As the increased use of technology goes hand in hand with more personal data being captured and stored digitally, the need for securing data protection becomes a central point of concern for citizens worldwide. Failure to properly manage data collection not only threatens the EU citizens’ human right to privacy, but it also causes societies to be less safe and companies to decrease trust from their customers. Therefore, it is important that security technologies cater for data protection requirements into the technical design specifications and day-to-day business practices of service providers.

CEN and CENELEC contact person: Constant Kohler

News and events

The last meeting of CEN-CENELEC/TC 8 ‘Privacy management in products and services’ was held in Berlin on 19 June.

Technical bodies and activities

  • CEN-CENELEC JWG 8 ‘Privacy management in products and services’
    In 2014, CEN and CENELEC created a new Joint Working Group whose main task is to provide the response to the new EC standardization request on 'Privacy management in the design and development and in the production and service provision processes of security technologies'. The request aims at the implementation of Privacy-by-design principles for security technologies and/or services lifecycle. The new standardization deliverables are intended to define and share best practices balancing security, transparency and privacy concerns for security technologies, manufacturers and service providers in Europe.

    First task of CEN-CENELEC JWG 8 ‘Privacy management in products and services’ is to define a work programme consisting of standards and guidance documents on how to plan, implement, control and revise a management process appropriately addressing privacy needs and requirements in each step of the design, development and production of security technologies or provision of services.

European legislation and mandates

The Directive on General data protection (Directive 95/46/EC) sets out a regulatory framework, which seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the European Union. The Directive confirms in its Article 23 that processing of personal data will have to be realised following a 'data protection by default and by design' approach.
A new proposal for the EU Regulation on data protection was released in January 2012 and should be finalized by the end of 2015. The draft Regulation emphasizes inter alia that standards should help the development of products and services including the Privacy by default and by design principle, following the abolition of prior notification to data protection authorities.

Useful links and documents