The future of data protection is privacy by design

Special Report: The conversation around personal data protection often swings between two extremes: sweeping regulatory control on one end, and blind faith in corporate goodwill on the other.

Words by Barry Young, Binance chief data protection officer

This week marks the Australian Information Commissioner’s Privacy Awareness Week, themed “Privacy: it’s everyone’s business.” At Binance, I’ve seen the potential for a middle path that deserves greater attention. One that’s grounded in product design, not just doctrine. A model where individuals are given the tools to manage their own data, and companies are built to support that self-governance by default.

In my view, that’s the most practical future we can aim for.

As a cryptocurrency exchange, we’re no strangers to questions around data privacy and safety. The nature of our sector invites scrutiny, and with that, a responsibility to be on the frontfoot. Beyond just securing our platform and processes, we aim to identify as many new opportunities as possible to protect our users’ data.

What we’ve learned from our security and protection journey is that privacy for organisations today is far more than a legal checkbox. It’s become a design choice and one that can differentiate businesses. When done well, it helps consumers build a sharper awareness of what their personal data is, where it lives, and how to take control of it.

The problem with checkbox privacy

If you’ve ever scrolled through 15 pages of a privacy policy and clicked ‘accept’ just to get on with your day, you already know the problem. Too often, privacy is treated as a compliance afterthought: get the legal language right, file it away, job done.

But compliance is not the same as protection. Australians know this. Research from the Consumer Policy Research Centre found 70% of people feel they have little or no control over how their data is shared. And they’re right to feel that way, in many systems, they don’t.

That’s why the idea of privacy by design is gaining traction. This concept means baking privacy protections and user controls into products and services from the ground up, rather than bolting them on later. It weaves privacy into the very fabric of technology, ensuring user data is respected by default.

The case for self-governance

 Self-governance entails privacy tools that are simple, transparent, and built into the user experience, not hidden away in settings or behind customer support requests.

We’ve seen this model take hold in consumer tech. Apple now includes “privacy nutrition labels” for apps, showing users in plain English, what data is being collected. Their App Tracking Transparency prompts give people a binary choice: yes or no. It’s basic, but it makes privacy visible.

Australian company Atlassian has a dedicated Trust Center that centralises its security, compliance, and privacy information, guided by explicit privacy principles, openly embracing privacy by design. Australia’s Consumer Data Right regime also requires banks and fintech apps to offer privacy dashboards, allowing users to easily see and revoke third-party data access.

At Binance we’re putting this self-governance idea into action, too. In early 2024, we launched a Privacy Portal to demystify how we handle data and clearly outlines users’ privacy rights in a more intuitive way than a dense legal document. Then, in November, we launched the Privacy Centre that consolidates privacy tools in one place, where users can view, download, or request changes to their personal data in a few clicks.

Systems that enable self-governance foster trust, because when users can access, modify, or delete their data at any time, it shifts the balance of power back to them. Privacy by design raises the default standard, because at the end of the day, companies don’t own your data but are simply stewards of it.

Regulation is catching up – slowly

That’s not to say regulation doesn’t matter. Australia’s privacy laws are evolving in the right direction. The first wave of Privacy Act reforms passed in 2024, introducing stronger penalties for breaches and now, for the first time, giving Australians the right to sue for serious invasions of privacy. By 2026, transparency rules for automated decision-making will also take effect. A second wave of reforms is expected to expand individual rights further, potentially including the right to erasure.

But regulation will always move slower than innovation. If we want to prevent the next wave of privacy disasters, businesses need to lead, not wait to be told.

Of course, giving users more control doesn’t absolve organisations of their responsibilities. It instead acts to raise the bar. If you offer privacy tools, they need to work. If you collect data, you need to be accountable. And if something goes wrong – which in the finance sector, we must always be prepared for – transparency and remediation matter more than ever.

This is especially true in sectors like crypto, and we know we’re not immune from scrutiny. That’s precisely why we believe in systems and architecture that put users first as a product principle.

To me, the most sustainable privacy model is one that reflects what Australians are increasingly demanding: transparency, control, and accountability from the services they trust with their data. That’s the promise of privacy by design and the power of privacy self-governance.

It’s about rebalancing the relationship between people and their data, in shifting the idea from protection from risk to empowerment against risk.

Privacy by design and user self-governance won’t solve every challenge. But they offer the strongest foundation we have for building a smarter and more informed digital future.

The views, information, or opinions expressed in the interviews in this article are solely those of the contributing author and do not represent the views of Stockhead.

This article was developed in collaboration with Binance, a Stockhead advertiser at the time of publishing.

This article does not constitute financial product advice. You should consider obtaining independent advice before making any financial decisions.