scope:

The present document defines the means to enable assurance of privacy, using the conventional CIA (Confidentiality, Integrity, Availability) paradigm and with reference to the functional capabilities for privacy protection described in Common Criteria for Information Technology Security Evaluation [1]. The present document addresses privacy assurance within the context of Identity Management following the model described in ETSI TS 103 486 [i.17]. The present document addresses the cases where both transient and persistent identifiers are used, and where identifiers are used in isolation and where identifiers are used in combination.

The mechanisms defined in the present document have been informed by the requirements found in articles and recitals of the General Data Protection Regulation (EU) 2016/679 [i.6] (GDPR) and can be considered in assisting in achieving compliance to the requirements in GDPR.

NOTE: The GDPR contains a very large number of requirements and the present document addresses only a very small number of the technical ones thus the present document is not a solution to the GDPR but where it may assist in addressing specific requirements this has been identified in the body of the present document.

The present document identifies assurance protection levels for privacy and mechanisms for achieving those protection levels. It does not, however, provide any guarantee that application of the mechanisms will prevent abuse of private information and user privacy.