“Privacy by Design breeds innovation and creativity” says former Information and Privacy Commissioner

Nearly 12 months on from the implementation of the EU’s General Data Protection Regulation, organisations adaptation to stronger data protection laws has evolved into a broader discussion on how best to drive innovation while championing data privacy.

The issue sparked debate on social media yesterday following a comment published by Chris Hoofnagle‏ (@hoofnagle) in response to an article by Bloomberg Law that highlights how health data processing protocols in China exemplify how the drive for privacy can suffocate innovation.

“Privacy law gets in the way of analyzing 1.4bn medical records of the Chinese. In other news, due process blocks innovative PreCrime prosecutions,” Hoofnagle wrote.

The tweet referred to how European and US privacy legislation may be stopping medical tech organisations from accessing the health data of up to 1.4 billion citizens in China – information which could be used to create software to make significant medical research advances into human health conditions, tech and wider health-care, experts said.

In April 2019, Beijing launched the first stage of its Personal Information Security Specification, which allows authorities to collect information from personal, medical and hospital data stores, and put it towards research for “public interest” purposes.

Picking up on Hoofnagle’s perspective, tech boss Greg Spiviak, focussed on PII (personally identifiable information) as representing a pivotal point in the equation.

Spiviak, who is CEO of Reboot Communications, tweeted: “What is the balance between innovation and privacy. Does it boil down to PII de identifiable data? @Reboot_Comm we talk about this #hcs19 psv2020”

The tweet attracted Ann Cavoukian, former Information and Privacy Commissioner for Ontario, Canada, into the debate.

Cavoukian, who heads up the Privacy by Design Centre of Excellence at Ryerson University in Ontario, fell upon Spievak’s choice of the word “balance” in the relationship between innovation and privacy – dynamics that challenge businesses globally as they seek to retain the competitive edge through compliant growth.

“We need to abandon the language of ‘balance’ (essentially zero-sum), and replace it with multiple positive gains (positive-sum),” she said.

Cavoukian also advocated the implementation of active measures to de-identify, which in turn should be informed by a comprehensive appraisal of the dangers of re-identification taking place.

“The use of strong de-identification protocols, combined with a risk of Re-ID framework.” This “allows for both privacy AND data utility/innovation: Win/Win!” Cavoukian added.

Cavoukian also stood by Privacy by Design, a foundational tenet of the EU’s General Data Protection Regulation, tweeting:

“Privacy by Design breeds innovation and creativity! Don’t be fooled by dated zero-sum propositions.”

The stance is an encouraging reminder of how compliance journeys can be used to harness innovation and push business growth.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.