Cloud computing, the Internet of Things, mobile networks and artificial intelligence are just some of the tools cities use to increase efficiency and improve the quality of life of their citizens, yet they also expose us to risks and vulnerabilities related to personal privacy and security. Solutions and standards abound, but they are not always easy to navigate when the systems and interconnections are as complex as the stakeholders are many. A new technical specification has just been published that aims to help.
ISO/IEC TS 27570, Privacy protection – Privacy guidelines for smart cities, provides recommendations and guidance on the management of privacy and on the use of supporting standards. These recommendations apply to organizations and stakeholders concerned with the delivery, use or availability of a service in a smart city ecosystem, where many technologies, systems and stakeholders interact in many and complex ways.
Prof. Kai Rannenberg, Convenor of the group of experts[1] that developed the technical specification, said this complexity can pose challenges to privacy protection, “but there are many different standards that can be used, including those for big data, cloud computing, IT governance and much more”.
“The key is knowing which one is most appropriate and how. ISO/IEC TS 27570 provides guidance on how to benefit from the standards available in the most effective way.”
The document takes a multiple-agency as well as a citizen-centric viewpoint and provides guidance on how privacy standards can be used at a global level and at an organizational level for the benefit of citizens.
What’s more, it will pave the way to future privacy standards for smart cities, including those for communication, privacy management plans and policy making, as well as consent management, to name a few.
ISO/IEC TS 27570 is applicable to all types and sizes of organization, including public and private companies, government entities and not-for-profit organizations that provide services in smart city environments.
The technical specification was developed by subcommittee SC 27, Information security, cybersecurity and privacy protection, of joint technical committee ISO/IEC JTC 1, the information technology arm of ISO and the International Electrotechnical Commission (IEC). The secretariat of SC 27 is held by DIN, ISO’s member for Germany.
ISO/IEC TS 27570 can be purchased from your national ISO member or the ISO Store.
- Experts of ISO/IEC JTC 1/SC 27’s working group WG 5, Identity management and privacy technologies.