General Information

Abstract

This document provides illustrative use cases, with associated analysis, to assist in understanding the requirements of ISO 31700-1. The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of digitally-enabled consumer goods and services.

Status
Published
Publication Date
06-Jul-2026
Technical Committee
SC 44 - ISO/IEC JTC 1/SC 44
Drafting Committee
SC 44 - ISO/IEC JTC 1/SC 44
Current Stage
6060 - International Standard published
Start Date
07-Jul-2026
Due Date
25-Oct-2026
Completion Date
07-Jul-2026

Buy Documents

Technical report

ISO/IEC TR 31700-2:2026 - Consumer protection — Privacy by design for consumer goods and services — Part 2: Use cases

Release Date:07-Jul-2026
English language (33 pages)
sale 15% off
Preview
sale 15% off
Preview

Overview

ISO/IEC TR 31700-2 is a technical report developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). As Part 2 of the ISO/IEC 31700 series, this document focuses on Consumer protection - Privacy by design for consumer goods and services - Use cases. It provides practical, illustrative use cases and related analyses to support engineers, privacy professionals, and practitioners in implementing the privacy by design requirements set forth in ISO/IEC 31700-1. The document is intended for those involved in the development, implementation, and operation of digitally enabled consumer goods and services where personally identifiable information (PII) is processed.

Key Topics

  • Privacy by Design: The document uses the privacy by design philosophy, focusing on integrating privacy considerations from the earliest design phase and throughout the complete lifecycle of consumer goods and services.
  • Use Case Methodology: It introduces a structured use case template, demonstrating how to identify privacy risks, management controls, and communication needs in real-world consumer scenarios.
  • Requirements Mapping: Each use case is analyzed in relation to the high-level requirements of ISO/IEC 31700-1, such as consumer communications, risk management, privacy controls, and end of PII lifecycle.
  • Stakeholder and Ecosystem Considerations: The document underscores the importance of understanding multiple perspectives, including those of consumers, engineers, and ecosystem partners, to ensure privacy protection is comprehensive and effective.

Applications

ISO/IEC TR 31700-2 is designed for a broad range of practical applications in digitally enabled consumer environments:

  • Consumer Goods and Services Engineering: Practitioners can use the use case analyses to design and update products and services-such as online retail platforms, fitness services, or smart home devices-with consumer privacy in mind.
  • Requirement Translation: Engineers and technical teams are able to translate abstract privacy requirements from ISO/IEC 31700-1 into concrete, actionable design and operational features using the document’s use case narratives.
  • Risk Assessment: By following the documented use case scenarios, organizations can systematically assess privacy risks, evaluate third-party vendor privacy capabilities, and put in place proactive privacy management practices.
  • Consumer Trust Building: The guidance helps businesses communicate privacy information transparently, respond to consumer inquiries, and prepare data breach communications, thereby building consumer trust and meeting regulatory expectations.
  • Lifecycle Management: The end-of-life protection of PII is emphasized, guiding practitioners through the retirement stage of consumer goods and services to ensure proper deletion and privacy preservation.

Related Standards

  • ISO/IEC 31700-1: Outlines the high-level requirements and recommendations for privacy by design in consumer goods and services. All use case analyses in Part 2 are directly aligned to these requirements.
  • ISO/IEC TR 27550: Provides foundational privacy engineering principles that inform lifecycle and protection goals referenced in the use cases.
  • NIST Privacy Framework: Used for cross-referencing privacy risk management controls and functions within the documented use cases.
  • ISO/IEC/IEEE 15288: Referenced for standard system lifecycle processes, emphasizing integration with privacy by design activities in product development.
  • OASIS PMRM: Cited as a supporting framework for operationalizing privacy controls within products and services ecosystems.

Conclusion

Implementing ISO/IEC TR 31700-2 enables organizations to operationalize privacy by design through detailed use case examples and step-by-step analyses mapped to international privacy standards. This not only enhances consumer protection but supports compliance, risk management, and the ongoing trustworthiness of digitally enabled goods and services in the global marketplace. For engineers and practitioners, it provides clear pathways to meet regulatory obligations and consumer expectations for privacy, from initial design to end-of-life data management.

