and industry have a sharedresponsibilitytoguardagainstoverreach.

Enter Privacy by DesignPrivacy by Design (PbD) is a set of sevenfoundational principles that serves as anoverarching framework for proactively embeddingprivacy and data protection measures into thedesignofone’soperations,rightfromtheoutset.Byadding suchmeasures effectively and credibly intoinformation technologies, organizational processes,networkedarchitecturesand,indeed,entiresystemsof governance and oversight, much greaterprotections will be afforded. There are multiplegoals that will be realized: ensuring greater usercontrol, enhancing transparency, and creatinggreater conCidence and trust. The 7 FoundationalPrinciples that form Privacy byDesign (see Figure3)expressnotonly theuniversalprinciplesofFairInformationPractices (FIPs)butalso incorporateadesign-thinking approach. Integrally linked, theprinciples address the need for robust dataprotection and an organization’s desire to unlockthepotentialofdatadriveninnovation.Justaswiththe GDPR, the concept of Privacy by Design Cirststarted to take shape in the late-1990s. As theauthorofPbD,theneedtoaddresstheever-growingand systemic effects of Information andCommunication Technologies, and of large-scalenetworkeddatasystemswasclear.

Thefutureofprivacycouldnotbeassuredsolelybycompliance with regulatory frameworks that dealtwith privacy breaches after the fact; rather,proactive privacy assurance had to ideally becomeanorganization’sdefaultmodeofoperation.Overtheyears,azero-sumparadigmhasprevailed,inwhichonevalue,suchasprivacy,competedwithanothervalue,suchassecurity,inazero-sum“win-lose”equation:The thinkingwent somewhatalongthe lines of— in order to have adequate securityand protect ourselves against the threat ofterrorism,wemust forfeitourprivacy.Thisnotion,however, isbasedoncompletely Clawedlogicandafalse dichotomy— that privacy and securitymustbe considered as mutually opposing, which issimplynot the case!Privacy can andmust co-existalongside other critical requirements: security,functionality, operational efCiciency, organizationalcontrol, business processes, and usability in a“positive-sum” or doubly enabling “win/win”manner. By doing so, I believe that Privacy byDesign will assist in creating a more desirablecultureofprivacywhichIhavebeenadvocatingformany years. This culture of privacy emergeswhenorganizations view privacy not as a complianceissue,butasabusiness issue. It iswhat takesholdwhentheleadershipofanorganizationcomestoseethattheimplementationofpositiveprivacycontrolscreates—rather than constrains—businessopportunities.

4

Inshort,itisacultureof“win-win”orpositive-sum.ThisisnottosuggestthatPrivacybyDesignshouldbe applied in a vacuum. It is a critical part— butonly a part—of a suite of privacy protections thatincludes regulatory instruments, consumerawareness and education, accountability andtransparency,auditandcontrol,andmarketforces.Approaching privacy from the level of code is asigniCicant shift from traditional ways of thinkingaboutdataprotection.JustasPbDrepresentsashiftin the way that organizations must think aboutprivacy – moving from a reactive mode to aproactive one – enshrining PbD into regulatoryinstruments, voluntary codes, and best practices,requires a shift in how law and policy makersapproach rule-making in this area. PbD representsthenextgenerationofprivacyprotection–itinvitesthe development of innovative approaches topromoting and enshrining privacy in variousinstruments. The goal of laws related to theirapplication should be sustainability, and a lack ofunintended consequences, incorporating Clexible,forward-thinking approaches like PbD. Thisrequiresaparadigmshiftinthinkingofprivacyasabusiness issue,notsimplyrelatingto itasamatterofregulatorycompliance.

