Security by design refers to making security the key element of the configuration of products, services or applications, and thereby preventing any privacy risks from occurring. When designing – or redesigning – an IT system, the way an application or device processes personal data (e.g. location data or access to device files) needs to be considered. This is the case if an IT system automatically – and irreversibly – anonymises, pseudonymises or encrypts data without a specific aim. The security functionality would be inherent and wired in. There are four criteria for privacy by design – data minimisation, minimal level of processing, storage time minimisation, and minimal accessibility to data. Unfortunately, how we can securely design the IoT and 5G networks has not yet been clearly established through protocols.

However, some ideas do already exist – for example, when securing the IoT environment facilitated through 5G technology the central focus should be on expanding the existing security protocols to match contemporary technology. Although it has also been proposed that when transferring IoT data, the principle of proportionality should be respected. A proposed end-to-end security approach would instead shift the attention of attacks towards the devices themselves.

Nevertheless, the Council of the European Union underlined in its Conclusions of December 2019 that the, “increasingly complex, interconnected and rapidly evolving technology calls for a comprehensive approach and effective and proportionate security measures with focus on security and privacy by design as integral parts of 5G infrastructure and terminal equipment.”