Relations

Effective Date
26-Apr-2025

Buy Documents

Technical report

ISO/IEC TR 31700-2:2026 - Consumer protection — Privacy by design for consumer goods and services — Part 2: Use cases

Release Date:07-Jul-2026
English language (33 pages)
sale 15% off
Preview
sale 15% off
Preview

Get Certified

Connect with accredited certification bodies for this standard

BSI Group

BSI (British Standards Institution) is the business standards company that helps organizations make excellence a habit.

UKAS United Kingdom Verified

Bureau Veritas

Bureau Veritas is a world leader in laboratory testing, inspection and certification services.

COFRAC France Verified

DNV

DNV is an independent assurance and risk management provider.

NA Norway Verified

Sponsored listings

Frequently Asked Questions

ISO/IEC TR 31700-2:2026 is a technical report published by the International Organization for Standardization (ISO). Its full title is "Consumer protection — Privacy by design for consumer goods and services — Part 2: Use cases". This standard covers: This document provides illustrative use cases, with associated analysis, to assist in understanding the requirements of ISO 31700-1. The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of digitally-enabled consumer goods and services.

This document provides illustrative use cases, with associated analysis, to assist in understanding the requirements of ISO 31700-1. The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of digitally-enabled consumer goods and services.

ISO/IEC TR 31700-2:2026 is classified under the following ICS (International Classification for Standards) categories: 03.080.30 - Services for consumers; 03.100.01 - Company organization and management in general. The ICS classification helps identify the subject area and facilitates finding related standards.

ISO/IEC TR 31700-2:2026 has the following relationships with other standards: It is inter standard links to ISO/TR 31700-2:2023. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.

ISO/IEC TR 31700-2:2026 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.

Standards Content (Sample)


Technical
Report
ISO/IEC TR 31700-2
Second edition
Consumer protection — Privacy
2026-07
by design for consumer goods and
services —
Part 2:
Use cases
Protection des consommateurs — Respect de la vie privée assuré
dès la conception des biens de consommation et services aux
consommateurs —
Partie 2: Cas d’usage
Reference number
© ISO/IEC 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2026 – All rights reserved
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
[1]
5 Overview of ISO 31700-1 requirements and related concepts . 2
[1]
5.1 ISO 31700-1 requirements . .2
5.2 Related concepts .3
5.3 Viewpoints in the use cases .6
5.3.1 General .6
5.3.2 Consumer product viewpoint .6
5.3.3 Engineering framework viewpoint.7
5.3.4 Ecosystem viewpoint .7
6 Use case analysis . 7
6.1 General .7
6.2 Use case template .7
7 Use cases . 8
7.1 General .8
7.2 Online retailing .9
7.2.1 Online retailing use case main description .9
7.2.2 Online retailing consumer communication . 12
7.2.3 Online retailing summary . 13
7.2.4 Online retailing general requirements .14
7.2.5 Online retailing risk management . 15
7.2.6 Online retailing development, deployment and operation .16
7.2.7 Online retailing end of PII lifecycle .17
7.3 Fitness company . .18
7.3.1 Fitness company use case main description .18
7.3.2 Fitness company risk management of health application . 20
7.3.3 Fitness company consumer communication .21
7.4 Smart locks for homes' front doors .21
7.4.1 Smart locks product line main description .21
7.4.2 Smart locks basic configuration . 25
7.4.3 Smart locks colocation configuration . 26
7.4.4 Smart locks family configuration .27
7.4.5 Smart locks risk management . 29
7.4.6 Smart locks consumer communication . 30
7.4.7 Smart locks development, deployment and operation .31
Bibliography .33

