Privacy by default

Where 'privacy by design' refers more to the technical structure of a data processing system, 'privacy by default' focuses on the configuration of the system, the 'default settings'. The General Data Protection Regulation (GDPR) requires 'user-friendly' default settings to be selected. Especially 'users' who are not very tech-savvy should be legally protected by 'privacy by default'.

The reason for this regulation was the 'privacy paradox': on the one hand, users have a need for comprehensive protection of personal data. On the other hand, many users are unable or unwilling to adjust the technical settings of a system accordingly. The provider side is now obliged by the GDPR to initially guarantee this protection on its part.

There are limits, of course: The GDPR speaks nebulously of the state of the art, implementation costs, the scope, circumstances and purpose of the processing. In any case, it is clear from the use of the plural in the word 'measures' alone that a single action is usually not sufficient here. A whole bundle of 'measures' is necessary in almost every case.

Incidentally, Article 25 (3) GDPR gives every provider the opportunity to be certified. Certification within the meaning of Art. 42 GDPR creates legal certainty here - for example through the certified external data protection officer Harald Rossol at b.r.m. in Bremen.
If you have any questions, simply contact us at ...