Consequently the International Standards Organisation (ISO) has brought together a team of privacy experts to develop the first set of preventative international guidelines to ensure consumer privacy is embedded into the design of a product or service, intended to offer protection throughout the whole life cycle. The new ISO project committee, ISO/PC 317, Consumer protection: privacy by design for consumer goods and services, will develop guidelines that are intended to both enforce compliance with regulations and generate greater consumer trust.
International privacy expert Dr Ann Cavoukian, in a video address at the ISO workshop “Consumer protection in the digital economy”, in Bali, Indonesia, last week, commented, referencing GDPR, saying, “Regulatory compliance alone is unsustainable as the sole model for ensuring the future of privacy,” she added. “Prevention is needed.”
The ISO workshop will also consider the impacts of data protection, artificial intelligence, the sharing economy and legislation on the online consumer experience. Cavoukian adds, “With 90 percent of the population concerned about their privacy, there is a current lack of trust in business. Privacy by design will help to regain that trust by giving consumers privacy as the default. They no longer have to search for the ‘opt out' box. Privacy is automatically built into the design and covers the full life cycle of the product.”
“Privacy by design” is now recognised as a core part of the EU General Data Protection Regulation (GDPR) and forms the basis of the ISO standardisation work now underway. Implementing the standard will help companies comply with regulations and avoid potentially devastating data breaches that erode consumers' confidence in online services.
Jean Stride, secretary of ISO/PC 317, said the new EU directives …” will allow goods and service providers to address all the life-cycle issues of privacy by design, so that consumers can have greater confidence in their purchases and take back control over the use of their data.”