Personal data in the networked world is considered “the new oil” – its collection is said to enhance user experience but is in the control and for the profit of others, leading to a lack of transparency and erosion of privacy. Expectations surrounding what constitute a healthy privacy-protective relationship between individuals and organizations are being reset under the umbrella of the emerging Personal Data Ecosystem (PDE). The PDE is supported by new technologies and services, such as Personal Data Vaults (PDV) and data sharing platforms. These technologies and services allow individuals to control and manage their own information. While PDE developments are positive from a privacy perspective given the control they provide to the individual, in the wrong hands, one's PDV and activities within the PDE could be exploited as a major surveillance tool. The paper introduces Privacy by Design (PbD) which the author sees as essential to the success of the PDE. For several years, the Information and Privacy Commissioner of Ontario, Canada, has examined emerging technologies and best practices that are relevant to the PDE, which can assist in developing the PDE in a manner consistent with PbD. By following PbD, privacy in the PDE can indeed be assured.