A Brief History of Data Protection by Design

From multilateral security to Article 25(1) GDPR

Authors

  • Pierre Dewitte KU Leuven Centre for IT & IP Law

DOI:

https://doi.org/10.26116/techreg.2023.008

Keywords:

GDPR, Accountability, Responsibility, Data protection by design, Historical analysis

Abstract

Article 25(1) of the General Data Protection Regulation (“GDPR”) is the first provision that comes to mind when discussing data protection by design. Yet, the origins of that concept can be traced back to an idea that was already solidly established in the software engineering community before its adoption. Besides, the GDPR is not the first binding piece of legislation that incorporates such an obligation. This paper unravels the history of data protection by design by delving into its technical roots and outlining the national and EU initiatives that have preceded the GDPR. Such a retrospective provides the necessary background to understand the implications and scope of its current manifestation in the text of the Regulation.

Downloads

Download data is not yet available.

Author Biography

Pierre Dewitte, KU Leuven Centre for IT & IP Law

Pierre Dewitte is a doctoral researcher at KU Leuven Centre for IT & IP Law

TechReg.2023.008 cover Pierre Dewitte

Downloads

Additional Files

Published

25-10-2023

How to Cite

Dewitte, P. (2023). A Brief History of Data Protection by Design: From multilateral security to Article 25(1) GDPR. Technology and Regulation, 2023, 80–94. https://doi.org/10.26116/techreg.2023.008

Issue

Vol. 2023 (2023)

Section

Articles

License

Copyright (c) 2023 Pierre Dewitte

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Submissions are published under a Creative Commons BY-NC-ND license.’

Received 2023-03-07
Accepted 2023-09-27
Published 2023-10-25