© ISO/IEC 2026 – All rights reserved
iii
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical activity.
ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations,
governmental and non-governmental, in liaison with ISO and IEC, also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/
IEC Directives, Part 2 (see www.iso.org/directives or www.iec.ch/members_experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
use of (a) patent(s). ISO and IEC take no position concerning the evidence, validity or applicability of any
claimed patent rights in respect thereof. As of the date of publication of this document, ISO and IEC had not
received notice of (a) patent(s) which may be required to implement this document. However, implementers
are cautioned that this may not represent the latest information, which may be obtained from the patent
database available at www.iso.org/patents and https://patents.iec.ch. ISO and IEC shall not be held
responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www.iso.org/iso/foreword.html.
In the IEC, see www.iec.ch/understanding-standards.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 44, Consumer protection in the field of privacy by design.
This second edition cancels and replaces the first edition (ISO/TR 31700-2:2023), which has been technically
revised.
The main changes are as follows:
[1]
— the list of high-level requirements (Table 1) has been updated to align with ISO 31700-1 ;
— editorial corrections have been made to figures.
A list of all parts in the ISO/IEC 31700 series can be found on the ISO and IEC websites.
Any feedback or questions on this document should be directed to the user’s national standards
body. A complete listing of these bodies can be found at www.iso.org/members.html and
www.iec.ch/national-committees.

© ISO/IEC 2026 – All rights reserved
iv
Introduction
[1]
ISO 31700-1 provides high-level requirements and recommendations for organizations using privacy by
design in the development, maintenance and operation of consumer goods and services. These are grounded
in a consumer-focused approach, in which consumer privacy rights and preferences are placed at the heart
of product development and operation.
Use cases help to identify, clarify and organize system requirements related to a set of goals, by illustrating a
series of possible sequences of interactions between stakeholder(s) and system(s) in a particular ecosystem.
[2]
The use cases in this document use a template that is based on IEC 62559-2 while enabling a focus on
privacy by design challenges.
Although a wide range of use cases exist, this document focuses on three sample use cases to illustrate the
[1]
implementation of ISO 31700-1 : online retailing, a fitness company and smart locks.

© ISO/IEC 2026 – All rights reserved
v
Technical Report ISO/IEC TR 31700-2:2026(en)
Consumer protection — Privacy by design for consumer
goods and services —
Part 2:
Use cases
1 Scope
This document provides illustrative use cases, with associated analysis, to assist in understanding the
[1]
requirements of ISO 31700-1 .
The intended audience includes engineers and practitioners who are involved in the development,
implementation or operation of digitally-enabled consumer goods and services.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
privacy by design
design methodologies in which privacy is considered and integrated into the initial design stage and
throughout the complete lifecycle of products, processes or services that involve processing of personally
identifiable information, including product retirement and the eventual deletion of any associated personally
identifiable information
Note 1 to entry: The lifecycle also includes changes or updates.
[3]
[SOURCE: ISO 31700-1:2023 , 3.5]
3.2
use case
description of a sequence of interactions of a consumer and a consumer product used to help identify, clarify
and organize requirements to support a specific business goal
Note 1 to entry: Consumers can be users, engineers, or systems.
Note 2 to entry: Systems of interest in this document are consumer goods systems or service systems.
[3]
[SOURCE: ISO 31700-1:2023 , 3.22, modified — Note 2 to entry has been added.]