Figure3:7FoundationalPrinciplesofPrivacybyDesign1.Useproactiveratherthanreactivemeasures,anticipateandpreventprivacyinvasiveeventsbeforetheyhappen(ProactivenotReactive;PreventativenotRemedial). 2.PersonaldatamustbeautomaticallyprotectedinanygivenITsystemorbusinesspractice.Ifanindividualdoesnothing,theirprivacystillremainsintact(PrivacyastheDefault). 3.PrivacymustbeembeddedintothedesignandarchitectureofITsystemsandbusinesspractices.Itisnotboltedonasanadd-on,afterthefact.(PrivacyEmbeddedintoDesign). 4.Alllegitimateinterestsandobjectivesareaccommodated.(FullFunctionality—Positive-Sum,notZero-Sum). 5.Securityisappliedthroughouttheentirelifecycleofthedatainvolved.(End-to-EndSecurity—FullLifecycleProtection). 6.Foraccountability,allstakeholdersareassuredthatwhateverthebusinesspracticeortechnologyinvolved,itisinfact,operatingaccordingtothestatedpromisesandobjectives,subjecttoindependentveriCication.(VisibilityandTransparency—KeepitOpen). 7.Architectsandoperatorsmustkeeptheinterestsoftheindividualuppermostbyofferingsuchmeasuresasstrongprivacydefaults,appropriatenotice,andempoweringuser-friendlyoptions(RespectforUserPrivacy—KeepitUser-Centric).

IncorporatingPbD intoa country’s legislativebodyis not without its challenges. Not only must acountry explore what kinds of instruments areappropriate, but also how to interpret PbD. TheprinciplesofPrivacybyDesigncaninformboththeend state (e.g. privacy as the default), and theprocessforarrivingattheendstate(e.g.end-to-end,full l i fecycle protection). In the process,governments should always consider that PbDprovides a baseline for embedding privacyconsiderationsintolegislation,andthatPbD’saswe

presence throughout the business world isbecomingmoreandmorethenorm. As we in Canada look to the future, we want toshape our strategies for privacy and datagovernance, andgiven that theGDPRalso includesPrivacybyDesign(DataProtectionbyDesign),andPrivacyastheDefault,therearekeyfeaturesofthePrivacybyDesignframeworkthatwemayconsideraswemoveforward.

5

Privacy by Design Essentials:  The 3 C’s (Consultation, Cooperation, Collaboration)

i) Takingaproactive,problem-solvingapproachlies at the heart of PbD (Principle 1). PbDmakesprivacy a foundational requirement, anticipatingandpreventingprivacy-invasive events before theyhappen -- it’s a model of prevention. A criticalsuccessfactorinthisapproachisthattheregulatormust also be adaptive. In fact, Canada’s privacycommissioner signalled last year that his ofCiceplans to initiate a ‘consumer-focused’, ‘proactiveapproach’ where the OfCice would Cind a way towork with companies to identify gaps that can beaddressed before any serious problems occur.[5] Frameworks created without the beneCit of inputfrom industry, particularly small businesses, denythemselvesauniquelyvaluableperspective,readilyavailableandincreasinglyessential.

[5]https://iapp.org/news/a/canadian-privacy-commissioner-announces-proactive-approach-to-enforcement/

ii) Theprincipleof full functionality requiresgoing beyond making privacy declarations anddata protection commitments, to demonstratinghowalldataprocessingandotherobjectiveshavebeen,andarebeing,satisfied(Principle4). Whenembedding privacy and data protection into agiven information technology,process, system,orarchitecture,itshouldbedoneinsuchawaythatfull functionality is not impaired, and that alllegitimate interests relating to both privacy andsecurity are accommodated, and requirementsoptimized.

Privacy and data protection are often positionedin a zero-sum manner; that is, as having tocompete with other legitimate interests, designobjectives, and technical capabilities in a givendomain. PrivacybyDesignrejectstakingsuchanapproach – it embraces legitimate additionalobjectives and accommodates them in aninnovativepositive-summanner.Allinterestsandobjectives must be clearly documented, desiredfunctions articulated, metrics agreed upon andapplied, and unnecessary trade-offs orunintended consequences rejected, in favour offindingasolutionthatenablesmulti-functionality,multiplestakeholderinterests.

