Privacy by Design¶
Binding Methodology
Privacy by Design is not a compliance exercise. It is an engineering discipline. Every system GE builds protects personal data by default, by architecture, and by culture. Julian assesses privacy implications before design begins. No exceptions.
Philosophy¶
Privacy is not a feature you add. It is a property of the system you build.
When you build a house, you do not install walls after the tenants move in. The walls are part of the architecture. Privacy works the same way.
GE builds systems for European SMEs. GDPR is not optional. But GE does not build for GDPR compliance — GE builds for privacy. Compliance is a side effect of doing it right.
The Seven Foundational Principles¶
Dr. Ann Cavoukian published the Seven Foundational Principles of Privacy by Design in 2009. They were adopted into law through GDPR Article 25 (Data Protection by Design and by Default).
GE operationalizes all seven:
1. Proactive, Not Reactive¶
Anticipate and prevent privacy-invasive events before they happen. Do not wait for a breach to think about privacy.
GE implementation: Julian performs a privacy impact assessment before design starts. Privacy requirements are derived alongside functional requirements, not after.
2. Privacy as the Default Setting¶
If a user does nothing, their privacy is protected. No action required from the user to protect themselves.
GE implementation: All data collection is opt-in. Default sharing is off. Default retention is minimal. Default access is denied. The user must actively choose to share more, not actively choose to share less.
3. Privacy Embedded into Design¶
Privacy is not a bolt-on. It is woven into the architecture, the data model, the API contracts, and the business logic.
GE implementation: Data minimization is enforced at the schema level. Fields that are not needed are not created. Pseudonymization happens at ingestion, not at export. Encryption is at the data layer, not at the network edge only.
4. Full Functionality — Positive-Sum¶
Privacy does not come at the cost of functionality. It is possible to have both full functionality and full privacy. This is not a zero-sum game.
GE implementation: Privacy-preserving analytics provide the same business insights as tracking-heavy alternatives. Consent management enhances trust, which increases conversion. Data minimization reduces storage costs and attack surface.
5. End-to-End Security — Full Lifecycle Protection¶
Personal data is protected from collection to deletion. No gaps. No periods where data exists unprotected.
GE implementation: Encryption at rest and in transit. Access controls at every layer. Retention policies with automated enforcement. Secure deletion that covers primary stores, backups, caches, and logs.
6. Visibility and Transparency¶
Data subjects know what data is collected, why, how long it is kept, and who has access. Policies are accessible, readable, and honest.
GE implementation: Privacy policies are written in plain language by Julian. Data processing records are maintained automatically. Subject access requests can be fulfilled programmatically.
7. Respect for User Privacy — User-Centric¶
The interests of the individual come first. Strong defaults. Appropriate notice. User-friendly options.
GE implementation: Consent interfaces are clear, specific, and withdrawable. Dark patterns are forbidden. Preference management is easy to find and easy to use.
GDPR Article 25¶
Article 25 of the GDPR codifies Privacy by Design into law:
The controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures [...] designed to implement data-protection principles, such as data minimisation, in an effective manner.
Key Requirements¶
| Requirement | GDPR Article | GE Implementation |
|---|---|---|
| Data protection by design | Art. 25(1) | Privacy impact assessment before design |
| Data protection by default | Art. 25(2) | Minimal data collection, opt-in sharing |
| Purpose limitation | Art. 5(1)(b) | Data model enforces purpose binding |
| Data minimization | Art. 5(1)(c) | Collect only what is needed, pseudonymize early |
| Storage limitation | Art. 5(1)(e) | Automated retention policies with deletion |
| Integrity and confidentiality | Art. 5(1)(f) | Encryption, access controls, audit trails |
| Accountability | Art. 5(2) | Processing records, impact assessments, audit |
Data Minimization as Engineering Discipline¶
Data minimization is not "collect less." It is a systematic engineering practice:
-
At requirements: Question every data field. If the business purpose can be achieved without it, do not collect it.
-
At design: Separate identity from behavior. Pseudonymize at the earliest possible point in the data flow.
-
At implementation: Validate that only specified fields are persisted. Reject unexpected data at the API boundary.
-
At operations: Enforce retention limits. Data that has served its purpose is deleted, not archived.
The question is never: "Why should we delete this data?" The question is always: "Why are we still keeping this data?"
Julian's Role: Privacy Assessor¶
Julian is the compliance lead and privacy assessor. His authority in privacy matters is binding.
Julian assesses privacy when:
- New project involves personal data processing
- New data collection point is proposed
- Data is shared with a new processor or third party
- Cross-border data transfer is planned
- Automated decision-making affects individuals
- Data retention policies are defined or modified
Julian approves when:
- Privacy impact assessment is complete
- Legal basis for processing is identified
- Data minimization is verified
- Retention policies are defined and automated
- Consent mechanisms meet GDPR requirements
- Data subject rights are implementable
Privacy Pipeline Agents¶
| Agent | Role | When |
|---|---|---|
| Julian | Privacy impact assessment, compliance review | Before design, at data model changes |
| Aimee | Client scoping — identifies data processing needs | Project intake |
| Eric | Contract review — data processing agreements | Client onboarding |
| Victoria | Security assessment — privacy controls verification | Threat modeling |
Compliance Landscape¶
GE operates in the EU. These regulations apply:
| Regulation | Scope | Key Requirement |
|---|---|---|
| GDPR | Personal data processing | Privacy by design and default |
| ePrivacy Directive | Electronic communications, cookies | Consent for non-essential cookies |
| Digital Services Act | Online platforms | Transparency, no dark patterns |
| Data Governance Act | Data sharing | Conditions for data reuse |
| AI Act | AI systems | Transparency, human oversight |
GE builds for the strictest applicable standard. What is compliant in the EU is compliant everywhere else.
Further Reading¶
- Privacy Implementation Patterns — Technical patterns for privacy
- Privacy Pitfalls — Common mistakes and how GE prevents them
- Security-First Development — Security and privacy are inseparable
- GE Constitution — Principle 3: Enterprise-Grade From Day One