O3 Ensure data privacy by design

• DPI should embed technical rules that enforce core privacy principles (e.g. data minimization, provisions to delink, and the ability to limit observability by purpose and time) and governments should enact legal safeguards around them.