One of the key principles of the General Data Protection Regulation (”GDPR”) is the concept of privacy by design and by default. This principle requires organizations to ensure that the protection of personal data is built into the design and default settings of systems and products that collect, process, and store personal data. In this post, we’ll explore the concepts of Privacy by Design and by Default and how they are implemented at Intenseye to protect personal information, in line with the GDPR.
Article 25 of the GDPR requires that privacy is integrated into the design of systems and processes. This means that technical and organizational measures must be put in place to ensure that data protection principles are effectively implemented and individuals’ rights are protected in accordance with the GDPR’s regulations.
Privacy by design refers to the process of incorporating privacy considerations into the design and development of projects, products, services, and systems. This approach ensures that privacy is built into the very foundation of a project, product or service, rather than being an afterthought. By considering privacy from the outset, organizations can prevent potential privacy breaches and mitigate the risk of data breaches. For example, when designing a video surveillance system, an organization must consider how the system will be used, who will have access to the data, and how the data will be stored and protected.
💡 As Intenseye, we understand the importance of privacy-by-design and have implemented it in our SaaS solution, an AI-based EHS platform. Our platform is designed to protect the privacy of individuals while still providing valuable insights and data to businesses. We never record security camera footages on a 24/7 basis. Instead, only alert evidence images and short video clips are recorded in case of any unsafe act for further analysis. All other data is immediately deleted after the analysis unless the image collection is toggled on for the object annotation and AI training purposes.
Privacy by default is the process of ensuring that the most privacy-friendly settings are the default settings of systems and products. This means that organizations must ensure that personal data is only collected, processed, and stored when it is necessary, and that the data is only shared with those who need it. For example, when installing a video surveillance system, an organization must ensure that the system is configured to only record footage when motion is detected, and that the footage is only stored for a limited period of time.
💡 As Intenseye, we make sure to get our customers’ consent in case of data collection for AI training and accuracy improvement purposes. This means that individuals have control over their data and can choose to opt-out if they prefer. Another way we protect privacy is by blurring all faces in alert images and videos by default. This means that individuals are not identifiable from the data and their privacy is protected.

The importance of privacy by design and by default cannot be overstated when dealing with video surveillance systems. Video surveillance systems collect and store large amounts of personal data, and this data can be used for a variety of purposes, including security, marketing, and research. Without proper privacy protections in place, this data can be misused or mishandled, leading to serious privacy breaches. Accordingly, to ensure compliance with the GDPR, organizations must implement privacy by design and by default when dealing with video surveillance systems. This means that organizations must consider the potential risks to personal data, take appropriate measures to mitigate them, and ensure that the most privacy-friendly settings are the default settings of the system.
Systematic development of projects in accordance with privacy and data protection from the very beginning has a significant importance. Data protection issues must be considered as part of the project planning and implementation on an ongoing basis from the very early planning stage until the project will be completed when deciding whether to use video surveillance technology (installing a new system or updating an existing system). Close collaboration with a data privacy professional is strongly advised throughout the project planning and execution phase to make sure the system is not more intrusive than necessary and to build an acceptable set of safeguards.
💡 At Intenseye, we believe that privacy should be a top priority in all technology solutions. By implementing privacy-by-design and privacy-by-default in our EHS platform, we are able to provide valuable insights and data while also protecting the privacy of individuals.
In conclusion, privacy by design and by default are essential principles that organizations must adhere to under the GDPR. By incorporating privacy considerations into the design and development of projects, products, services, and systems, and by setting privacy-enhancing defaults, organizations can ensure that individuals are in control of their personal data and can make informed decisions about how and when to share it. This approach helps to prevent potential privacy breaches and mitigate the risk of data breaches, ultimately protecting the privacy and security of individuals.
When dealing with video surveillance systems, organizations must ensure that the protection of personal data is built into the design and default settings of the system, and that the system is only used for legitimate purposes. By doing so, organizations can ensure compliance with the GDPR and protect the personal data of individuals.
Don’t miss out the next week’s post, where our focus will be on Data Protection Impact Assessment.
