concept
Privacy by Design
Methodology that builds privacy into the architecture of a system from the start — through data flows, storage, access control, and retention — rather than as a configurable setting.
Also known as: PbD · privacy-first architecture
Privacy by design treats privacy as an architectural property, not a UI toggle.
In practice this means:
- Default to the safest option — collect the minimum data required for the learning function. If a data point cannot be tied to a clear pedagogical purpose, it is not collected.
- Limit access — only roles that need a data point can read it. Student data is not visible to vendors or admins by default.
- Reduce identifiability — use aggregation and pseudonymization where the educational signal does not require identity.
- Control retention — every category of learning data has a defined retention period and a clear reason for it.
Privacy by design is necessary for ethical EdTech but does not on its own guarantee it: a system can be privacy-preserving and still pedagogically harmful.