ISO/IEC 29184:2020 Information technology — Online privacy notices and consent (Online Privacy Notice and Agreement1As the International Editor (Project Leader) of the 1 International Standards Development Award, I received the XNUMX International Standards Development Award. This award was originally presented to ISO/IEC JTCXNUMX as the Ministry of Economy, Trade and Industry's "Guidelines for Notice and Consent," and many suggestions were incorporated from the French authority CNIL and other organizations to create an international standard. I believe this award is of great value in ensuring transparency of privacy.
Why privacy transparency matters now
Our lives are becoming more digitalized than ever before. Broadband connections and the Internet are commonplace in our homes, and devices such as smartphones and smartwatches collect data on our behavior on a daily basis. And the technology to process this vast amount of data is improving dramatically.
This technological revolution has certainly brought great things – more convenient lives, innovative business opportunities, attractive services, and valuable experiences for all of us – but it has also given rise to new challenges.
Increasing "privacy awareness" among consumers
Consumers are more privacy conscious than ever before, and many are questioning how online services are collecting and using their personal information.
What is the root cause of this doubt and anxiety?"Insufficient explanation"The reality is that many companies do not provide sufficient and transparent explanations of how they process, store and manage the personal information they collect.
Two important initiatives required of companies
To improve this situation, companies need to do two main things:
1. Providing easy-to-understand information
When collecting personal information,A clear and easy to understand approachIt is important to explain the purpose of use and processing method in the terms of use, not to make them complicated and full of technical jargon, but to make them easy for the general public to read and understand.
2. Obtaining appropriate consent
Regarding the use of personal information, from usersA fair and transparent processAnd importantly, this consent must be something that can be revoked at any time.
Basic principles of privacy protection
These efforts are international standards.ISO / IEC 29100It is based on two of the 11 principles set out in:
- Principle 1: Consent and Choice – Individuals have choices about how their information is used
- Principle 7: Openness, transparency and notice – Companies must disclose how they handle information
Standards that apply to all online businesses
This standard applies to all online businesses that handle personal information, including not only large corporations but also small web service providers and any other businesses that manage employees' personal information.
Summary: To be a trusted company
Enjoying the benefits of digital technology while at the same time protecting individual privacy is an unavoidable challenge for modern companies. However, by maintaining appropriate transparency and properly obtaining user consent, companies can gain the trust of consumers and build sustainable businesses.
Privacy protection is not just a matter of complying with regulations, but a company's competitive edge. Now is the time to reassess your company's privacy practices.