GDPR Requirements
Appropriate technical and organizational measures shall be taken to ensure that the default settings of a service do not patronize users in the collection, processing, storage and disclosure of personal data. This is often referred to as Privacy by Default (Article 25 (2)).
Resulting Challenge
First, it is necessary that the collection, processing, storage and transfer of data can be technically adjusted to any relevant user context. Only then variable data privacy-friendly default settings are possible.
Technical Solution Approach
In the General pattern section, we have recommended to associate data with additional attributes (e.g., the “purpose limitation” pattern suggests to store an additional “purpose” attribute with personal data). Thus, an attribute-based access control can technically guarantee purpose limitation. If data is provided with proper attributes, then it is technically possible to define data protection-friendly characteristics of these attributes. Thus, data can be provided with the generic storage attribute “by default”, so that no processing process can access these attributes, since they are initially only intended for storage. The same is possible with the time attribute, which determines a lifetime depending on the type of date; once this has expired, further processing can no longer take place. The attribute should be set individually by the person concerned. The two attributes are only examples. The operator of a service must already consider the requirements of this pattern during the design of the data model and define suitable attributes together with their specifications.
Checklist
- Does the system have suitable control attributes that identify the data?
- Can users flexibly adjust settings regarding the processing of personal data?
- Are users not patronized by the system?