By signing up, you acknowledge and agree to our Privacy Policy and Terms of Service. You may unsubscribe at any time by following the directions at the bottom of the email or by contacting us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The genesis of ‘privacy by design’

With help from Derek Robertson and Ben Schreckinger

The U.S. has never had a national data privacy law. That might be set to change with a new draft bill being debated in both chambers of Congress, with support from leaders in both parties.

The American Data Privacy and Protection Act includes requirements that any organization that “collects, processes, or transfers” information that can be linked to a particular individual follow the principles of “privacy by design.”

It’s a decades-old idea that the only way to ensure data privacy is to build it into applications in the earliest stages. It’s in Europe’s General Data Protection Regulation as well as Brazil’s national privacy law, among numerous other jurisdictions.

But applying that idea to continually evolving technology is likely to require some serious iterating, to use a Silicon Valley term.

We asked Ann Cavoukian, who coined the term and came up with seven “foundational principles” in 1997 when she was Ontario’s information and privacy commissioner, about the history — and the future — of the concept.

This interview has been edited for length and clarity.

What is privacy by design?

Privacy by design is all about baking privacy into the code. It takes the pressure off of individuals — data subjects — from remembering to ask for privacy.

What prompted you to create the privacy by design principles?

I’m trained in psychology and I wanted to take a psychological approach to it. I wanted to have a proactive model that ideally prevented privacy harms from arising. I wanted to get involved before — not after — the harm happened. So I literally created privacy by design at my kitchen table over three nights and came up with the seven foundational principles and then I took it into the office and I “sold it to them.” The lawyers came along and that’s how we developed it.

Privacy forms the foundation of our freedom. You have to be free to choose how you want to have your personal information used and to whom you want to have it disclosed. I want this reflected in privacy by design, but also wanted to reflect it’s not one interest versus another.

It’s not privacy versus security, or privacy versus data utility.

I wanted both. I wanted privacy and data utility to go hand in hand. I wanted privacy and data security to go hand in hand. So we did that, and it just took off.

What do you think of the privacy by design provisions in the American Data Privacy and Protection Act draft bill?

I’m actually quite pleased with this bill because I think it will provide high standards of data security and data minimization. And I think it takes so long in the U.S. to get one of these laws and it’s high time; you’ve gotta move on it now.

I think this comes close to doing that — which is saying a lot. It will end the discriminatory use of your personal data. It prohibits the transfer of sensitive data to third parties and without “express affirmative consent.” That’s huge. That’s the essence of privacy by design--- that the individual will be the one to consent to the particular uses of their personal data. I thought that was wonderful.

I think it’s an excellent way to move forward. Nothing is ever perfect, of course, but this has enough in it that I think it will appeal to many groups.

How do you see privacy by design evolving in the future, especially with more decentralized systems?

It’s all about preserving control for the data subject. If that is reflected in the advances being made, then you are completely consistent with privacy by design.

The general principles — they’re general for a very specific reason, because we want to preserve the data subject’s ability to have control. Privacy is all about control — personal control over the use and disclosure of your personal information.

If you can capture that through privacy by design — which you can — and then apply it generally in some other development, then you’re golden.

going mainstream

Things tend to move fast in the crypto world. But all of a sudden this week, regular old institutions are catching up: Sens. Cynthia Lummis and Kirsten Gillibrand introduced their long-awaited crypto regulatory bill; PayPal announced it would start allowing crypto transfers; and a cluster of traditional brokerages made public their plans to launch a crypto platform.

That was all within 24 hours. It’s a sign of the technology becoming more and more entrenched in institutional life, even as the value of cryptocurrencies has taken a serious dip and several of its biggest players have been embroiled in scandal.

I asked Justin Slaughter, policy director at the crypto-focused VC firm Paradigm and a former SEC official from January to September 2021, why this flood of institutional adoption is happening now, and what it means for crypto’s future. He said that after years of analysts predicting the tech’s demise, this moment is a fairly significant indicator it’s here to stay.