ThemainfeaturesthatmakePrivacybyDesignespeciallyrelevantasweprepareprivacyregimestomeettheneedsofthe21stcentury,areasfollows:

6

ThesearethebeneCitsthatmakePrivacybyDesignstandoutasaglobalprivacyframework--theprincipleof being proactive about privacy and the principle of inclusiveness regarding objectives and interests(positive-sum ) are essential and shouldbe carried outwith three keywords inmind: consultation, co-operation,andcollaboration(3C’s).Consultationkeepsthe linesofcommunicationopen.Cooperation isemphasized over confrontation to resolve possible differences. Collaboration is sought proactively byseekingpartnershipstoCindjointsolutionstoemergingprivacyandsecurityissues.Thedevelopmentofashared understanding assists in facilitating a focus on the privacy rights of the individual and theachievementofinnovative,user-centricresults.Asalways,theaimistounderstandandberesponsivetoalltheperspectivesinvolved,byadoptingthismethodology.

7

Use Positive-Sum not Zero-Sum ModelsAdditionalrecognitionisgarneredforcreativityandinnovation in achieving all objectives andfunctionalitiesinanintegrative,positive-sum(win/win) manner. Entities that succeed in overcomingoutmoded zero-sum (either/or, win/lose) choicesare demonstrating global privacy leadership.Privacy by Design challenges policymakers,executives, technologists, and designers, to findways toachievebetterprivacyanddataprotectionin a given technology, system, or domain than iscurrentlythecase,,andtobeabletodocumentanddemonstrateachievementssothatothersmaylearnfrom them, making them ultimately become bestpractices. Why couldn’t this be applied to privacyregulatoryschemes?

Theprivacy landscape continues to evolve. So, likethe technologies that shapeandreshape theworldin which we live, the privacy conversation mustcontinually renew and sharpen its focus. Thesedays, the stakes are high; perhaps higher thanthey’ve ever been before. Privacy will continue tocome under increasing pressure from manydifferentforcesincludingonlinesocialnetworks,anexplosion in social media, governments andbusinesses providing services that are highlyindividualizedandinformation-dependent.

TheClawedviewthatprivacy,inandofitself,stiClesinnovation is simply amyth. It consists of a falsedichotomy,builtuponunnecessary trade-offs. Theopposite is true: prioritizing privacy drivesinnovation! It forces innovatorstothinkcreativelyto Cind solutions that serve multiple interests andfunctionalities.

[1]https://iapp.org/news/a/canadian-privacy-commissioner-announces-proactive-approach-to-enforcement/

But howwill privacy survive, as the foundation ofour freedoms, driver of prosperity, operationalvalue and critical enabling trust factor in a worldwhere the individual is rarely present to assertcontrol over their personal information, in themidstofsuchdata-richtransactions? Thefutureofdigitalprivacymaywelldependuponchangingthecurrentonlineparadigm.

Forsometime,Ihavesaidthatanew“playbook”isneeded. Weneedtoabandonzero-sum(win/lose)thinking and adopt a positive-sum (win/win)paradigmwhereboth innovationANDprivacymaybe achieved. Adopting Privacy by Design is apowerful and effective way to embed privacy intothe“DNA”ofanorganizationinordertoestablishasolid foundation for data analytics that supportinnovation,without compromising privacy. I havereferredtothisasthe“PrivacyPayoff”–protectingcustomer privacy yields big returns – fromincreased consumer conCidence and enhancedcustomertrust,togainingacompetitiveadvantage. This is where privacy acts as a signiCicantdifferentiator. I consider the need for this newplaybooktobesovital,thatIrecentlyformedanewCouncil -- The International Council of GlobalPrivacyandSecurity,byDesign.

8

ThisinternationalcouncilisallaboutadvancingbothPrivacyandSecurity,byDesignnotjustwithinlargeenterprises,buttospreadthemessagesothatevensmallandmid-sizedorganizationsnotonlyrecognizethevalueofmakingprivacyandsecurityessential,butcanalsoimplementthisapproachinaproactivemanner.[6]

Todesignpracticalyeteffectiveprivacyanddataprotectioninagiveninformationtechnology,organization,ornetworkedarchitecture,privacyarchitectstypicallyneedtotakeintoaccountmultiplelegitimate(and,yes,attimescompeting)interests,andaccommodatetheminoptimal,innovativeways.

