To my understanding, and vision, the advancement of data protection legislation in the most varied countries and the most varied approaches, such as GPDR in Europe, LGPD in Brazil, and sector-specific data protection laws and regulations in the USA, are only the first steps towards a much greater need and focus: protecting people.
And, in this sense, the concept of Privacy by Design (PbD) shows to be even more complex, if the capabilities stop pointing only to the data, but as much or more to its owners.
I think that the protection of people involves a more holistic view of the whole issue of privacy and information security since there is no point in policy and legislation that seeks to protect data but that leaves the possibilities open to people, especially those who have little or less knowledge of technology, being victims of the most varied problems whose cause is precisely the impact on their privacy.
However, in this context, we have to think of something more comprehensive than privacy itself, and that PbD itself, which I would designate as a Design for People (DfP). And, in other words, the fundamentals for protecting people would go through the DfP, and its future principles.
And what are these principles, and, mainly, capabilities, to organizations and legislators to focus on people from the conception and initial phase of the projects? Without a doubt, this is a beautiful exercise for EA, or Enterprise Architecture, discipline.
By Rogerio Figurelli at 08/29/2020