We’re more connected than ever before. The growth of hi-speed connections in our homes and offices has only been outstripped by the number of smartphones in our hands and wearable devices like fitness monitors.
Devices such as these collect and process your personal data. That might include geographical and biometric data, or the frequency and timing of interactions with the device. That’s legitimate, and useful for those who want to be able to get an objective insight into, say, their sleeping habits. But it also provides lucrative opportunities to companies who use such data to market their products and services, often without our informed consent.
As consumers become more aware of the type of information that’s being collected, many have expressed their discomfort. From the uneasy feeling that “someone is watching” you to the flagrant sale of your personal details to third parties, people are justifiably concerned about online privacy.
The new standard, developed jointly by ISO and the IEC’s committee on information security, cybersecurity and privacy protection1), provides details on the implementation of privacy principles from ISO/IEC 29100. Specifically, it addresses consent and choice (Principle 1), and openness, transparency and notice (Principle 7).
Committee Chair, Dr Andreas Wolf, observes that “people are worried about the collection and use of personally identifiable information (PII) by online services. In many cases, that’s because there is no clear explanation of how PII is processed, stored, maintained and managed. This new International Standard will help bring much-needed clarity and reassurance”.
In addition to providing clearer information about what kind of PII is being collected and how it is being used, ISO/IEC 29184 will help people to better understand just what they’re signing up to when they use connected services and, importantly, how to withdraw their consent.
1) ISO/IEC JTC 1/SC 27 is managed by ISO’s member for Germany, DIN.