ISO/IEC TS 27570:2021(en) Privacy protection — Privacy guidelines for smart cities

Question 1

Figure 1 — Examples of standards to reference

Answer 1

Question 2

Figure 2 summarizes privacy recommendations to smart cities ecosystems in this document, further numbered R6.1, R6.2, R6.3, and R6.4.

Answer 2

Question 3

Figure 3 summarizes privacy recommendations to smart cities processes in this document, further numbered R8.2, R8.3, R8.3, R8.4, and R8.5.

Answer 3

Question 4

It is foreseen that this document will pave the way to future privacy standards for smart cities. Table 1 provides a list of possible future standards.

Answer 4

Question 5

1 Scope

Answer 5

The document takes a multiple agency as well as a citizen-centric viewpoint.

It provides guidance on:

— smart city ecosystem privacy protection;

— how standards can be used at a global level and at an organizational level for the benefit of citizens; and

— processes for smart city ecosystem privacy protection.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations that provide services in smart city environments.

Question 6

2 Normative references

Answer 6

There are no normative references in this document.

Question 7

3 Terms and definitions

Answer 7

For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp

— IEC Electropedia: available at http://www.electropedia.org/

Question 8

3.1 activity

Answer 8

set of cohesive tasks (3.32) of a process (3.25)

[SOURCE:ISO/IEC/IEEE 15288:2015, 4.1.3]

Question 9

3.2 agency

Answer 9

organization (3.13) providing a specific service for a city

Question 10

3.3 availability

Answer 10

property of being accessible and usable upon demand by an authorized entity
[SOURCE:ISO/IEC 27000:2018, 3.7]

