It's a framework of ideas, so the "exactly" is hard to pin down if you're asking about how to do it. At the core, the idea that Privacy (like security and many other concerns) should be considered from the first steps of a product instead of being retrofitted after the design process. The latter leads to questions like "How can we make practice X more secure/more private?", when the better answer might be "X isn't a good idea, how can we achieve the same goal differently"
Thanks for the reference. I'm wondering how this principle may be applied in the field of AI where user data is often an essential asset. In particular, what are the AI companies that can legitimately claim to be private by design?
To me, it means that the thing being designed is private in a way that can not be meddled with.
I.e. encrypted messages, that a company couldn't give to the government even if they wanted to.
In practical terms, this might look like building a system where you purposely don't store or give the ability to access personal content, instead relying on systems that are either local (i.e. not online), encrypted or otherwise fully obfuscated.
I quite liked Heather Burn's article fro Smashing about it: https://www.smashingmagazine.com/2017/07/privacy-by-design-f... (written in the context of GDPR)