·  Legal News, Analysis, & Commentary


U.S. Technical Advisory Group Helps ISO/PC 317 Complete New Global Standard for Consumer Protection: Privacy by Design

— March 6, 2023

Cisco, Comcast, Dropbox, Indeed, Tencent America, TrustArc, Uber, U.S. NIST,
and Other Leading Organizations Represent U.S. Technical Advisory Group Under
ANSI and OASIS to ISO/PC 317

New York, NY, and Boston, MA – The U.S. Technical Advisory Group (TAG) for Consumer Privacy by Design successfully concluded its mission with the publication of a new global standard approved by the International Organization for Standardization (ISO). Administered by the American National Standards Institute (ANSI), in partnership with OASIS, the U.S. TAG was a major contributor to the new international privacy standard, ISO 31700, Consumer protection: privacy by design for consumer goods and services. This standard represents the first set of preventative international guidelines for assuring that consumer privacy is embedded into the design of a product or service, offering protection throughout the whole life cycle.

Members of the U.S. TAG included leading U.S. companies and government agencies committed to privacy rights for consumers. The U.S.TAG carried U.S. positions forward to ISO Project Committee (PC) 317, the international committee that developed ISO 31700-1 and a related technical report, ISO 31700-2, with the input of 17 participating member countries. The U.S. TAG provided extensive input into both documents, promoting and representing U.S. interests at each stage of the process.

“ISO 31700 is a significant development. Both those with experience — and those new to the domain of privacy by design — will find this standard an essential tool to guide them in creating goods and services with privacy by design,” said Jonathan Fox of Cisco and chair of the U.S. TAG to ISO/PC 317. “The U.S. TAG is pleased to have played a part in bringing ISO 31700 to the global community as an international standard.”

“Data protection is the work of many. Regulators, organizations, and human interest organizations all have a role to play to ensure that data is processed with respect for human rights. The new standard helps provide tools for organizations looking to implement statutory protections and good privacy policy for the data they manage. It focuses on the empowerment of the individual, transparency into data processing, and accountability and responsibility by those who process the data,” said Jules Polonetsky, chief executive officer of the Future of Privacy Forum. “Privacy by design and default is an essential part of the process, ensuring that data is protected from collection to deletion when it is no longer needed. We congratulate the companies and government agencies involved in this work and ANSI and OASIS for their support.”

The standard will impact online service providers, mobile application developers, providers of digitally connected consumer technologies, and more.

Sign saying We Respect Your Privacy; image by Marija Zaric, via
Sign saying We Respect Your Privacy; image by Marija Zaric, via

ISO 31700-1 and ISO 31700-2 will continue to be guided by the OASIS Privacy Management Reference Model (PMRM) and the 27561 Privacy Operational Model and Methodology for Engineering (POMME) in development now (based on the PMRM).

ISO hosted a webinar on February 8, 2023, to introduce ISO 31700. Access the slide deck from the event for more information.

Support from U.S. TAG Members

“Cisco is honored to have helped lead the U.S. Technical Advisory Group and contribute to the development of ISO 31700 – Consumer Protection, with Jonathan Fox serving as chair. This new standard will serve as an indispensable, tactical guide to privacy by design for companies of all sizes.” – Harvey Jang, vice president, deputy general counsel and chief privacy officer, Cisco

“Tencent America is proud to have played a role in shaping international privacy standards as a member of the ANSI. Tencent is committed to connecting people, services, and devices, as well as businesses and future technologies, to create mutually beneficial ecosystems for all. With this in mind, we will continue to align with the globally recognized consumer privacy standard set forth in ISO 317.” – Tencent spokesperson

“TrustArc was involved in the development of ISO 31700 from the outset and we believe that the publication of ISO 31700 highlights the importance for companies to build a culture of privacy and trust with consumers. Incorporating privacy by design principles throughout the life of a product is essential to helping companies meet their compliance goals.” – Chris Babel, CEO, TrustArc

About ANSI

The American National Standards Institute (ANSI) is a private non-profit organization whose mission is to enhance both the global competitiveness of U.S. business and the U.S. quality of life by promoting and facilitating voluntary consensus standards and conformity assessment systems, and safeguarding their integrity. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents and serves the diverse interests of more than 270,000 companies and organizations and 30 million professionals worldwide. ANSI is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC).

About OASIS Open

One of the most respected, nonprofit open source and open standards bodies in the world, OASIS Open advances the fair, transparent development of open source software and standards through the power of global collaboration and community. OASIS is the home for worldwide standards in IoT, cybersecurity, blockchain, privacy, cryptography, cloud computing, urban mobility, emergency management, and other content technologies. Many OASIS standards go on to be ratified by de jure bodies and referenced in international policies and government procurement.

Join the conversation!