ISO/TR 31700-2:2023

SLOVENSKI STANDARD
01-maj-2024
Varstvo potrošnikov - Vgrajena zasebnost za potrošniško blago in storitve - 2. del:
Primeri uporabe
Consumer protection — Privacy by design for consumer goods and services — Part 2:
Use cases
Protection des consommateurs — Respect de la vie privée assuré dès la conception des
biens de consommation et services aux consommateurs — Partie 2: Cas d’usage
Ta slovenski standard je istoveten z: ISO/TR 31700-2:2023
ICS:
03.080.30 Storitve za potrošnike Services for consumers
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL ISO/TR
REPORT 31700-2
First edition
2023-01
Consumer protection — Privacy
by design for consumer goods and
services —
Part 2:
Use cases
Protection des consommateurs — Respect de la vie privée assuré
dès la conception des biens de consommation et services aux
consommateurs —
Partie 2: Cas d’usage
Reference number
© ISO 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 2
5 Overview of ISO 31700-1 requirements and related concepts . 2
5.1 ISO 31700-1 Requirements . 2
5.2 Related concepts . 3
5.3 Viewpoints in the use cases . 6
5.3.1 General . 6
5.3.2 Consumer product viewpoint . 6
5.3.3 Engineering framework viewpoint. 7
5.3.4 Ecosystem viewpoint . 7
6 Use case analysis . 7
6.1 General . 7
6.2 Use case template . 7
7 Use cases . 8
7.1 General . 8
7.2 On-line retailing . 9
7.2.1 On-line retailing use case main description . 9
7.2.2 On-line retailing consumer communication . 11
7.2.3 On-line retailing summary .12
7.2.4 On-line retailing general requirements .13
7.2.5 On-line retailing risk management . 14
7.2.6 On-line retailing development, deployment and operation .15
7.2.7 On-line retailing end of PII lifecycle . 16
7.3 Fitness company . . 17
7.3.1 Fitness company use case main description . 17
7.3.2 Fitness company risk management of health application . 19
7.3.3 Fitness company consumer communication . 20
7.4 Smart locks for homes front doors . 21
7.4.1 Smart locks product line main description . 21
7.4.2 Smart locks basic configuration . 24
7.4.3 Smart locks colocation configuration . 25
7.4.4 Smart locks family configuration . 26
7.4.5 Smart locks risk management . 27
7.4.6 Smart locks consumer communication .28
7.4.7 Smart locks development, deployment and operation .29
Bibliography .31
iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Project Committee ISO/PC 317, Consumer Protection – privacy by design
for consumer goods and services.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
Introduction
[1]
ISO 31700-1 provides high-level requirements and recommendations for organizations using privacy
by design in the development, maintenance and operation of consumer goods and services. These are
grounded in a consumer-focused approach, in which consumer privacy rights and preferences are
placed at the heart of product development and operation.
Use case help to identify, clarify and organize system requirements related to a set of goals, by
illustrating a series of possible sequences of interactions between stakeholder(s) and system(s) in a
particular ecosystem.
[2]
The use cases in this document use a template that is based on IEC 62559-2 while enabling a focus on
privacy by design challenges and on the ISO 31700-1 requirements.
Although there are a wide range of use cases, this document provides three sample use cases to help
further understand the implementation of ISO 31700-1: on-line retailing, a fitness company and smart
locks.
v
TECHNICAL REPORT ISO/TR 31700-2:2023(E)
Consumer protection — Privacy by design for consumer
goods and services —
Part 2:
Use cases
1 Scope
This document provides illustrative use cases, with associated analysis, chosen to assist in
understanding the requirements of 31700-1.
The intended audience includes engineers and practitioners who are involved in the development,
implementation or operation of digitally enabled consumer goods and services.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org
3.1
privacy by design
design methodologies in which privacy is considered and integrated into the initial design stage
and throughout the complete lifecycle of products, processes or services that involve processing of
Personally Identifiable Information, including product retirement and the eventual deletion of any
associated personally identifiable information
Note 1 to entry: The lifecycle also includes changes or updates.
[SOURCE: ISO 31700-1:2023, 3.5]
3.2
use case
description of a sequence of interactions of a consumer and a consumer product used to help identify,
clarify, and organize requirements to support a specific business goal
Note 1 to entry: Consumers can be users, engineers, of systems.