“Crypto’s engagement with institutional actors has historically come in waves, and this is a pretty significant one,” Slaughter said, adding that the potential impact of the Lummis/Gillibrand bill is especially major. “For just about everybody, the status quo isn’t working — government agencies don’t know how to get their hands around crypto, and the crypto industry is caught between vague, competing, and sometimes contradictory regulatory agendas at both the national and state levels.” — Derek Robertson

for the record

On Monday we wrote about 3OH DAO, a Web3 advocacy group that launched a new super PAC, and CultDAO, a group listed as an investor on 3OH DAO’s website. At the time, 3OH DAO spokesman Dave Barmore said he knew little about CultDAO. Following publication, another representative for 3OH DAO, Jennifer Mullin, told us that CultDAO was an early investor in 3OH DAO but is no longer involved in the project and does not hold tokens in 3OH’s DAO. — Ben Schreckinger

afternoon snack

Monkey JPGs. They’re the most popular, valuable NFTs. But are they any good?

The digital art historian and critic Tina Rivers Ryan weighed in on the critical value of NFTs today, noting to The Verge that there are actually several different distinct categories of art that represent the blockchain-powered token which theoretically gives them their value.

In her estimation there is:

“Blockchain art, which are projects that not only use the blockchain but actively explore its limits to make us rethink concepts like value, ownership, and authenticity”

“Crypto art... that celebrates cryptocurrency and its attendant subcultures”

And everything else that can’t be neatly categorized as such, “digital art or digital design that’s been tokenized in order to allow it to be bought and sold.”

The way much popular NFT art — like Bored Apes, or CryptoPunks — functions is actually not dissimilar from the postmodern art pioneered by artists like Andy Warhol. Each item might be unique, but they’re not the product of painstaking attention to detail, but a randomized assemblage of existing digital elements.

Some, like CryptoPhunks, even tweak existing NFTs as a meta-commentary on the ecosystem itself. Crude and overtly commercial as it might be, there’s plenty of analog precedent for the way NFT artists interact with the art world. — Derek Robertson

The Future In 5 Links

Read about how a felon convicted for Bitcoin laundering tapped into a growing field of white-collar “prison consultants.”
White hat hackers are fighting the recent rash of crypto heists.
The once-seemingly-invincible investment firm Tiger Capital has found itself on its back heel amid a tech downturn.
The team leader for Microsoft’s HoloLens AR technology has resigned amid accusations of abuse and harassment.
Another one of the biggest crypto exchanges, Binance, is drawing scrutiny for widespread hacking and fraud on the platform.

Stay in touch with the whole team: Ben Schreckinger ([email protected]); Derek Robertson ([email protected]); Konstantin Kakaes ([email protected]); and Heidi Vogt ([email protected]).

Ben Schreckinger covers tech, finance and politics for POLITICO; he is an investor in cryptocurrency.

If you’ve had this newsletter forwarded to you, you can sign up here. And read our mission statement here.

Follow us on Twitter

Ben Schreckinger @SchreckReports
Derek Robertson @afternoondelete
Steve Heuser @sfheuser

Rebecca Kern is a tech policy reporter for POLITICO. She covers the battles over online speech, misinformation and content moderation along with more general technology policy on Capitol Hill.

Rebecca came to POLITICO from Bloomberg Government, where she covered privacy, tech firms’ liability shield, cybersecurity and telecommunications. She also helped launch Bloomberg Government’s Tech and Cyber Briefing newsletter. She previously covered energy policy for Bloomberg Industry Group — tracking the policy and personality shifts between energy secretaries Ernest Moniz and Rick Perry — and reported on the Federal Energy Regulatory Commission during the Obama and Trump administrations. Her reporting also took her to Puerto Rico to cover the recovery of the electric grid and the potential for renewables after Hurricane Maria — where she unexpectedly met Ricky Martin.

Throughout her reporting career, Rebecca also covered consumer product safety, highway safety, health care and education with work published in outlets including U.S. News and World Report, USA Today and The Washington Post. She graduated from American University with a journalism degree.

A Southerner at heart, Rebecca hails from a long line of Tennesseans. While she may have lost her Southern twang over the years she’s lived in D.C., she dares anyone to test her Dolly Parton knowledge.

The genesis of ‘privacy by design’

going mainstream

for the record

afternoon snack

The Future In 5 Links

Follow us on Twitter

Follow Us

Friday, 5/31/24

Thursday, 5/30/24

Wednesday, 5/29/24

Tuesday, 5/28/24

Friday, 5/24/24

Trump Bungled the Trial

22 Experts Predict What the Trump Conviction Will Mean for 2024 and Beyond

Donald Trump’s long road of legal troubles may end here

Guilt Complex: Trump's Felony Convictions Are a Big Political Problem

Will Trump’s guilty verdict hurt him? Read this story (not the polls).