Web 4.0 and virtual worlds

This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the:- provision of a record of the consent to the PII principal;- exchange of consent information between information systems;- management of the life cycle of the recorded consent.

Described in this standard is the blockchain-based application reference architecture of e-invoice business, including roles of participants, typical business scenarios, platform frameworks, and security requirements.

This document provides privacy engineering guidelines that are intended to help organizations integrate recent advances in privacy engineering into system life cycle processes. It describes:(1) the relationship between privacy engineering and other engineering viewpoints (system engineering, security engineering, risk management); and(2) privacy engineering activities in key engineering processes such as knowledge management, risk management, requirement analysis, and architecture design.The intended audience includes engineers and practitioners who are involved in the development, implementation or operation of systems that need privacy consideration, as well as managers in organizations responsible for privacy, development, product management, marketing, and operations.

This document specifies controls which shape the content and the structure of online privacy notices as well as the process of asking for consent to collect and process personally identifiable information (PII) from PII principals.This document is applicable in any online context where a PII controller or any other entity processing PII informs PII principals of processing.

This document gives guidelines for:- a process on privacy impact assessments, and- a structure and content of a PIA report.It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

ISO/IEC 29100:2011 provides a privacy framework which- specifies a common privacy terminology;- defines the actors and their roles in processing personally identifiable information (PII);- describes privacy safeguarding considerations; and- provides references to known privacy principles for information technology.ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.

This document provides a framework for identifying and mitigating re-identification risks and risks associated with the lifecycle of de-identified data.This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller’s behalf, implementing data de-identification processes for privacy enhancing purposes.

This document provides a user-centric framework for handling personally identifiable information (PII), based on privacy preferences.

This document provides a framework and establishes requirements for attribute-based unlinkable entity authentication (ABUEA).

This document provides a description of privacy-enhancing data de-identification techniques, to be used to describe and design de-identification measures in accordance with the privacy principles in ISO/IEC 29100.In particular, this document specifies terminology, a classification of de-identification techniques according to their characteristics, and their applicability for reducing the risk of re-identification.This document is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, that are PII controllers or PII processors acting on a controller's behalf, implementing data de-identification processes for privacy enhancing purposes.