Privacy by Design
Privacy by design is a principle requiring organisations to build data protection and privacy safeguards into systems, processes, and services from the very beginning, rather than adding them later as an afterthought. Under EU law, it means embedding privacy-preserving measures at every stage of processing—from initial design through to deletion—and making data protection the default setting for users.
Legal Basis
"The controller shall … implement appropriate technical and organisational measures … which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects."
— Article 25(1), Regulation (EU) 2016/679 (GDPR)
Why It Matters
Privacy by design is a foundational obligation under the GDPR and applies to anyone processing personal data in the EU—including sponsors, political advertising publishers, and providers of political advertising services covered by the TTPA Regulation. When these actors use personal data for targeting or ad delivery, they must design their systems to minimise data collection, maximise transparency, and protect data subjects' rights from the outset.
For political advertising, this principle has direct practical impact. Platforms, ad-tech providers, and campaigns must configure their tools and workflows so that personal data is only collected and processed when necessary, is kept secure, and is deleted when no longer needed. Privacy by design also means offering users meaningful privacy choices as the default—for example, not pre-selecting consent boxes or defaulting to the most privacy-invasive settings.
Failure to embed privacy by design can lead to regulatory penalties, data breaches, and erosion of public trust—particularly damaging in the politically sensitive context of elections and referendums.
Key Points
- Proactive, not reactive: Privacy safeguards must be built into systems from the design stage, not bolted on after deployment.
- Default to privacy: Systems should operate with the most privacy-friendly settings by default, without requiring users to opt out of invasive practices.
- Data minimisation: Collect and process only the personal data strictly necessary for the specified purpose.
- Lifecycle protection: Privacy measures apply throughout the entire data lifecycle—from collection and storage to use, sharing, and deletion.
- Accountability: Organisations must be able to demonstrate how privacy by design has been implemented in their systems and processes.
- User empowerment: Design should enable users to easily exercise their rights (access, rectification, erasure, objection) without technical barriers.
Privacy by Design vs. Privacy by Default
Privacy by design refers to embedding data protection into the architecture of systems and processes from the start. Privacy by default is a related but narrower concept: it requires that systems automatically apply the most privacy-protective settings without user intervention. In other words, privacy by design is about how you build; privacy by default is about what settings you ship. Both are required under Article 25 GDPR. For political advertising platforms, privacy by design means architecting systems that minimise data collection and protect user rights, while privacy by default means that, for example, targeting options do not pre-select sensitive data categories and users' profiles are not shared more widely than necessary.
Related Terms
- Data Minimisation
- Privacy by Default
- Data Protection Impact Assessment (DPIA)
- Personal Data
- Consent
- Controller
- Processor
- Targeting Techniques
- GDPR (General Data Protection Regulation)
- Transparency Notice