On May 4, 2020, Huawei announced that its mobile operating system – EMUI has obtained the ISO/IEC 27701 certification for its privacy information management system from the British Standards Institution (BSI).
With this certificate, Huawei became the world’s first smartphone maker to receive it from BSI. The certificate covers the design, development, and maintenance services of the EMUI system. As well as its application software, including more than 50 applications and features that involve sensitive data processing, such as software update, emergency location service, system application, user experience improvement plan, and intelligent service provided by EMUI.
For example, to provide better system services for users, Huawei will collect relevant data on device reliability, performance, power consumption, and faults for the feature of user experience improvement plan.
According to the information, ISO/IEC 27701 is a privacy protection standard jointly released by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
Users’ personal data will be sent to Huawei only after users’ explicit consent is obtained. To anonymize collected sensitive personal data, Huawei uses the differential privacy technology to add random noises to the data. In this way, Huawei cannot obtain the actual user data.
The statistics are displayed only when the data of one user is combined with that of many other users and the random noise is averaged out. In this way, Huawei cannot identify a specific user through the data collected, which enables it to meet the inspection requirements of the product information security management system and privacy protection management system.
The ISO/IEC 27701 is a privacy protection standard incorporates privacy protection principles, concepts, and methods into cybersecurity and privacy protection systems and provides enterprises with best practices and suggestions.
The ISO/IEC 27701 standard is a top-level practice of the EU’s General Data Protection Regulation (GDPR), which is recognized as the strictest privacy protection regulation in history.
In order to obtain the privacy protection compliance certification, a company is required to build security capabilities based on the standards, meet all requirements and pass the review of third-party authorities (in this case, the British Standards Institution).
“Huawei takes cybersecurity and privacy protection as its top priority and integrates privacy protection into the entire process, from the very beginning of product design and throughout the entire software R&D process, and technology and personnel management.” wrote Huawei.
“Huawei Device software has obtained the ISO/IEC 27701 certification, which proves that Huawei Device meets international privacy standards in terms of software design, R&D, and maintenance, as well as personnel management, safeguarding the security and privacy of consumers,” it added.