How to shape the future of consumer protection: Privacy by design in the world of AI

AI and Privacy, AI and Standardization, AI Risks, AI risks for Human Rights, Consumer Protection, EVENTS

Professor Claudia Roda organized, with Jan Schallabock1, Michelle Chibba2, Jonathan Fox3, and Antonio Kung4, a workshop on How to shape the future of consumer protection: Privacy by design (ISO 31700) in the world of AI at the CPDP 2025 conference. The CPDP (Computers, Privacy and Data Protection) Conference is a world-leading multidisciplinary conference covering cutting edge legal, regulatory, academic and technological developments in privacy and data protection.

The workshop took the form of an interactive consultation activity to address the title question and provide input to the newly formed ISO sub-committee ISO/IEC JTC 1/SC 44, Consumer protection in the field of privacy by design. This subcommittee continues the work of the Project Committee (PC317) that published ISO 31700 Consumer protection — Privacy by design for consumer goods and services.

As privacy scholars, practitioners, regulators, and technologists, workshop participants reflected the standpoint of highly informed and discerning users, those who are often at the forefront of identifying risks, advocating for rights, and shaping policy discourse. Their critical engagement offered us insight into the expectations and concerns of the most privacy-aware segment of the public, effectively serving as a proxy for the demands that future standards and consumer-facing products may increasingly be held to.

The workshop allowed us to collect feedback on all five key requirement categories of the ISO 31700 framework:

  • General requirements
  • Consumer communication requirements
  • Risk management requirements
  • Requirements for developing, deploying, and operating designed privacy controls
  • End-of-lifecycle requirements

A forthcoming paper will provide more details on the workshop’s outcomes.

[1] Jan Schallabock is chairman of ISO PC 317 on “Consumer protection: privacy by design for consumer goods and services”, and he also has been serving as Vice-Convener/Convener-support to the ISO/IEC Working Group on privacy and identity management (ISO/IEC JTC 1/SC 27/WG 5) for more than 15 years.

[2] Michelle Chibba is Instructor and privacy, information management expert at Toronto Metropolitan University

[3] Jonathan Fox is Chair of the International Committee for Information Technology Standards (INCITS)/Privacy Technical Committee. Previously he was Chair of the U.S. TAG for ISO 31700: Privacy by Design for Consumer Goods and Services.

[4] Antonio Kung has initiated the development of more than twenty standards on architecture, interoperability, conformity in domains such as the internet of things, digital twins, security and privacy or artificial intelligence.