THE LIMITS OF PRIVACY BY DESIGN

Privacy by design (PbD), an approach to systems engineering included in the European Union's General Data Protection Regulation, now forms part of the EU's legal safeguards. This article examines the scope of this reliance on privacy-enhancing technologies (PETs). More specifically, it assesses their limits and the problems with their realworld application. One aspect worthy of particular consideration is the lack of co-ordination between our legal and our technology communities: we shall be providing examples of supposedly privacy-enhancing technologies that are ineffective in practice, as well as those that are unlawful and, finally, those that do not take account of the legal concept of privacy in the design of the protection they afford. The article concludes by suggesting some possible ways of remedying this situation and of leveraging the full co-regulatory potential of privacy-enhancing technologies.