3.4
citizen
inhabitant of a city
3.5
citizen engagement
involvement of citizens (3.4) in the decision-making of public policies
3.6
confidentiality
property that information is not made available or disclosed to unauthorized individuals, entities or processes (3.25)
[SOURCE:ISO/IEC 27000:2018, 3.10]
3.7
data protection officer
person appointed by the PII controller (3.15) to ensure, in an independent manner, compliance with the privacy law/regulation requirements
3.8
ecosystem
infrastructure and services based on a network of organizations (3.13) and stakeholders
Note 1 to entry: Organizations can include public bodies.
3.9
ecosystem privacy plan
planned arrangements for ensuring that privacy is adequately managed in an ecosystem (3.8)
3.10
governance
system of directing and controlling
[SOURCE:ISO/IEC 38500:2015, 2.8]
3.11
integrity
property of accuracy and completeness
[SOURCE:ISO/IEC 27000:2018, 3.36]
3.12
intervenability
property that ensures that PII principals (3.16), PII controllers (3.15), PII processors (3.17) and supervisory authorities can intervene in all privacy-relevant data processing
Note 1 to entry: The extent to which any of these stakeholders can intervene in data processing can be limited by relevant legislation or regulation.
[SOURCE:ISO/IEC TR 27550:2019, 3.6]
3.13
organization
person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm, enterprise, authority, partnership, charity of institution, or part or combination thereof, whether incorporated or not, public or private.
[SOURCE:ISO 37100:2016, 3.2.3, modified — Note 2 to entry has been omitted.]
3.14
personally identifiable information
PII
any information that a) can be used to identify the PII principal (3.16) to whom such information relates, or b) is or might be directly or indirectly linked to a PII principal
Note 1 to entry: To determine whether a PII principal is identifiable, account should be taken of all the means which can reasonably be used by the privacy stakeholder holding the data, or by any other party, to identify that natural person.
[SOURCE:ISO/IEC 29100:2011, 2.9]
3.15
personally identifiable information controller
PII controller
privacy stakeholder (or privacy stakeholders) that determines the purposes and means for processing personally identifiable information (3.14) other than natural persons who use data for personal purposes
Note 1 to entry: A PII controller sometimes instructs others [e.g. PII processors (3.17)] to process PII on its behalf while the responsibility for the processing remains with the PII controller.
[SOURCE:ISO/IEC 29100:2011, 2.10]
3.16
personally identifiable information principal
PII principal
natural person to whom the personally identifiable information (3.14) relates
Note 1 to entry: Depending on the jurisdiction and the particular PII protection and privacy legislation, the synonym “data subject” can also be used instead of the term “PII principal”.
[SOURCE:ISO/IEC 29100:2011, 2.11]
3.17
personally identifiable information processor
PII processor
privacy stakeholder that processes personally identifiable information (3.14) on behalf of and in accordance with the instructions of a PII controller (3.15)
[SOURCE:ISO/IEC 29100:2011, 2.12]
3.18
policy
intentions and direction of an organization (3.13) as formally expressed by its top management
[SOURCE:ISO/IEC 20547-3:2020, 3.11]
3.19
privacy breach
situation where personally identifiable information (3.14) is processed in violation of one or more relevant privacy safeguarding requirements
[SOURCE:ISO/IEC 29100:2011, 2.13]
3.21
privacy-by-design
approach in which privacy is considered at the initial design stage and throughout the complete lifecycle of products, processes or services that involve processing personally identifiable information (3.14)
3.22
privacy data sharing agreement
clauses for privacy protection in a data sharing agreement
Note 1 to entry: a privacy data sharing agreement can involve data transfer, data processing, and sharing of PII between joint PII controllers (3.15) (ISO/IEC 27701:2019 7.2.7)
3.20
privacy principles
set of shared values governing the privacy protection of personally identifiable information (3.14) when processed in information and communication technology systems
[SOURCE:ISO/IEC 29100:2011, 2.18]
3.23
privacy risk
effect of uncertainty on privacy
Note 1 to entry: Risk is defined as the “effect of uncertainty on objectives” in ISO Guide 73 and ISO 31000.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
[SOURCE:ISO/IEC 29100:2011, 2.19]
3.24
privacy rule
statement specifying what is allowed or not concerning privacy
3.25
process
set of interrelated or interacting activities which transforms inputs into outputs
[SOURCE:ISO/IEC 27000:2018, 3.54]
3.26
processing of PII
operation or set of operations performed upon personally identifiable information (3.14)
Note 1 to entry: Examples of processing operations of PII include, but are not limited to, the collection, storage, alteration, retrieval, consultation, disclosure, anonymization, pseudonymization, dissemination or otherwise making available, deletion or destruction of PII.
[SOURCE:ISO/IEC 29100:2011, 2.23]
3.27
smart city
effective integration of physical, digital and human systems in the built environment to deliver a sustainable, prosperous and inclusive future for its citizens (3.4)
[SOURCE:BSI PAS 181:2014]
3.28
smart city service governance body
body that acts as a supervisor for privacy recommendations or regulations concerning a smart city (3.27) service
3.29
supply chain
network of organizations (3.13) that are involved, through upstream and downstream linkages, in the processes (3.25) and activities that produce value in the form of products and services in the hands of the ultimate consumer
[SOURCE:ISO/TS 22318:2015, 3.3.5]
3.30
supplier
organization (3.13) of an individual that enters into an agreement with the acquirer for the supply of a product of services
Note 1 to entry: Other terms commonly used for supplier are contractor, producer, seller or vendor.
Note 2 to entry: The acquirer and the supplier sometimes are part of the same organization.
[SOURCE:ISO/IEC/IEEE 15288:2015, 4.1.45]
3.31
system of systems
large system that delivers unique capabilities, formed by integrating independently useful systems
[SOURCE:ISO/IEC/IEEE 24765:2017, 2]
3.32
task
required, recommended, or permissible action, intended to contribute to the achievement of one or more outcomes of a process (3.25)
[SOURCE:ISO/IEC/IEEE 15288:2015, 4.1.50]
3.33
third party
privacy stakeholder other than the personally identifiable informationprincipal, the PII controller (3.15) and the PII processor (3.17), and the natural persons who are authorized to process the data under the direct authority of the PII controller or the PII processor
[SOURCE:ISO/IEC 29100:2011, 2.27]
3.34
transparency
ability to ensure that all privacy-relevant data processing including the legal, technical and organizational setting can be understood and reconstructed
Note 1 to entry: This includes making information on PII processing available to PII principals (3.15).
[SOURCE:ISO/IEC TR 27550:2019, 3.24, modified — Note 1 to entry has been added.]
3.35
unlinkability
ability to ensure that a PII principal (3.15) may make multiple uses of resources or services without others being able to link these uses together
[SOURCE:ISO/IEC TR 27550:2019, 3.25]
3.36
work product
artifact associated with the execution of a process (3.25)
[SOURCE:ISO/IEC/IEEE 42020:2019, 3.26]