TIRANA, July 7
For all those concerned about online privacy, the General Directorate of Standardization published the new ISO/IEC 29184 standard. Can you count how many times you have received unwanted marketing mail or calls and you asked, how did they get my information, I have never subscribed? In Albania, this happens a lot.
“The document specifies controls that shape the content and structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals,” iso.org defines.
According to ISO, different types of devices that are connected to the internet from smartphones to fitness monitors normally collect geographical and biometric data. However, some companies can use such data without user consent to market their products and services. Moreover, this data can be sold to third parties.
Therefore, the new standard, developed jointly by ISO and the IEC’s committee on information security, cybersecurity, and privacy protection1), provides details on the implementation of privacy principles from ISO/IEC 29100. Specifically, it addresses consent and choice (Principle 1), and openness, transparency, and notice (Principle 7).
Committee Chair, Dr. Andreas Wolf, observes that “people are worried about the collection and use of personally identifiable information (PII) by online services. In many cases, that’s because there is no clear explanation of how PII is processed, stored, maintained, and managed. This new International Standard will help bring much-needed clarity and reassurance”.
For more information contact the General Directorate of Standardization