Privacy by Design – A Developers Perspective

Facebook’s annual developer conference over last week has had lots of talking points. Key among them is Mark Zuckerbergs bold statement that the future is private. Many have questioned if Facebook has any moral authority left to talk about privacy. For a company that thrives on advertisement served through scanning user data, it becomes hard to believe that Facebook is really serious about privacy of its user data. To backup the claim the social network giant has announced a major overhaul of its core platform including its messaging services. But why overhaul? Where did Facebook go wrong in the first place?

While many think privacy is more about who you give access to data (who you share the data with) or how you store data, it’s imperative to note most companies including Facebook miss the point from the start – during design. While how you transmit data, how you store data and who you share the data with are equally important parts in guarding user privacy, a key point in privacy lies in how you collect the data itself. Data collection is a broad subject and with the advance in technology, there are multiple ways applications collect data. In every step (collection, transit, storage and sharing), privacy should be one of the main design decisions that application developers should consider.

What is Privacy by Design? Privacy by Design is an approach used when developing new systems and applications. Simply put privacy should by default be factored in, in every step of system development. When Privacy by Design is followed, privacy becomes an integral part of project objectives, design process and planning. Privacy by Design has been touted for sometime but its major highlight has been the advent of GDPR.

How can Developers Apply Privacy by Design:

Collect only what is needed

Sometime last month I downloaded a torch application for my Android phone. Normally when installing an application for the first time, you have to go through the required permissions. I couldn’t believe it when location permission popped up! Why would a torch application need to know my location? Worse still the app crashed when I declined! Why does a torch application need location data to function?

Limit what you share

Often times, application need to share data with third parties. Most application do this through application programming interfaces (APIs). An API is a way to allow systems to communicate often times sharing data between them. When developing APIs developers should ensure that data is not shared indiscriminately. Differently API keys should have different access permission and only access the data permitted by their access.

Factor in Privacy in Sprint Planning

With agile, normally every sprint starts with a planning session. It imperative to discuss with the team how the new feature will be implemented with the users privacy factored in.

 

When followed, privacy by design can bring lots of benefits key among them customer trust, increased app users and application stability.