Design is key to privacy. In the EU, the General Data Protection Regulation (GDPR) mandates data protection by design and default. Other laws are starting to require privacy or data protection by design.
Why is design so important to privacy? As I wrote in On Privacy and Technology (2025), the “design of software, websites, and electronic devices controls what people can and can’t do, how people behave, how people interact with others, the way people make decisions, how much personal data they disclose, and many other things.”
Over the years, many books and writings have been published that provide useful advice and perspectives on privacy by design. Here are a few great books and writings that every privacy and data protection officer should read, as well as any policymakers who are crafting or enforcing privacy laws.
Ann Cavoukian, Privacy by Design (paper)
The term “privacy by design” was coined by Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, Canada and now Executive Director of the Privacy and Big Data Institute at Ryerson University. According to Cavoukian, “Privacy by Design refers to the philosophy and approach of embedding privacy into the design, operation and management of information technologies and systems, across the entire information life cycle.”
Cavoukian sets forth 7 principles for design:
1. Recognition that privacy interests and concerns must be addressed proactively;
2. Application of core principles expressing universal spheres of privacy protection;
3. Early mitigation of privacy concerns when developing information technologies and systems, throughout the entire information life cycle —end to end;
4. Need for qualified privacy leadership and/or professional input;
5. Adoption and integration of privacy-enhancing technologies (PETs);
6. Embedding privacy in a positive-sum (not zero-sum) manner so as to enhance both privacy and system functionality; and
7. Respect for users’ privacy.
Cavoukian’s principles and work on privacy by design have been immensely influential. For further thoughts by Cavoukian on her principles, see here.
Woodrow Hartzog, Privacy’s Blueprint: The Battle to Control the Design of New Technologies (2018)
Privacy’s Blueprint presents a deep, vivid, and concrete account of how technology companies design devices, websites, and software in ways that diminish privacy. With clear and engaging examples, Hartzog contends that privacy law can’t be effective unless it regulates design. According to Hartzog, design can be regulated in ways that aren’t overly controlling or stifling to innovation. This is a great book, filled with countless insights, and it is highly accessible.
Michelle Dennedy, Jonathan Fox, and Tom Finneran, The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value (2014)
This book is a practical and intellectual guide to privacy engineering. It is fun to read and has many concrete examples, case studies, and charts and diagrams. The book focuses on the architecture of privacy design. It is detailed and sophisticated. The book has contributions from a group of privacy all-stars, including Annie Antón, Ann Cavoukian, Jay Cline, Peggy Eisenhauer, Ken Mortensen, Jules Polonetsky, Richard Purcell, Peter Swire, and Eduardo Ustaran, among others. The passion of the authors really comes through, which makes this book lively and engaging.
Daniel J. Solove, Understanding Privacy (2008)
I’m taking author’s privilege and including my own book, Understanding Privacy, which sets forth a taxonomy of privacy to understand this complicated and sprawling concept. I argue that privacy can’t be reduced to just one thing; it’s many different yet related things. With the taxonomy, I map out the landscape of privacy, which is essential for those who are designing for privacy. Designing without understanding the concept of privacy is like building without a blueprint.
R. Jason Cronk, Strategic Privacy by Design (2018)
Jason Cronk’s book is a comprehensive practical guide to designing for privacy. I must confess I’m somewhat biased because he uses my privacy taxonomy to identify privacy harms to be addressed. His book is superb at providing concrete examples and practical advice. I’m tremendously impressed to see my taxonomic framework transformed into a workable approach that can be implemented internally at organizations.
Robert Stribley, Design for Privacy: Keeping Personal Information Private (2025)
A great book on privacy by design that focuses extensively on technological design. The color printing and copious images make the book engaging to read. There are many interesting call outs, including an interesting interview of Harry Brignull who coined the term “dark patterns.” Stribley includes many case studies and practical examples, and I appreciate his engagement with the academic literature. This is a highly practical and sophisticated book.
Simson L. Garfinkel, Differential Privacy (2025)
This book is a great short introduction to differential privacy, an approach to protecting privacy developed by Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith in 2006. As Garfinkel explains, differential privacy “protects confidential data by adding in random numbers from a carefully calibrated statistical distribution. This noise makes it arbitrarily difficult for someone to take a published statistic—like the ages and races of people living on a census block—and learn the underlying confidential data on which the statistic is based.”
MR Leiser, Dark Patterns, Deceptive Design, and the Law: AI’s Hidden Influence on Our Digital Experience (2025)
“Dark patterns” are deceptive and manipulative tech designs. The term was coined by Harry Brignull in 2010 (he wrote the preface to this book). The use of this term is genius because policymakers had long been afraid to regulate design for fear of second-guessing technologists. But when designs are called “dark patterns,” policymakers became emboldened to stamp them out and began regulating. This book discusses the many types of dark patterns, techniques of manipulation, and legal regulation. It’s a detailed practical guide to dark patterns.
Ari Ezra Waldman, Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power (2021)
Ari Waldman’s Industry Unbound eviscerates many of the current privacy laws and corporate privacy programs. Waldman contends that many privacy programs amount to building a meaningless paper record and end up cloaking poor privacy practices with a pretty facade. On design, he discusses his extensive interviews with engineers and compliance officials in companies who approached privacy by design with a thin and incomplete understanding of privacy. Many thought privacy merely involved providing notice and data security. Even those who do not agree with the potency of Waldman’s critique must take note of the concerns he raises. His arguments are essential to engage with.
GDPR Article 25 (2016)
The EU General Data Protection Regulation (GDPR) was one of the earliest laws (likely the first) to mandate data protection by design and default. In Article 25, the GDPR requires that data controllers “shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.”
The GDPR also requires that the “controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.”
* * * *
Privacy by Design Training
I created training on privacy by design that might be of interest to readers of this post.
Privacy and Data Protection by Design
This course (~18 min) teaches the basics of privacy and data protection by design training to engineers, designers, and other workforce members.
The Rude Refrigerator: A Privacy by Design Story
This is a short humorous vignette that teaches the importance of thinking about privacy when designing products or services.
* * * *
Professor Daniel J. Solove is a law professor at George Washington University Law School. Through his company, TeachPrivacy, he has created the largest library of computer-based privacy and data security training, with more than 180 courses.
Subscribe to Solove’s Free Substack
A supplement to Solove’s regular newsletter with more in-depth discussions
