Privacy by Design Adopted as ISO Standard

One of the first ISO standards of 2023 will help businesses to embed privacy into their products and services from Day 1 with Privacy by Design.

The new ISO 31700, scheduled for release on 08 February and officially titled “Consumer protection – Privacy by design for consumer goods and services”, is inspired by Ann Cavoukian’s seminal work, ‘Privacy by Design’, originally published in 2009.

The objective of Cavoukian’s seven original Privacy by Design principles was to allow businesses to use personal data to benefit commercially while at the same time making sure that the data was protected throughout its lifecycle. The principles were expanded in ISO 31700 to become a 30-step framework to help businesses integrate data privacy-thinking into their business processes.

Privacy by Design is a legal obligation for data controllers in an increasing number of jurisdictions internationally, including as described in Article 25 of the GDPR. In late 2022, the parent company of Facebook, Meta, was fined €265 million for breaching Article 25. The fine was the third largest ever levied on a company and the first time a fine was given specifically for Privacy by Design infractions.

ISO 31700 will help businesses comply with data privacy obligations through practical guidance including how to conduct privacy risk assessments, establishing and documenting privacy controls, data lifecycle management strategies, and preparing for and managing data breaches.