Online services are increasingly accepted by the citizens. From data breaches reported by the media, it can be deduced that the level of protection of personal data sometimes leaves substantial room for improvement. Personal data might be exposed to hacking, unlawful interception or abuse while transported over public networks or stored in providers' servers. This brings financial risks (if financial information such as banking details are leaked), but may also expose sensitive information related to health or religion. These attacks also have a negative impact on the reputation of service providers. Hence, from both a user and a provider perspective, it is important to design privacy-friendly services with data minimization, adequate technical protection measures and monitoring services. The panel will discuss the intersection of the technical options for privacy by design and default, and the legal means to boost their implementation.