Privacy by Design
Data Lifecycle Illustration
Privacy by Design
This course, fully developed via Gomo, was on Privacy by Design.
The main goal of this course was to teach the 7 design principles of Privacy by Design first introduced by Dr. Ann Cavoukian. Those principles can be found in depth here.
Those 7 Principles Are:
Privacy by Design - Activity
The activity designed for this course walked the learner through the design process of an app. Throughout this course, they had to make decisions on what was most appropriate for the design considering both business needs and Privacy by Design principles.
Example 2: Some Alignment with Privacy by Design Principles
Postal code is asked for, but not required data for the end-user.
A picture is required - The purpose of this app was not one that should require a picture!
The privacy notice and email subscription are not automatic opt-in - this is good, as we don’t want to assume consent.
In order to have access to the game, the learner does have to opt-in to emails AND the privacy notice - this is not explicitly listed as a “Required” field, and is a dishonest practice.
Example 1: Best Alignment with Privacy by Design Principles
Learners could juxtapose and see that a postal code was not asked for in this example.
A picture is not required in this version.
The privacy notice and email subscription are separate.
There is not automatic opt-in for the privacy notice - this is good, as we don’t want to assume consent.
Email subscription is not required.
Example 3: Worst Alignment with Privacy by Design Principles
Postal code is required data.
A picture is required - The purpose of this app was not one that should require a picture!
The consent provided by clicking the sign-up button here is not informed.
The privacy notice is small and inaccessible according to WCAG requirements and WC3 Guidelines!
