Two study groups could address privacy standards:
- SG17 security: https://www.itu.int/en/ITU-T/studygroups/2017-2020/17/Pages/default.aspx
- SG20: Internet of things (IoT) and smart cities and communities (SC&C): https://www.itu.int/en/ITU-T/studygroups/2017-2020/20/Pages/default.aspx
A study group can also create a focus group the role of which is to provide contributions that will later be an input to real standardisation work. For instance SG20 launched in March 2017 a Focus Group on Data Processing and Management to support IoT and Smart Cities & Communities: 
Standards and project
X.iotsec-3: Technical framework of PII (Personally Identifiable Information) handling system in IoT environment
Yutaka Miyake, Bo Yu
IoT devices can collect many kinds of data, and some kinds of data include PII (Personally Identifiable Information). Because the PII data is useful for several kinds of services, they can be shared with multiple service providers. It is better for users to handle own data including PII in IoT environment based on their intention. Because the situation of data usage in IoT environment with multiple service providers will be complicated, the user's intention on data usage should be reflected flexibly. For example, if the IoT platform has the following functions, the user can recognize that the collected data including PII can be controlled properly. The users can set up PII control preference. This preference includes the list of permitted data for shared by each service provider. The collected data is controlled access based on the PII control preference. Unauthorized data cannot be shared with other service providers. The users can check the history log of data sharing among the service providers. The users can understand the timing of data usage. This Recommendation will provide the technical framework of PII handling system for IoT environment to fulfil these functions.