ISO INTERNATIONAL STANDARD 31700-1 First edition 2023-01 Consumer protection Privacy by design for consumer goods and services Part 1: High-level requirements Protection des consommateurs - Respect de la vie privée assuré des la conception des biens de consommation et services aux consommateurs - Partie 1: Exigences de haut niveau Reference number IS0 31700-1:2023(E) Tso @ IS0 2023 IS0 31700-1:2023(E) COPYRIGHT PROTECTED DOCUMENT @ IS0 2023 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or ISO's member body in the country of the requester. ISO copyright office CP 40i : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +41 22 749 01 11 Email: copyright@iso.org Website: www.iso.org Published in Switzerland @ IS0 2023 - All rights reserved South Wales/9996758001, User=Jessica Tiera, Sylvian networking permited without license from S&P Global IS0 31700-1:2023(E) Contents Page Foreword. vi Introduction. .vii 1 Scope. 1 2 Normative references .1 3 Terms and definitions. .1 4 General .8 4.1 Overview .8 4.2 Designing capabilities to enable consumers to enforce their privacy rights .9 4.2.1 Requirement 9 4.2.2 Explanation. 9 Guidance 4.2.3 10 4.3 Developing capability to determine consumer privacy preferences . .10 4.3.1 Requirement. .10 4.3.2 Explanation, 11 4.3.3 Guidance 11 4.4 Designing human computer interface (HCI) for privacy 11 4.4.1 Requirement. 11 4.4.2 12 Explanation 4.4.3 12 Guidance 4.5 Assigning relevant roles and authorities. 12 4.5.1 .12 Requirement. 4.5.2 12 Explanation. 4.5.3 12 Guidance 4.6 Establishing multi-functional responsibilities 13 13 4.6.1 Requirement 4.6.2 Explanation. 13 4.6.3 13 Guidance 4.7 Developing privacy knowledge, skill and ability 13 4.7.1 Requirement 13 4.7.2 Explanation 14 4.7.3 Guidance 14 4.8 Ensuring knowledge of privacy controls 14 4.8.1 14 Requirement 4.8.2 Explanation .. 14 4.8.3 15 Guidance 4.9 Documentation and information management 15 4.9.1 15 Requirement 4.9.2 15 Explanation 4.9.3 16 Guidance 5 Consumer communication requirements 16 5.1 Overview. 16 5.2 Provision of privacy information 17 5.2.1 Requirement .17 5.2.2 17 Explanation. Guidance 5.2.3 17 5.3 Accountability for providing privacy information 18 5.3.1 Requirement .18 5.3.2 19 Explanation.. 5.3.3 19 Guidance 5.4 Responding to consumer inquiries and complaints. 19 5.4.1 19 Requirement Explanation.. 19 5.4.2 iii