ISO standard for consent management finished, made available for free

The International Standards Organization has published a standard for obtaining and recording consent, as is necessary to legally use people’s biometric data in a number of jurisdictions, and is making it available for free.

The new ISO/IEC TS 27560 standard addresses “Privacy technologies — Consent record information structure,” specifying an interoperable, open and extensible information structure for records of consent to process personally identifiable information (PII). It refers to data subjects as “PII principals,” provides a protocol for information systems to exchange consent information and describes management life cycle of consent records.

The standard was co-edited by Jan Lindquist, founder of privacy and cybersecurity consultancy Linaltec, FaceTec VP of Global Standards Andrew Hughes and Citi VP and Compliance Risk Officer for Privacy and Responsible Information Kelvin Magtalas.

The standard builds on ISO/IEC 29184 for “Information technology — Online privacy notices and consent.”

“It comes at the perfect time, as the world prepares for the EU’s EUDI Wallet (eIDAS 2.0) and heightened regulatory focus on consent transparency,” writes Lindquist in a LinkedIn post. “Let’s make consent clear, immutable, and actionable — everywhere.”

China’s strengthened biometrics regulation mandates recording consent from data subjects, while Australian retailer Bunnings recently said there are limits to its ability to practically obtain consent when capturing face biometrics.

Lindquist also notes that ISO’s business model discourages making standards available for free. “But,” he writes, “we managed to secure an exception to help promote wider adoption of this and other privacy-focused ISO standards.”

Article Topics

biometric data  |  consent management  |  data collection  |  data privacy  |  ISO standards  |  ISO/IEC TS 27560  |  standards