The Internet-driven world shook when Facebook was recently exposed for having shared personal information about 87 million users to a private company, the aftershocks of which are still being felt as it becomes clear this is not a one-off event.

As new EU regulations come into force late this month that require companies to protect personal data, restricting the way it is collected and used, ISO is taking the consumer voice one step further. A team of privacy experts has been formed to develop the first set of preventative international guidelines for ensuring consumer privacy is embedded into the design of a product or service, offering protection throughout the whole life cycle.

The new ISO project committee, ISO/PC 3171)Consumer protection: privacy by design for consumer goods and services, was developed by ISO/COPOLCO, the ISO committee that deals with consumer issues in standardization. Its remit is to develop a standard that will not only enable compliance with regulations, but generate greater consumer trust at a time when it is needed most.

Speaking via video at an ISO international workshop dedicated to the issue, held in Bali, Indonesia, this week, internationally renowned Canadian privacy expert Dr Ann Cavoukian welcomed the move.

“The majority of privacy breaches remain unchallenged, unregulated and unknown,” she said. “Regulatory compliance alone is unsustainable as the sole model for ensuring the future of privacy. Prevention is needed.”

The ISO workshop, held under the theme “Consumer protection in the digital economy”, brought together more than 150 consumer and standardization experts from 34 countries and provided an opportunity for the new committee to share ideas and advance the project. It covered areas such as the impacts of data protection, artificial intelligence, the sharing economy and legislation on the online consumer experience.

Pete Eisenegger, ISO/COPOLCO’s lead person for data protection and privacy and member of ISO/PC 317, said that implementing the standard will help companies comply with regulations and avoid potentially devastating data breaches that erode consumers’ confidence in the digital world.

“It will place the consumer at the centre of the design process,” he said.

“It will allow goods and services providers to address all the life-cycle issues of privacy by design, so that consumers can have greater confidence in their purchases and take back control over the use of their data.

“What’s more, it will also go wider than the new EU regulations for data protection by also addressing cyber security of consumer products for us in our homes, right from the design stage.”

The standard will be of use to those providing digitally connected consumer products, such as home appliances and wearable devices, mobile application developers, online service providers and more.

Learn more about the ISO Committee on consumer policy, ISO/COPOLCO.


1) The secretariat of ISO/PC 317, Consumer protection: privacy by design for consumer goods and services, is held by BSI, ISO’s member for the UK.