Note 2 to entry: A system of interest in this document is a consumer goods or service.
[SOURCE: ISO 31700-1:2023, 3.22, modified — note 2 added]
4 Abbreviated terms
NIST National Institute of Standards and Technology
PII Personally identifiable information
5 Overview of ISO 31700-1 requirements and related concepts
5.1 ISO 31700-1 Requirements
[1]
Table 1 lists ISO 31700-1:2023 requirements, categorised as:
— general (ISO 31700-1:2023, clause 4);
— consumer communication requirements (ISO 31700-1:2023, clause 5);
— risk management requirements (ISO 31700-1:2023, clause 6);
— develop, deploy and operated privacy controls (ISO 31700-1:2023, clause 7);
— end of PII lifecycle requirements (ISO 31700-1:2023, clause 8).
Table 1 — ISO 31700-1 requirements
Category ISO 31700-1 section number and requirement
4.2 Design capabilities to enable consumers to enforce their privacy rights
4.3 Develop capability to determine consumer privacy preferences
4.4 Design human computer interface (HCI) for privacy
4.5 Assign relevant roles and authorities
General
4.6 Establish multi-disciplinary responsibilities
4.7 Develop privacy knowledge, skill and ability
4.8 Ensure knowledge of privacy controls
4.9 Documented information management
5.2 Provision of privacy information
5.3 Accountability of responsible persons to providing privacy information
Consumer communica-
5.4 Responding to consumer inquiries and complaints
tion requirements
5.5 Communicating to diverse consumer population
5.6 Prepare data breach communications
6.2 Conduct a privacy risk assessment
6.3 Assess privacy capabilities of third parties
Risk management re-
6.4 Establish and document requirements for privacy controls
quirements
6.5 Monitor and update risk assessment
6.6 Include privacy risks in cybersecurity resilience design
TTabablele 1 1 ((ccoonnttiinnueuedd))
Category ISO 31700-1 section number and requirement
7.2 Integrate the design and operation of privacy controls into the products develop-
ment and management lifecycles
7.3 Design privacy controls
7.4 Implement privacy controls
Develop, deploy and
7.5 Design privacy control testing
operate designed privacy
7.6 Manage the transition of privacy controls
controls
7.7 Manage the operation of privacy controls
7.8 Prepare breach management
7.9 Operate privacy controls for the processes and products that the product in
scope depends upon through the PII lifecycle
End of PII lifecycle re-
8.2 Design privacy controls for retirement and end of use
quirements
5.2 Related concepts
The tables in this clause illustrate the relationships between the requirements of ISO 31700-1 and
related privacy engineering concepts:
— lifecycle processes as shown in Table 2;
[5]
— privacy protection goals, as shown in Table 3.
[7]
— NIST Privacy framework functions, as shown in Table 4;
— NIST privacy engineering objectives as shown in Table 5.
The resulting relations are shown in Table 6.
Table 2 — Lifecycle processes
Activities carried out by the organisation to define and maintain policies related to
Organisation policies
privacy by design
Product design and Activities carried out by the organisation to design and develop consumer goods or
development services
Activities carried out by the organisation to manage privacy when consumer goods or
Product use
services are in use
Table 3 — Privacy protection goals
Property that privacy-relevant data cannot be linked across domains that are consti-
tuted by a common purpose and context
Unlinkability
NOTE It ensures that a PII principal can make multiple uses of resources or services
without others being able to link these uses together
Property that ensures that all privacy-relevant data processing including the legal,
Transparency
technical and organizational setting can be understood as documented or stated
Property that ensures that PII principals, PII controllers, PII processors and supervi-
Intervenability
[12]
sory authorities can intervene in all privacy-relevant data processing
Table 4 — NIST Privacy Framework functions
Develop the organizational understanding to manage privacy risk for individuals aris-
Identify-P
ing from data processing
TTabablele 4 4 ((ccoonnttiinnueuedd))
Develop and implement the organizational governance structure to enable an ongoing
Govern-P understanding of the organization’s risk management priorities that are informed by
privacy risk
Develop and implement appropriate activities to enable organizations or individuals
to manage data with sufficient granularity to manage privacy risks
Control-P
Develop and implement appropriate activities to enable organizations and individuals
Communicate-P to have a reliable understanding and engage in a dialogue about how data are pro-
cessed and associated privacy risks
Protect-P Develop and implement appropriate data processing safeguards
Table 5 — NIST privacy engineering objectives
Enabling reliable assumptions by individuals, owners, and operators about data and
Predictability
their processing by a system, product, or service
Providing the capability for granular administration of data, including alteration, dele-