© ISO/IEC 2026 – All rights reserved
4 Abbreviated terms
HCI human computer interface
NIST National Institute of Standards and Technology
PII personally identifiable information
[1]
5 Overview of ISO 31700-1 requirements and related concepts
[1]
5.1 ISO 31700-1 requirements
[1]
Table 1 lists the subclauses containing requirements from ISO 31700-1 , categorized as:
[3]
— general (ISO 31700-1:2023 , Clause 4);
[3]
— consumer communication requirements (ISO 31700-1:2023 , Clause 5);
[3]
— risk management requirements (ISO 31700-1:2023 , Clause 6);
[3]
— developing, deploying and operating designed privacy controls (ISO 31700-1:2023 , Clause 7);
[3]
— end of PII lifecycle requirements (ISO 31700-1:2023 , Clause 8).
Table 1 — ISO 31700-1 requirements
Category ISO 31700-1:2023 subclause number
General 4.2 Designing capabilities to enable consumers to enforce their privacy rights
4.3 Developing capability to determine consumer privacy preferences
4.4 Designing human computer interface (HCI) for privacy
4.5 Assigning relevant roles and authorities
4.6 Establishing multi-functional responsibilities
4.7 Developing privacy knowledge, skill and ability
4.8 Ensuring knowledge of privacy controls
4.9 Documentation and information management
Consumer communication 5.2 Provision of privacy information
requirements
5.3 Accountability for providing privacy information
5.4 Responding to consumer inquiries and complaints
5.5 Communicating to diverse consumer population
5.6 Prepare data breach communications
Risk management 6.2 Conducting a privacy risk assessment
requirements
6.3 Assessing privacy capabilities of third parties
6.4 Establishing and documenting requirements for privacy controls
6.5 Monitoring and updating risk assessment
6.6 Including privacy risks in cybersecurity resilience design

© ISO/IEC 2026 – All rights reserved
TTabablele 1 1 ((ccoonnttiinnueuedd))
Category ISO 31700-1:2023 subclause number
Developing, deploying 7.2 Integrating the design and operation of privacy controls into the products develop-
and operating designed ment and management lifecycles
privacy controls
7.3 Designing privacy controls
7.4 Implementing privacy controls
7.5 Designing privacy control testing
7.6 Managing the transition of privacy controls
7.7 Managing the operation of privacy controls
7.8 Preparing for and managing a privacy breach
7.9 Operating privacy controls for the processes and products upon which the product in
scope depends upon throughout the PII lifecycle
End of PII lifecycle 8.2 Designing privacy controls for retirement and end of use
requirements
5.2 Related concepts
[1]
The tables in this subclause illustrate the relationships between the requirements of ISO 31700-1 and
related privacy engineering concepts, categorized as follows:
— lifecycle processes (Table 2);
[4]
— privacy protection goals, see ISO/IEC TR 27550 (Table 3;)
[5]
— NIST Privacy Framework functions, (Table 4);
— NIST privacy engineering objectives (Table 5).
The resulting relations are shown in Table 6.
Table 2 — Lifecycle processes
Activities carried out by the organization to define and maintain policies related to priva-
Organization policies
cy by design.
Product design and Activities carried out by the organization to design and develop consumer goods or servic-
development es.
Activities carried out by the organization to manage privacy when consumer goods or
Product use
services are in use.
Table 3 — Privacy protection goals
Property that privacy-relevant data cannot be linked across domains that are constituted
by a common purpose and context.
Unlinkability
NOTE This ensures that a PII principal can make multiple uses of resources or services
without others being able to link these uses together.
Property that ensures that all privacy-relevant data processing, including the legal, techni-
Transparency
cal and organizational setting, can be understood as documented or stated.
Property that ensures that PII principals, PII controllers, PII processors and supervisory
Intervenability
[6]
authorities can intervene in all privacy-relevant data processing.

