From privacy by design to design for privacy.

Summary Privacy by design places the user's privacy and the protection of his/her personal data as a basic principle in the early stages of the design and decision-making process. In 2018, Privacy by Design will become a mandatory provision for any entity across the world which collects and processes European residents' personal data. In other words, more than a methodology, Privacy by Design is soon to become a legal requirement, the infringement of which may be subject to fines up to 2% of a company's total worldwide annual turnover. However, we argue in this article that Privacy by design is not merely a legal requirement that solution designers and providers need to comply with, but that the lack of respect for users' privacy is increasingly becoming a pain for users, with the aid of the pain-driven Radical Innovation Design (RID) methodology. Thus, we will show that Privacy by design may increase the value creation of a solution and that integrating privacy as a default setting in the design of a solution is becoming an essential factor for success on the market. This paper is a proposal and first attempt to evolve from Privacy by Design to a Design for Privacy.