Privacy has become a global concern, with regulations such as GDPR coming into effect. In this context, e-commerce businesses that operate globally cannot simply adopt data protection regulations of a single country/region. Supporting each and every regulation as they emerge is challenging and greatly increases the maintenance cost. Furthermore, these kinds of regular modifications can lead to poor customer experiences.
Leveraging well-known privacy by design principles into your system design strategy is a long-term and sustainable solution for most of these privacy challenges. Once these principles are adopted, it is possible to achieve each individual privacy regulation compliance easily with minimum time and effort. This talk introduces a number of well-known privacy by design principles and explores how they implemented in real-world scenarios. This talk also highlights the benefits of each of these principles with potential implications.
In the context of a high-level system architecture, separating personal and security data from other business and operational data is one of the core principles. The responsibility of managing personal and security data can be delegated to a specific module or dedicated IAM solution, as other components request for personal data in an on-demand and transient manner - usually through standard security tokens such as OpenID Connect, SAML or JWT token.
Once personal and security data are isolated from other systems, it is possible to apply set of security and privacy best practices. These include data minimization when capturing and storing data, data anonymization when storing, pseudonymization during strong, the use of a system-generated ID during data sharing, encryption before storing, and storing hashes instead of the original value.
Design and provide a user-centric experience are also key design principles. For example, all data processing activities have to be transparent for users and they need to be informed of these activities. Usually, these activities require clear and active consent from users. Systems should facilitate to review and revoke previously given consent. Systems should also provide means to modify or remove user profiles by themselves. The adoption of strong and adaptive authentication mechanisms, use of up-to-date cryptographic algorithms, and libraries also help to improve the end-to-end security of the system.