[6]GlobalPrivacyandSecuritybyDesign.Globe&Mail.January,24,2018.https://www.theglobeandmail.com/report-on-business/former-ontario-privacy-commissioner-forms-global-council-seeks-funding-for-research/article37720201/

9

Global Privacy and Security by DesignSo,whileweareintheperfectstormanddisruptionofprivacyregimesasweapproachimplementationofGDPR,Iamtakingthe3C’sapproachtoreachinga‘win-win’ solution to bring particular attention todispel the commonly held view that organizationsmust choose between privacy and security, orprivacy vs. business interests (i.e., “big data”analytics). The Council’s goal, ideally everyone’sgoal, is to educate stakeholders that public andprivate-sector organizations can develop policiesand technologies where privacy and security,privacy and data analytics, can work together toachieve positive-sum, win-win outcomes. Towardsthatend,wewillalsobepursuingthedevelopmentof leading-edge, technologies of privacy such asSmartData -- technologies of freedom! TheInternationalCouncilonGlobalPrivacyandSecurityby Design will work with companies, nationalp r iva cy commis s i one r s and t e chno logyprofessionals, includinginternationalNGOssuchasData Catalyst, to educate the public and raiseawareness for Privacy by Design. We alsoacknowledge that small business is big in Canada:Small businesses are the engine of the economy,their success is vital to Canada’s prosperity,[7] [8]and their contributions essential to writingeffective,well-informeddataprivacyregulation.

[7]AccordingtotheBusinessDevelopmentBankofCanada,98.2%ofallbusinesseshavefewerthan100employees.Whenyouaddinmedium-sizedbusinesses(100to499employees),thepercentagerisesto99.8%.ThisisalsotrueforotherjurisdictionsaroundtheworldaccordingtoaWorldBankreport:http://www.worldbank.org/en/news/feature/2014/06/03/small-and-medium-enterprises-the-engine-of-an-economy-sustained-by-sound-Cinancial-reporting

[8]ThePrivacyToolkitforsmallandmedium-sizebusinessesisajointinitiativebetweenHewlettPackardEnterpriseandPrivacybyDesignCentreofExcellenceatRyersonUniversity.http://h41111.www4.hpe.com/privacy-toolkit/overview.html

[9]https://www.itworldcanada.com/article/you-dont-have-to-sacriCice-privacy-for-security-says-former-ontario-privacy-commissioner/401517

TheCouncil’sthirdgoalistocollaboratewithpolicydesigners inboth government andbusiness, in thehopes of tearing down the traditional “silo”approach to developing privacy strategies.[9] Amore integrated approach to solving the challengeof privacy, one that includes stakeholders fromconception through execution, will result in moreinformed, effective, and sustainable national andinternational privacy rules, to the beneCit of allinvolved.

10

Conclusion/RecommendationsTheimplementationoftheGDPRintheEuropeanUnion(andallbusinessesthatdobusinesswithEurope)is rapidly approaching. There are many facets of the GDPR that are meaningful and progressive. TheinclusionofPrivacybyDesign(DataProtectionbyDesign)asacentralpillarisessentialtoitssuccess,aswellasalessontobelearnedbycountriescreatingtheirowndataprivacyframework.

ThetimingisrightforCanadaandotherjurisdictionsthatarestartingfromscratchorreviewingexistingprivacy regimes, not only to includePrivacy byDesign, but also to be remindedof the 2010Resolutionadvanced by International Privacy andData Protection Commissioners,whichwas unanimously passed,that resolved to: “Foster the incorporation of the Privacy by Design Foundational Principles in theformulationofprivacypolicyand legislationwithin theirrespective jurisdictions.”Since then,PrivacybyDesignhasbeentranslatedinto40languages,givingitatrueglobalpresence!

Privacyprotectionanddataregulationarenotanexerciseinduality,butratheranessentialcollaborationbetweenbusinessandgovernment.Forgovernmentsworkingtowardsustainablesolutions toregulatingdynamic industrieswithoutunintended consequences, now is the time to engage those industries. StartwithPrivacybyDesignasacentraltenet,takingapositive-sum,win/winapproachbybringingsmallandmid-sizedbusinessestothetable,alongwithpolicymakers,tocreateanintegratedprocessthatwelcomesall stakeholders: the end-result will yield a far better outcome, one that reClects a privacy designedgovernancestructure:win/win!

11