The International Organization for Standardization (ISO) has brought together a team of privacy experts to develop the first set of preventative international guidelines to ensure consumer privacy is embedded into the design of a product or service.
In the wake of recent large-scale data privacy breaches, the new ISO committee is discussing guidelines that put customers back in control.
Last month, Facebook was exposed for having shared personal information about 87 million users to a private company.
But while Facebook are in the spotlight, many others aren’t being held to account as International privacy expert Dr Ann Cavoukian explains: “The majority of privacy breaches remain unchallenged, unregulated and unknown.
“Regulatory compliance alone is unsustainable as the sole model for ensuring the future of privacy. Prevention is needed.”
New EU regulations are coming into force late this month, which will require companies to protect personal data and restrict the way it is collected and used. The team of privacy experts at ISO will develop the first set of preventative international guidelines to ensure consumer privacy is embedded into the design of a product or service, offering protection throughout the whole life cycle.
The new ISO project committee, ISO/PC 317, Consumer Protection: privacy by design for consumer goods and services will develop guidelines to enforce compliance with regulations and generate greater consumer trust.
Consumer trust is mostly affected by issues with privacy of personal data. The ISO workshop will consider the impacts of data protection, artificial intelligence, the sharing economy and legislation on the online consumer experience.
Dr Cavoukian pioneered the concept of ‘privacy by design’, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices.
She said: “Giving consumers back their privacy is good for business: a win-win for consumers and business alike.
“With 90% of the population concerned about their privacy, there is a current lack of trust in business. Privacy by design will help to regain that trust by giving consumers privacy as the default. They no longer have to search for the ‘opt out’ box. Privacy is automatically built into the design and covers the full life cycle of the product.”
‘Privacy by design’ is now recognised as a core part of the EU General Data Protection Regulation (GDPR) and forms the basics of the ISO standardisation work now underway.
Implementing the standard will help companies comply with regulations and avoid potentially devastating data breached that erode consumers’ confidence in online services.
According to ISO/PC 137 Secretary Jean Stride, the new EU directives will catch many companies by surprise, yet penalties for non-compliance are high.
“The new standard being developed will place the consumer at the centre of the design process.
“It will allow goods and service providers to address all the life-cycle issues of privacy by design, so that consumers can have greater confidence in their purchases and take back control over the use of their data.”