On April 8, 2020, Huawei released P40 series in its spring online launch event, in which Richard Yu, CEO of Huawei’s Consumer Business Group, announced that EMUI had obtained the ISO/IEC 27701 certification for its privacy information management system, becoming the world’s first smart mobile device vendor to obtain the certification.
ISO/IEC 27701 is a privacy protection standard jointly released by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It incorporates privacy protection principles, concepts, and methods into cyber security and privacy protection systems and provides enterprises with best practices and suggestions.
The ISO/IEC 27701 standard is an excellent practice of the EU’s General Data Protection Regulation (GDPR), which is recognized as the strictest privacy protection regulation in history. To obtain the privacy protection compliance certification, a company is required to build security capabilities based on the standards, meet all requirements and pass the review of third-party authorities (in this case, the British Standards Institution).
This certification covers the design, development, and maintenance services of the EMUI system and its application software, including more than 50 applications and features that involve sensitive data processing, such as software update, emergency location service, system application, user experience improvement plan, and intelligent service provided by Huawei EMUI.
For example, to provide better system services for users, Huawei will collect relevant data on device reliability, performance, power consumption, and faults for the feature of user experience improvement plan. Users’ personal data will be sent to Huawei only after users’ explicit consent is obtained. To anonymize collected sensitive personal data, Huawei uses the differential privacy technology to add random noises to the data. In this way, Huawei cannot obtain the actual user data. The statistics are displayed only when the data of one user is combined with that of many other users and the random noise is averaged out. In this way, Huawei cannot identify a specific user through the data collected, which enables it to meet the inspection requirements of the product information security management system and privacy protection management system.
Huawei takes cyber security and privacy protection as its top priority and integrates privacy protection into the entire process, from the very beginning of product design and throughout the entire software R&D process, and technology and personnel management. Its user privacy protection has been certified by multiple authoritative organizations around the world, including ePrivacyseal GmbH, one of the most influential commercial entities conducting privacy certification in Europe.
Huawei Device software has obtained the ISO/IEC 27701 certification, which proves that Huawei Device meets international privacy standards in terms of software design, R&D, and maintenance, as well as personnel management, safeguarding the security and privacy of consumers.