PAe - AEPD publishes a guide to facilitate the implementation of privacy since the design
the accesskey _ mod _ content

La AEPD publica una guía para facilitar la aplicación de la privacidad desde el diseño

18 October 2019

The AEPD publishes a guide to facilitate the implementation of privacy since the design. Analyzes the concept of privacy engineering, a process whose purpose is to translate the principles of privacy from design to specific measures, both in the conception phase of the product or service as in the development

The Spanish agency data protection (Opens in new window) (AEPD) has published the " Privacy guide from the design (Opens in new window) "with the aim of providing patterns that facilitate the incorporation of the principles of data protection and privacy requirements for new products or services from the moment that are beginning to be designed.

The concept of ‘ privacy since the design ’ was accepted internationally in a resolution (Opens in new window)  adoptada en 2010 en el marco de la 32ª Conferencia Internacional de Comisionados de Protección de Datos y Privacidad. No obstante, es el Reglamento General de Protección de Datos (RGPD) el que le ha conferido la categoría de requisito legal, al incorporar en su artículo 25 la práctica de considerar los requisitos de privacidad desde las primeras etapas del diseño de productos y servicios.

El objetivo de la privacidad desde el diseño, orientado a la gestión del riesgo y la responsabilidad proactiva, es que la protección de datos esté presente desde las primeras fases de desarrollo y no sea una capa añadida, formando parte integral del producto (hardware o software), sistema, servicio o proceso. La Guía está dirigida a responsables y otros actores que intervienen en el tratamiento de datos personales, tales como proveedores y prestadores de servicios, desarrolladores de productos y aplicaciones o fabricantes de dispositivos.

The document is divided into nine sections. The first two are dedicated to define the concept and the founding principles of privacy since the design, as well as the requirements to qualify the product or service to ensure that privacy. The third paragraph analyzes the concept of privacy engineering , a process that aims to translate the principles of privacy since the design into concrete action, both in the conception phase of the product or service and development. For example, through the identification of strategies continue to ensure privacy; the establishment of design patterns of privacy to solve problems that arise repeatedly to develop products and services, or use of improved privacy technologies (PETS, for its initials in English) to bring these patterns to a particular technology.

Moreover, the guide addresses the various design strategies of privacy, some of which are oriented to the processing of data (minimize, hide, separating and abstract) while others are addressed to define processes for responsible management of personal data (inform, control, meet and show). Also, devotes a section to classify privacy technologies improved or PETS, among other things.

The Guide includes a section of conclusions in which the agency shows that ensure privacy and establishing a framework that guarantees the protection of data is not an obstacle for innovation, but offers advantages and opportunities for both organizations like for the market and society as a whole. Also remember that the privacy since the design is an obligation of the responsible for whatever form of development, acquisition or outsourcing of the system, product or service, not being able to delegate completely responsibility for manufacturers and responsible.

Original source of the news (Opens in new window)

  • Electronic services
  • Security
General access point
General access point