The Catalan Data Protection Authority (APDCAT) has championed the competitive advantage of designing privacy-friendly products and services. At the “Take advantage of privacy” conference hosted as part of 4YFN at the Mobile World Congress, APDCAT’s director Meritxell Borràs addressed the entrepreneurship sector and start-ups to advocate the added value of using privacy by design and by default when developing technological devices which gather and process personal data.
Borràs opened the event which also featured Gabriela Zanfir-Fortuna, Vice President for Global Privacy at the Future of Privacy Forum. In her talk, Borràs spoke about how society is becoming more technological and datafied where data are an economic asset. She argued that “data protection is a key factor in achieving responsible innovation and sustainable development.”
She pointed to the efforts underway to build the structures needed to make the European Union an attractive area for investment and economic and social growth by harnessing technology while also safeguarding people’s rights. She added that compliance with data protection regulations by all the stakeholders involved “is crucial to compete in a market in which privacy is a core value for maintaining the levels of freedom achieved so far.”
Gabriela Zanfir-Fortuna spoke about the importance of embedding from the outset privacy protections in products and services that rely on processing personal data. Beyond the fact that Data Protection by Design and by Default is a legal obligation under the GDPR (Article 25), embedding data protection features in new products and services is an advantage for start-ups because it significantly increases the trust of potential users and customers, it decreases the risk of reputational damage that unlawful personal data processing and data breaches can bring, and it ultimately respects the rights of individuals.
Giving a preview into the results of a study of approximately 150 real life cases from European Data Protection Authorities and Courts which enforced Article 25 GDPR, she highlighted practical examples of what companies should do to ensure Data Protection by Design, such as designing systems with the possibility for data to be erased once it is no longer necessary, deploying technical and organizational measures to prevent third-party access to personal data and ensuring that staff is trained to apply these measures, designing registration forms for services that only require the minimum amount of information necessary, or ensuring increased transparency when deploying automated processes that claim to detect emotions from customers' voices. Surveying the various cases that emerged in the past 5 years on the application of Article 25 GDPR, it is confirmed that the weight of the GDPR rests on the shoulders of the Data Protection by Design obligation.
As part of 4YFN at the Mobile World Congress, the Catalan Data Protection Authority has hosted the “Take advantage of privacy” conference featuring Gabriela Zanfir-Fortuna, Vice President for Global Privacy at the Future of Privacy Forum, Meritxell Borràs, APDCAT’s director, and Xavier Urios, head of Legal Advice at APDCAT.