Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
International: ISO publishes 31700-1 and 31700-2 standards on consumer protection and Privacy by Design for consumer goods and services
The International Standards Organization ('ISO') published, on 31 January 2023, its standards ISO 31700-1:2023 and ISO/TR 31700-2:2023 on consumer protection and Privacy by Design for consumer goods and services, after approval of the project in 2019. In particular, ISO 31700-1 provides high level requirements for Privacy by Design to protect privacy throughout the lifecycle of a consumer product, including data processed by the consumer. In this regard, ISO explains that ISO 31700-1 does not contain specific requirements for the privacy assurances and commitments that organisations can offer consumers, nor does it specify particular methodologies that an organisation can adopt to design and implement privacy controls, or the technology that can be used to operate such controls.
Accordingly, ISO 31700-2 provides illustrative use cases, with associated analysis, chosen to assist in understanding the requirements of the ISO 31700-1. Furthermore, ISO explained that the intended audience includes engineers and practitioners who are involved in the development, implementation, or operation of digitally enabled consumer goods and services. In addition, according to its introduction, ISO 31700-2 is grounded in a consumer-focused approach, in which consumer privacy rights and preferences are placed at the heart of product development and operation, with use cases specifically for online retailing, a fitness company, and smart locks to help identify, clarify, and organise system requirements related to a set of goals, by illustrating a series of possible sequences of interactions between stakeholders and systems in a particular ecosystem.
Lastly, ISO 31700-1 defines Privacy by Design as design methodologies in which privacy is considered and integrated into the initial design stage and throughout the complete lifecycle of products, processes or services that involve processing of personally identifiable information, including product retirement and the eventual deletion of any associated personally identifiable information.
You can access ISO 31700-1 here, and its preview here, and ISO 31700-2 here, and its preview here.
