What is the difference between "privacy by policy" and "privacy by architecture"?
Privacy by policy protects data through rules and laws (what people are permitted to do); privacy by architecture protects it through technology that makes violations difficult or impossible.
Real privacy protection needs both — they cover each other's weaknesses.
| Approach | How it protects | Example | Weakness |
|---|---|---|---|
| Privacy by policy | Laws, contracts, self-regulation, consequences for violations | GDPR, a company's privacy policy, fines | Relies on actors choosing to comply; only catches violations after the fact |
| Privacy by architecture | Technical design that prevents misuse | Encryption, anonymization, on-device processing, Privacy by Design | Optional unless mandated; can be omitted by a careless or hostile builder |
Why neither alone is enough:
- Laws without enforcing technology are toothless — a rule that "you mustn't read this data" doesn't stop someone who can technically read it.
- Technology without legal backing is optional — encryption helps only if someone bothers to deploy it.
The synthesis: strong privacy regimes pair a legal mandate (policy) with technical enforcement (architecture) — e.g., GDPR (policy) requiring Privacy by Design (architecture).
Tip: When evaluating any system, ask both questions: "What are they allowed to do with my data?" (policy) and "What are they technically able to do with it?" (architecture). The gap between the two is where privacy risk lives.