Manageability
tion, and selective disclosure
Enabling the processing of data or events without association to individuals or devices
Disassociability
beyond the operational requirements of the system
Table 6 — ISO 31700-1 requirements relationship with associated concepts
Privacy protec- NIST Privacy NIST privacy
Category of ISO 31700-1 Re- Lifecycle pro-
tion goals Framework engineering
requirement quirement cesses
functions objectives
4.2 Design capabil-
Intervenability Predictablity
ities to enable con- Product design Control-P, Com-
sumers to enforce and development municate-P
Transparency Manageability
their privacy rights
4.3 Develop capa-
Intervenability
bility to determine Product design Control-P, Com-
Predictability
consumer privacy and development municate-P
Transparency
preferences
4.4 Design human
Predictablity
Product design
computer interface Transparency Communicate-P
and development
Manageability
(HCI) for privacy
4.5 Assign relevant
Organisation
roles and authori- - Govern-p Manageability
policies
General
ties
4.6 Establish
Organisation
multi-disciplinary - Govern-P Manageability
policies
responsibilities
4.7 Develop privacy
Organisation
knowledge, skill - Govern-P Manageability
policies
and ability
4.8 Ensure knowl-
Manageability
Organisation
edge of privacy - Govern-P
policies
Disassociability
controls
4.9 Documented
Organisation
information man- - Govern-P Manageability
policies
agement
TTabablele 6 6 ((ccoonnttiinnueuedd))
Privacy protec- NIST Privacy NIST privacy
Category of ISO 31700-1 Re- Lifecycle pro-
tion goals Framework engineering
requirement quirement cesses
functions objectives
5.2 Provision of pri- Organisation
Transparency Communicate-P Predictability
vacy information policies
5.3 Accountability
Predictability
of responsible per- Organisation Govern-P Com-
Transparency
sons to providing policies municate-P
Manageability
privacy information
Consumer 5.4 Responding to
Predictability
communication consumer inquiries Product use Transparency Communicate-P
Manageability
requirements and complaints
5.5 Communicating
to diverse consumer Product use Transparency Communicate-P Predictability
population
5.6 Prepare data
breach communica- Product use Transparency Communicate-P Predictability
tions
Product design Predictability
6.2 Conduct a priva- and development
Unlinkability Identify-P Manageability
cy risk assessment
Disassociability
Product design Predictability
6.3 Assess privacy
and development Identify-P, Pro-
capabilities of third Unlinkability Manageability
tect-P
parties
Disassociability
6.4 Establish and Product design Unlinkability Predictability
Risk manage- Identify-P, Con-
document require- and development
ment require- Intervenability trol-P, Communi- Manageability
ments for privacy
ments cate-P
controls
Transparency Disassociability
Product design Predictability
6.5 Monitor and
Identify-P,
and development
update risk assess- Unlinkability Manageability
Govern-P
ment
Disassociability
6.6 Include privacy
risks in cyberse- Organisation Identify-P, Pro-
Unlinkability -
curity resilience policies tect-P
design
TTabablele 6 6 ((ccoonnttiinnueuedd))
Privacy protec- NIST Privacy NIST privacy
Category of ISO 31700-1 Re- Lifecycle pro-
tion goals Framework engineering
requirement quirement cesses
functions objectives
7.2 Integrate the de-
sign and operation
Unlinkability Predictability
of privacy controls
Organisation
into the products Intervenability Protect-P Manageability
policies
development and
Transparency Disassociability
management life-
cycles
Product design Unlinkability Predictability
7.3 Design privacy and development
Intervenability Protect-P Manageability
controls
Transparency Disassociability
Product design Unlinkability Predictability
7.4 Implement pri- and development
Intervenability Protect-P Manageability
vacy controls
Transparency Disassociability
Product design Unlinkability Predictability
7.5 Design privacy and development
Develop, deploy
Intervenability Protect-P Manageability
control testing
and operate
Transparency Disassociability
designed privacy
controls
Predictability
7.6 Manage the
Intervenability
Organisation Control-P, Com-
transition of priva- Manageability
policies municate-P
Transparency
cy controls
Disassociability
Predictability
7.7 Manage the
Intervenability
Organisation Control-P, Com-
operation of privacy Manageability
policies municate-P
Transparency
controls
Disassociability
7.8 Prepare breach Organisation - Protect-P, Con-
-
management policies trol-P
7.9 Operate privacy
controls for the pro-
cesses and products
Control-P, Com-
that the product in Product use - -
municate-P
scope depends upon
through the PII
lifecycle
Predictability
8.2 Design privacy
End of PII lifecy- Product design Control-P, Com-
controls for retire- - Manageability
cle requirements and development municate-P
ment and end of use
Disassociability
5.3 Viewpoints in the use cases
5.3.1 General
The viewpoints presented here are shown in the sequence diagrams of the use cases in Clause 7.
