Protecting Online Data Privacy and Enabling Trust in Connected Technologies

While ongoing technical advances have brought about the powerful digital technologies that now pervade our lives, an often-overlooked aspect of these connected systems—the trust users need in them—is as important to their effectiveness as their technical attributes.

If users don’t trust how a system will use and protect their identities and data, they will try to avoid or minimize using it, rendering the system’s technical sophistication largely irrelevant.

Data privacy, therefore, is key to the trust we must have in digital platforms in order to use them productively. However, the collection, control, and ownership of personal data today are largely controlled by the providers of products and services, not by the individuals who use them.

The incorporation of universal human values such as Trust, Identity, Privacy, Protection, Safety, and Security (TIPPSS) into new technologies is becoming increasingly important as the world becomes more connected and technology-dependent.

Accordingly, the IEEE Standards Association (IEEE SA) has been developing standards around these principles and values, alongside technical issues. The IEEE SA Foundational Technologies Practice, for example, brings together its diverse global stakeholders to identify gaps in TIPPSS and to develop and offer a wide range of resources, activities, and programs to help build trust and security in technology.

Numerous IEEE SA initiatives are underway relating to data privacy and cybersecurity, and many published and developing standards address these and related issues.

For example, the goal of IEEE SA’s Dignity, Inclusion, Identity, Trust, and Agency (DIITA) Industry Connections activity is to provide tools and guidelines for designing and developing trust-enabling solutions for all technology users. DIITA aims to ensure that the conditions of online access safeguard users’ personal agency and dignity. This activity explores the technical capabilities needed to identify ourselves online in a way that protects our privacy, our right to be forgotten, and our offline ability to have multiple personas, and to identify potential standardization opportunities that can meet the needs and voices of all.

In addition, IEEE SA worked with the IEEE Society on Social Implications of Technology (SSIT) to establish a Standards Committee to develop standards that benefit from SSIT’s multidisciplinary perspective. One outcome of this collaboration is IEEE 7012™-2025 – IEEE Standard for Machine Readable Privacy Terms, which addresses a critical gap in how data privacy is expressed and enforced in digital environments. Rather than relying solely on human-readable privacy notices, the standard enables individuals to proffer their own privacy requirements as machine-readable contractual terms that can be automatically read, acknowledged, and agreed to by websites, applications, and AI agents. Similar in concept to Creative Commons licenses, these standardized agreements are selected from a neutral public roster and recorded by both parties, supporting transparency, auditability, and dispute resolution. By shifting privacy from passive notice to explicit, enforceable agreement, IEEE 7012 strengthens individual agency and advances privacy-by-design in networked and AI-enabled systems.

Children now represent nearly one in three individuals online; however, most digital services were not initially designed with their needs in mind. As technology use begins at younger ages, it is essential to protect children’s privacy and safety through intentional and age-appropriate design.

IEEE SA addresses this challenge by developing standards and programs that help organizations create trustworthy digital services for children. A key component of this initiative is IEEE 2089™-2021 – Standard for an Age-Appropriate Digital Services Framework Based on the 5Rights Principles for Children, which outlines processes for incorporating data privacy, risk management, and age-appropriate communication throughout the service lifecycle.

Building on this foundation, IEEE 2089.1™-2024 – IEEE Standard for Online Age Verification, specifies processes for privacy-respecting age verification or age estimation. This enables organizations to customize access, content, and data practices in accordance with children’s rights and global regulatory requirements. Additionally, the IEEE Online Age Verification Certification Program further encourages compliance by independently evaluating systems against this framework.

Combined with IEEE SA’s case study reports, which showcase real-world applications, these initiatives demonstrate a commitment to fostering safer and more trustworthy digital experiences for children.

As a key component of data privacy, cybersecurity touches every facet of our digital lives. But in today’s world, there is often a lack of motivation to offer secure technology. This may result from either commercial goals (e.g., the desire to offer products that allow user data to be collected and used by advertisers) or regulatory pressure (e.g., to track certain financial transactions).

IEEE SA’s Meta Issues in Cybersecurity Industry Connections activity seeks to apply IEEE’s approach of advancing technology for humanity to cybersecurity, fundamentally improving it. By engaging with technologists in industry, research, and government, as well as social scientists, legal scholars, policymakers, economists, and others, this activity aims to address and overcome current limitations in cybersecurity approaches.

