Wiki for Privacy Standards and Privacy Projects

Between the 29th of December and the 9th of January 2018 a mail conversation took place in the WG5 mailing list triggered by a question posted by Nat Sakimura regarding ” WG5 position to the definition of "privacy" for the ISO/IEC JTC 1/SC 27/AG 1”. The conversation grew fast. Encompassing over 100+ mails going in many different directions. A decision was made to propose summarize the discussion on a high level. Hans Hedbom promised to do the high level summary. In the ISO/IEC JST1/SC 27 meeting in Wuhan (April 2018). It was decided to publish the summary (and subsequent versions) in this wiki. Hans will moderate these pages.

• Theme 1: Privacy is multidimensional and evolving.

• Theme 2: PII versus personal data?.

• Theme 3: Privacy as control.

• Theme 4: Consumer privacy needs.

• Theme 5: Conflicting legal issues.

• Theme 6: ”Data Privacy” is stable use established definitions.

• Theme 7: There is always a meaning explicit or implicit.

• Other items.

Moderator's favourite quote:

In 2018, it seems to me imperative that if international standards are to have any meaningful impact on actually providing privacy/data protection assurances, they must address the real world, where interconnected systems, storage, applications etc. don’t care about abstractions but run on and care only about code - that is where the privacy and data protection must live today. and where ISO can have real impact. Abstract definitions are necessary, but with the recognition that they are far removed from the reality of actually delivering privacy in today’s IT environments.

John Sabo

• The ISO, International Organization for Standardisation, has standards on e.g. Privacy Engineering or BigData

• The OpenID Foundation is a non-profit international standardization organization and has Workingroups regarding e.g. privacy and health related data

• The OASIS, Organization for the Advancement of Structured Information Standards, is e.g. working on Standards for Privacy Management Reference Model and Methodology.

• The W3C Activities, World Wide Web Consortium, has a privacy group working e.g. on Tracking Protection.

• The IETF Activities, Internet Engineering Taskforce, is working on the RFC 6973 "Privacy Considerations for Internet Protocols"

• The IEEE Activities

• The ITU Activities

• There exist diverse National Level Standards regarding privacy, some with which IPEN members are invovled, can be found here.

• The European commission has issued a mandate to European Standardisation Organisations, ESOs, to work on standards relating to privacy management of security products and related services.

• With its APP Pets project the Datenschutzzentrum (ULD) is working on privacy enhancing technologies for smart device apps

• The goal of AN.ON-Next by the Datenschutzzentrum (ULD) is to integrate processes for anonymization into the internet infrastructure.

• The CREDENTIAL project's goal is to enable end-to-end security and improved privacy in cloud identity management services for managing secure access control.

• The DNT Guide aims at helping website owners to implement the Do Not Track (DNT) standard.

• With the PARIS project sets out to define and demonstrate a methodological approach for the development of a surveillance infrastructure which enforces the right of citizens for privacy, justice and freedom.

• The mission of PRIPARE is to facilitate the application of a privacy and security-by-design methodology and to foster a risk management culture through educational material.

• The PRISMACLOUD produces tools to enable end-to-end security and thus allowing users to protect their privacy by cryptographic means.

• The Privacypatterns project provides building blocks for developers to advance privacy and data protection by design.

• Signatu provides a service for companies to MAP their data processing activities, to create privacy policies and to track their users consent or consent withdrawal.

• Multiple institutions have worked on Guidelines for Privacy and Data Protection Impact Assessments.

• You can find various Studies on Privacy and DP here.

• The OWASP Top 10 Project lists the current top 10 privacy risks.

• The Business Process Cookbook is an open repository to integrate Privacy and DP by design into business processes.

• Privacy related Events: see past and upcoming events in Europe

•  Presentations or interest on privacy

• The International Workshop on Privacy Engineering is a yearly event to share and discuss the lates reaserch in the field.