5.3.2 Consumer product viewpoint
Consumer products and associated organisational practices protect consumers’ privacy when the
product is in use and throughout the PII lifecycle while the PII is under the organisation’s purview.
Considering how a product is likely to be used in practice, during product development, can require a
number of different contexts and situations to be evaluated. Different users with different capabilities
are catered for. This applies as the product, once in the possession of a consumer user, is operated in
unconstrained circumstances where the consumer’s understanding and abilities can, and often do, vary
considerably.
For each type of use the precise definition of use is coupled with an accurate description of how the
product and any associated organisational processes would operate so as to protect privacy.
Finally, consumer use can change over time and vary between cultures or demographic groups.
5.3.3 Engineering framework viewpoint
The development and management of privacy controls is an essential part of the engineering of
consumers products. The resulting engineering framework combines:
[3]
— processes based on standards such as ISO/IEC/IEEE 15288 ;
— extensions of such processes that integrate privacy engineering. These extensions can be based on
[5] [7]
ISO/IEC TR 27550, with the support of frameworks such as the NIST Privacy Framework, the
[6]
use of OASIS PMRM to operationalize privacy principles;
[1]
— the integration of the consumer product viewpoint, which is supported by ISO 31700-1 .
NOTE An additional reference to OASIS PMRM is under development: ISO/IEC 27561, Information technology
— Privacy operationalisation model and method for engineers — POMME
5.3.4 Ecosystem viewpoint
Consumer products involve two ecosystems:
— the supply chain, i.e., the ecosystem associated with the system lifecycle process. This involves
organisation and contractual activities on the privacy capabilities provided by third parties;
— the data space, i.e., the ecosystem associated with users and providers of data. This involves
organisation and contractual activities on data sharing.
6 Use case analysis
6.1 General
A use case template was developed to help illustrate, in a consistent manner, the use case examples. The
template is structured to provide the information that illustrates the use of ISO 31700-1.
— The entries for the main narrative are general. They include ID: use case name; description of
product, service or process; privacy protection goal; ecosystem and systems of interest; users,
stakeholders; PII; purpose; and use case narrative.
— The entries for the extended narratives follow the requirements of ISO 31700-1: general requirements;
consumer communication requirements; risk management requirements; development, deployment
and operations of designed privacy controls; and end of PII lifecycle requirements.
6.2 Use case template
Table 7 provides a template for the main narrative of a use case.
Table 7 — Template for main narrative
Entry Entry description
ID Unique identification
TTabablele 7 7 ((ccoonnttiinnueuedd))
Entry Entry description
Use case name Meaningful name
Description of product, ser- Short description of product
vice or process
Privacy protection goal Short description of privacy protection goals
Ecosystem and systems of Describe systems of interest
interest
Users Describe users
Stakeholders Describe stakeholders
PII Describe PII collected
Purpose Describe purpose of PII collection
Main narrative Short narrative on consumer goods and services (possibly with a sequence
diagram)
Table 8 provides a template for the extended narratives of a use case.
Table 8 — Template for extended narratives
Entry Entry description
ID Unique identification
Use case name Meaningful name
Narrative describing a specific variation, or focusing on the use of requirements
Additional narrative in a specific clause of ISO 31700-1. When possible, a sequence diagram is provid-
ed. Table 9 lists possible categories of narratives.
Table 9 lists proposed categories of extended narratives. They match categories of ISO 31700-1
requirements.
Table 9 — Categories of extended narratives
Category of extended narratives Relationship with ISO 31700-1
General requirements Focus on ISO 31700-1:2023, 4.2 to 4.9
Consumer
...