Privacy By Design Has Adopted as an ISO Standard

Privacy by Design (PbD), which was first proposed by a Canadian privacy commissioner Ann Cavoukian fourteen years ago, is now a global privacy standard for the security of consumer goods and services. The International Organization for Standardization’s (ISO) new standard ISO 31700, titled “Privacy by design for consumer goods and services”, has been released on 8 February 2023. Along with the standard, a separate document has also been published to outline possible use cases.

In this article, we outlined what PbD means and the importance of the new ISO standard in this regard.

What is Privacy by Design?

PbD is a framework for proactively embedding privacy into the design specifications and practices of technology systems, products, and services. Its aim is to ensure that privacy considerations are taken into account at every stage of the development process of goods and services and that privacy risks are mitigated. 

In this context, compliance to PbD is significant for a number of reasons:

• Protection of personal information: PbD helps to ensure that personal information is only collected and used for legitimate purposes and that it is stored and transmitted securely.Control over personal data: PbD gives individuals control over their own data by ensuring that they have the right to access, modify, and delete their personal information.Building trust: By incorporating privacy into the design of technology systems and products, it helps to build trust between consumers and companies.

PbD was also a highlight in the European Union Agency for Cybersecurity’s newly published report on 27 January 2023. The report explains how cybersecurity technologies and techniques can support the implementation of GDPR principles when sharing personal data. In this context, it analyses technical solutions for the implementation PbD in data sharing processes.

You can reach the report here.

What Is the Significance of the New ISO Standard?

The new ISO 31700 standard on PbD, contains general guidance on issues such as, designing capabilities to enable consumers to enforce their privacy rights, providing privacy information to consumers, conducting privacy risk assessments, establishing and documenting requirements for privacy controls, how to design privacy controls and managing a data breach.

In general, the standard aims to ensure that privacy is considered and protected at every development stage of the consumer goods and services, from conception to deployment.  Since PbD is also a legal obligation for data controllers in an increasing number of jurisdictions internationally, standard is of great importance. Ann Cavoukian considers this development as a “major milestone” in privacy.

We should note that the standard is designed to be utilized by a whole range of companies from startups to multinational enterprises. In addition to this, since the standard can be applied to any consumer good and product, it is expected that it will be adopted widely.

You can reach the official announcement of ISO regarding the standard here.

In conclusion, PbD is becoming increasingly crucial in our digitalized world, where privacy considerations are becoming a priority for individuals and organizations alike. Therefore, the new ISO 31700 standard on PbD constitutes a guidance for the companies to comply with the privacy regulations.

Tagged with: Gökçe, Yağmur Yollu, Elif Aksöz, Technology & Telecoms, PbD