Built-in privacy—no panacea, but a necessary condition for effective privacy protection

Built-in privacy has for too long been neglected by regulators. They haveconcentrated on reacting to violations of rules. Even imposing severe fines willhowever not address the basic issue that preventative privacy protection is muchmore meaningful. The paper discusses this in the context of the InternationalWorking Group on Data Protection in Telecommunications (“Berlin Group”) whichhas published numerous recommendations on privacy-compliant design of technicalinnovations. Social network services, road pricing schemes, and the distribution ofdigital media content have figured prominently in the group’s latest working papers. More recently, a judgment of the European Court of Human Rights has thrown lighton weaknesses in the protection of patients’ data in hospitals that requires urgentaction by designers of IT systems. Built-in privacy is no magic button, no panacea, but it has turned out to be a necessary condition for meaningful privacy protection