© ISO/IEC 2026 – All rights reserved
Table 4 — NIST Privacy Framework functions
Develop the organizational understanding to manage privacy riskarising from data pro-
Identify-P
cessing for individuals.
Develop and implement the organizational governance structure to enable an ongoing un-
Govern-P derstanding of the organization’s risk management priorities that are informed by privacy
risk.
Develop and implement appropriate activities to enable organizations or individuals to
Control-P
manage data with sufficient granularity to manage privacy risks.
Develop and implement appropriate activities to enable organizations and individuals to
Communicate-P have a reliable understanding and engage in a dialogue about how data are processed and
associated privacy risks.
Protect-P Develop and implement appropriate data processing safeguards.
Table 5 — NIST privacy engineering objectives
Enabling reliable assumptions by individuals, owners and operators about data and their
Predictability
processing by a system, product or service.
Providing the capability for granular administration of data, including alteration, deletion
Manageability
and selective disclosure.
Enabling the processing of data or events without association to individuals or devices
Disassociability
beyond the operational requirements of the system.
Table 6 — ISO 31700-1 requirements relationship with associated concepts
NIST Privacy NIST privacy
Category of ISO 31700-1 re- Lifecycle Privacy
Framework engineering
requirement quirement location processes protection goals
functions objectives
4.2 Designing capa-
Intervenability Predictability
bilities to enable con- Product design Control-P, Com-
sumers to enforce and development municate-P
Transparency Manageability
their privacy rights
4.3 Developing capa-
Intervenability
bility to determine Product design Control-P, Com-
Predictability
consumer privacy and development municate-P
Transparency
preferences
4.4 Designing human
Predictability
Product design
computer interface Transparency Communicate-P
and development
Manageability
(HCI) for privacy
4.5 Assigning
Organization
relevant roles and - Govern-p Manageability
policies
General
authorities
4.6 Establishing
Organization
multi-functional - Govern-P Manageability
policies
responsibilities
4.7 Developing priva-
Organization
cy knowledge, skill - Govern-P Manageability
policies
and ability
4.8 Ensuring knowl-
Manageability
Organization
edge of privacy - Govern-P
policies
Disassociability
controls
4.9 Documentation
Organization
and information - Govern-P Manageability
policies
management
© ISO/IEC 2026 – All rights reserved
TTabablele 6 6 ((ccoonnttiinnueuedd))
NIST Privacy NIST privacy
Category of ISO 31700-1 re- Lifecycle Privacy
Framework engineering
requirement quirement location processes protection goals
functions objectives
5.2 Provision of pri- Organization
Transparency Communicate-P Predictability
vacy information policies
5.3 Accountability
Predictability
Organization Govern-P Com-
for providing privacy Transparency
policies municate-P
Manageability
information
5.4 Responding to
Predictability
Consumer
consumer inquiries Product use Transparency Communicate-P
communication
Manageability
and complaints
requirements
5.5 Communicating
to diverse consumer Product use Transparency Communicate-P Predictability
population
5.6 Prepare data
breach communica- Product use Transparency Communicate-P Predictability
tions
Predictability
6.2 Conducting a pri- Product design
Unlinkability Identify-P Manageability
vacy risk assessment and development
Disassociability
Predictability
6.3 Assessing pri-
Product design Identify-P, Pro-
vacy capabilities of Unlinkability Manageability
and development tect-P
third parties
Disassociability
6.4 Establishing
Unlinkability Predictability
Identify-P, Con-
Risk management
and documenting Product design
Intervenability trol-P, Communi- Manageability
requirements
requirements for and development
cate-P
Transparency Disassociability
privacy controls
Predictability
6.5 Monitoring and
Identify-P,
Product design
updating risk assess- Unlinkability Manageability
and development
Govern-P
ment
Disassociability
6.6 Including privacy
Organization Identify-P, Pro-
risks in cybersecuri- Unlinkability -
policies tect-P
ty resilience design
© ISO/IEC 2026 – All rights reserved
TTabablele 6 6 ((ccoonnttiinnueuedd))
NIST Privacy NIST privacy
Category of ISO 31700-1 re- Lifecycle Privacy
Framework engineering
requirement quirement location processes protection goals
functions objectives
7.2 Integrating the
design and operation
Unlinkability Predictability
of privacy controls Organization
Intervenability Protect-P Manageability
into the products de- policies
Transparency Disassociability
velopment and man-
agement lifecycles
Unlinkability Predictability
7.3 Designing priva- Product design
Intervenability Protect-P Manageability
cy controls and development
Transparency Disassociability
Unlinkability Predictability
7.4 Implementing Product design
Intervenability Protect-P Manageability
privacy controls and development
Transparency Disassociability
Unlinkability Predictability
7.5 Designing priva- Product design
Intervenability Protect-P Manageability
cy control testing and development
Developing,
Transparency Disassociability
deploying and op-
Predictability
erating designed 7.6 Managing the
Intervenability
Organization Control-P, Com-
privacy controls transition of privacy Manageability
policies municate-P
Transparency
controls
Disassociability
Predictability
7.7 Managing the
Intervenability
Organization Control-P, Com-
operation of privacy Manageability
policies municate-P
Transparency
controls
Disassociability
7.8 Preparing for and
Organization Protect-P, Con-
managing a privacy - -
policies trol-P
breach
7.9 Operating privacy
controls for the pro-
cesses and products
Control-P, Com-
upon which the prod- Product use - -
municate-P
uct in scope depends
upon throughout the
PII lifecycle
8.2 Designing pri-
Predictability
End of PII lifecy- vacy controls for Product design Control-P, Com-
- Manageability
cle requirements retirement and end and development municate-P
Disassociability
of use
5.3 Viewpoints in the use cases
5.3.1 General
The viewpoints presented here are shown in the sequence diagrams of the use cases in Clause 7.
5.3.2 Consumer product viewpoint
Consumer products and associated organizational practices protect consumers’ privacy when the product is
in use and throughout the PII lifecycle, while the PII is under the organization’s purview.
During product development, considering how a product is likely to be used in practice can require a number
of different contexts and situations to be evaluated. Different users with different capabilities need to be
catered for. This is particularly relevent given that the product, once in the possession of a consumer, is
operated in unconstrained circumstances where the consumers' understanding and abilities can, and often

