Versions Compared

Old Version 14

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 15

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • ISO/IEC 29100:2011 Security and privacy techniques

  • ISO/IEC 29184: Online privacy notices and consentISO/IEC 31700:

  • Privacy by Design 31700-1:2023 : Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements

  • Fair Information Practice Principles (FTC) foundational principles

...

[Source: Conv 108+ Rec.20]

...


Digital Privacy

Adhering to the openness, transparency and notice principles means providing PII Principals with clear and easily accessible information about the PII Controller’s policies, procedures and practices with respect to the processing of PII;

  • including in notices the fact that PII is being processed, the purpose for which this is done, the types of privacy stakeholders to whom the PII might be disclosed, and the identity of the PII Controller including information on how to contact the PII Controller;

  • disclosing the choices and means offered by the PII Controller to PII Principals for the purposes of limiting the processing of, and for accessing, correcting and removing their information; and

  • giving notice to the PII Principals when major changes in the PII handling procedures occur.

[Source: ISO/IEC 29100]

To provide notice where it is required, in a language appropriate to PII Principals, at a time that permits PII Principals to meaningfully exercise consent, at places where it is easy for PII Principals to recognize.

[Source: ISO/IEC 29184: Art 5.2.1]

Notice may be required, among other situations, when the organization plans to collect new PII (from the PII Principal or from another source) or when it plans to use PII already collected for a new purposeThe reference to digital privacy specifies the not only the data category for a specific element, but also the field format, record structure, the attributes that populate the field elements, the attributes used in those fields, the ontology and vocabulary used to specify the attributes.

elements of which comprise arepresentation of physical privacy and surveillance context, online,

and understanding of the co-regulated digital privacy ‘technical’ context.

•representation of individual physical privacy online

•proportional and reciprocal access to privacy rights information and controls

  • access to privacy services and controls without identification

  • use of privacy services and controls for security and commerce

  • transparency over the active state of digital privacy in context

    • dynamic transparency and data control capacity

Notice

Adhering to the openness, transparency and notice principles means providing PII Principals with clear and easily accessible information about the PII Controller’s policies, procedures and practices with respect to the processing of PII;

  • including in notices the fact that PII is being processed, the purpose for which this is done, the types of privacy stakeholders to whom the PII might be disclosed, and the identity of the PII Controller including information on how to contact the PII Controller;

  • disclosing the choices and means offered by the PII Controller to PII Principals for the purposes of limiting the processing of, and for accessing, correcting and removing their information; and

  • giving notice to the PII Principals when major changes in the PII handling procedures occur.

[Source: ISO/IEC 29184]

The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, additionally, where appropriate, visualisation be used. Such information could be provided in electronic form, for example, when addressed to the public, through a website. This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising. Given that children merit specific protection, any information and communication, where processing is addressed to a child, should be in such a clear and plain language that the child can easily understand.

[GDPR Rec.58]

Principles relating to processing of personal data

Personally identifiable information must be processed lawfully, fairly, and in a transparent manner in relation to the Data Subject (‘lawfulness, fairness and transparency’);

[Conv 108+: Art.4(a)]

Broadly refers to any surveillance or privacy notice, notification, disclosure, statement, policy, sign, or signal used to indicate personal data processing.

[ANCR Notice Record Annex BIEC 29100]

To provide notice where it is required, in a language appropriate to PII Principals, at a time that permits PII Principals to meaningfully exercise consent, at places where it is easy for PII Principals to recognize.

[Source: ISO/IEC 29184: Art 5.2.1]

Notice may be required, among other situations, when the organization plans to collect new PII (from the PII Principal or from another source) or when it plans to use PII already collected for a new purpose.

[Source: ISO/IEC 29184]

The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, additionally, where appropriate, visualisation be used. Such information could be provided in electronic form, for example, when addressed to the public, through a website. This is of particular relevance in situations where the proliferation of actors and the technological complexity of practice make it difficult for the data subject to know and understand whether, by whom and for what purpose personal data relating to him or her are being collected, such as in the case of online advertising. Given that children merit specific protection, any information and communication, where processing is addressed to a child, should be in such a clear and plain language that the child can easily understand.

[GDPR Rec.58]

Principles relating to processing of personal data

Personally identifiable information must be processed lawfully, fairly, and in a transparent manner in relation to the Data Subject (‘lawfulness, fairness and transparency’);

[Conv 108+: Art.4(a)]

Broadly refers to any surveillance or privacy notice, notification, disclosure, statement, policy, sign, or signal used to indicate personal data processing.

[ANCR Notice Record Annex B]

Privacy by Design

In reference to privacy design methodologies in which privacy is considered and integrated into the initial design stage and throughout the complete lifecycle of products, processes or services (3.3) that involve processing of personally identifiable information (3.2), including product retirement (3.15) and the eventual deletion (3.26) of any associated personally identifiable information (3.2)

Note 1 to entry: The lifecycle also includes changes or updates.

[31700-1:2023 : Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements]

Notice Modalities

The organization may implement the control using different techniques: layered notices, dashboards, just-in-time notices, or icons, and may provide notices in a machine-readable format so that the software which is presenting it to the PII Principal can parse it to optimize the user interface and help PII Principals make decisions

...