As technologies evolve rapidly with the growing influence of AI, there is an increasing need to complement standards development with real-world learning that shows how trust principles perform in practice. To help address this gap, IEEE SA is a lead co-organizer of the Global Trust Challenge, a global, multi-stakeholder initiative designed to translate trust principles into tested, evidence-based solutions. The Challenge brings together policymakers, technologists, researchers, civil society, and industry partners to co-advance policy and technology through a structured, three-phase pipeline: proposal, prototype, and live pilot.

Rather than prescribing solutions, the Global Trust Challenge creates the conditions for responsible innovation to be developed, tested, and evaluated in real-world contexts. Selected teams receive support to prototype and pilot their ideas, generating practical insights, measurable outcomes, and reusable playbooks that others can learn from and adapt. This approach helps ensure that promising ideas, particularly those addressing data privacy, information integrity, and trustworthy AI, can move beyond theory and into implementation.

By aligning standards, real-world testing, and cross-sector collaboration, IEEE SA helps strengthen pathways for building trust that can travel across industries, regions, and regulatory environments. The Global Trust Challenge is open for proposals throughout Q1 2026. Organizations and innovators interested in contributing to trustworthy digital solutions can learn more and submit proposals through the Challenge platform.

There are many IEEE technical standards and projects focused on safeguarding privacy and security, while others address societal or ethical viewpoints. Here are some examples:

• IEEE 802E™-2020 – IEEE Recommended Practice for Privacy Considerations for IEEE 802® Technologies. IEEE 802 technologies play a major role in Internet connectivity, but also have the potential to disclose users’ private information. The purpose of this recommended practice is to promote a consistent approach by IEEE 802 protocol developers to mitigate privacy threats identified in the specified privacy threat model and to provide a privacy guideline.
• IEEE 2410™-2021 – IEEE Standard for Biometric Privacy. This standard provides for private identity assertion and includes a formal specification for privacy and biometrics, ensuring that a conforming system meets GDPR, CCPA, BIPA, or HIPAA privacy requirements.
• IEEE P1912™ – Standard for Privacy and Security Framework for Consumer Wireless Devices. This standard will define a privacy scale for personally identifiable information collected, retained, processed, or shared on networked edge, fog, or cloud computing devices. This privacy scale will inform assessment tools that developers or users of these applications employ to develop, discover, recognize, or implement appropriate privacy settings for the personal data resident on these devices.
• IEEE 2089™-2021 – IEEE Standard for Age Appropriate Digital Services Framework – Based on the 5Rights Principles for Children. This standard establishes a framework for developing age-appropriate digital services for use by children. The framework centers around the following key areas: a) recognition that the user is a child, b) consideration of the capacity and upholds the rights of children, c) offers terms appropriate to children, d) presents information in an age-appropriate way, and e) offers a level of validation for service design decisions.
• IEEE P2933™-2024 – Standard for Clinical Internet of Things (IoT) Data and Device Interoperability with TIPPSS – Trust, Identity, Privacy, Protection, Safety and Security. There needs to be a set of guidelines and standards to standardize the use of clinical IoT devices for precision medicine, data sharing, interoperability, and security, with the goal of improving healthcare outcomes, measuring them, and protecting patient data. This standard will establish that framework, incorporating TIPPSS principles. It will encompass interoperability between wearable devices and healthcare systems, including electronic health records (EHR), electronic medical records (EMR), other clinical IoT devices, hospital devices, and future devices and connected healthcare systems.
• IEEE P7000™ Series – This series is designed to develop and specify ways for engineers and technologists across many vertical markets to address privacy and other ethical considerations throughout the various stages of system initiation, analysis, and design. IEEE 7002™-2022 – Standard for Data Privacy Process, for example, sets the requirements for the engineering process for privacy-oriented considerations for products, services, and systems that utilize personal data.
• IEEE 7012™-2025 – IEEE Standard for Machine Readable Privacy Terms. This standard enhances data privacy by allowing individuals to express their privacy preferences in a machine-readable format. This enables digital services, websites, applications, and AI agents to automatically read, acknowledge, and agree to these preferences. Similar to Creative Commons licenses, this approach promotes transparent, auditable, and enforceable privacy agreements. It shifts the focus from passive notices to a privacy-by-design model, ensuring verifiable consent and greater individual control in digital interactions.

Learn more about IEEE SA’s work in data privacy and TIPPSS, and get engaged with the IEEE SA Foundational Technology Practice.