© ISO/IEC 2026 – All rights reserved
do, vary considerably. Consumer use can also change over time and vary between cultures or demographic
groups.
For each type of use covered in this document, the precise definition of use is coupled with a description of
how the product and any associated organizational processes would operate so as to protect privacy.
5.3.3 Engineering framework viewpoint
The development and management of privacy controls is an essential part of the engineering of consumers
products. The resulting engineering framework combines:
[7]
— processes based on standards such as ISO/IEC/IEEE 15288 ;
— extensions of such processes that integrate privacy engineering. These extensions can be based on
[4] [5]
ISO/IEC TR 27550 with the support of frameworks such as the NIST Privacy Framework, and the
[8]
use of OASIS PMRM to operationalize privacy principles;
[1]
— the integration of the consumer product viewpoint, which is supported by ISO 31700-1 .
5.3.4 Ecosystem viewpoint
Consumer products involve two ecosystems:
— the supply chain, i.e. the ecosystem associated with the system lifecycle process. This involves
organization and contractual activities on the privacy capabilities provided by third parties;
— the data space, i.e. the ecosystem associated with users and providers of data. This involves organization
and contractual activities on data sharing.
6 Use case analysis
6.1 General
A use case template has been developed in order to illustrate the use case examples in a consistent manner.
The template is structured in such a way as to provide the information that illustrates the use of ISO 31700-1
[1]
.
— The entries for the main narrative are general. They include ID: use case name; description of product,
service or process; privacy protection goal; ecosystem and systems of interest; users, stakeholders; PII;
purpose; and use case narrative.
[1]
— The entries for the extended narratives follow the requirements of ISO 31700-1 : general requirements;
consumer communication requirements; risk management requirements; development, deployment and
operations of designed privacy controls; and end of PII lifecycle requirements.
6.2 Use case template
Table 7 provides a template for the main narrative of a use case.

© ISO/IEC 2026 – All rights reserved
Table 7 — Template for main narrative
Entry Entry description
ID Unique identification
Use case name Meaningful name
Description of product, service Short description of product
or process
Privacy protection goal Short description of privacy protection goals
Ecosystem and systems of Describe systems of interest
interest
Users Describe users
Stakeholders Describe stakeholders
PII Describe PII collected
Purpose Describe purpose of PII collection
Main narrative Short narrative on consumer goods and services (possibly with a sequence dia-
gram)
Table 8 provides a template for the extended narratives of a use case.
Table 8 — Template for extended narratives
Entry Entry description
ID Unique identification
Use case name Meaningful name
Additional narrative Narrative describing a specific variation, or focusing on the use of requirements
[1]
in a specific clause of ISO 31700-1 . When possible, a sequence diagram is pro-
vided. Table 9 lists possible categories of narratives.
[1]
Table 9 lists possible categor
...