CEN/TR 16742:2014

SLOVENSKI STANDARD
01-februar-2015
Zasebni vidiki v ITS standardih in sistemih v Evropi
Privacy aspects in ITS standards and systems in Europe
Datenschutz Aspekte in ITS Normen und Systemen in Europa
Aspects de la vie privée dans les normes et les systèmes en Europe
Ta slovenski standard je istoveten z: CEN/TR 16742:2014
ICS:
35.240.60 Uporabniške rešitve IT v IT applications in transport
transportu in trgovini and trade
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL REPORT
CEN/TR 16742
RAPPORT TECHNIQUE
TECHNISCHER BERICHT
October 2014
ICS 35.240.60
English Version
Intelligent transport systems - Privacy aspects in ITS standards
and systems in Europe
Systèmes de transport intelligents - Aspects de la vie privée Intelligente Transportsysteme - Datenschutz Aspekte in ITS
dans les normes et les systèmes en Europe Normen und Systemen in Europa

This Technical Report was approved by CEN on 23 September 2014. It has been drawn up by the Technical Committee CEN/TC 278.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 16742:2014 E
worldwide for CEN national Members.

Contents Page
Foreword .3
Introduction .4
1 Scope .5
2 Terms and definitions .5
3 Symbols and abbreviated terms .7
4 Background information .8
4.1 Historical background .8
4.2 Legal background .9
4.3 Fundamental Rights of Data Protection and Privacy . 10
5 Basic elements of data protection and privacy . 12
5.1 Personal information (PI) and its avoidance . 12
5.1.1 General . 12
5.1.2 GPS-Data or GPS-Trajectories . 15
5.2 Sensitive data . 16
5.3 Individual or data subject . 16
5.4 Controller . 17
5.4.1 General . 17
5.4.2 ITS environment . 17
5.5 Processor . 18
5.6 Third Party . 19
5.7 File or filing system (manually or automatically processed) . 19
5.8 Consent . 19
5.9 Withdrawal of consent . 21
5.10 Fairness and legitimacy . 21
5.11 Determination of purpose . 21
5.12 Minimization of PI . 22
5.13 Topicality and correctness of PI . 22
5.14 Time limits to PI . 23
5.15 Security requirements to PI . 23
5.16 Obligation to keep PI secret . 24
5.17 Obligation to inform the data subject (Individual or legal entity) . 24
5.18 Right (access) to PI. 25
5.19 Right to rectification and erasure of PI . 26
5.20 Right to objection . 27
5.21 Video surveillance (VS) . 28
5.22 Shift in the burden of proof . 28
Annex A (informative) Examples of the principle of “cumulative interpretation” . 30
Annex B (informative) Data privacy Framework, Directives and Guidelines . 33
Annex C (informative) Security related International Standards . 34

Foreword
This document (CEN/TR 16742:2014) has been prepared by Technical Committee CEN/TC 278 “Intelligent
transport systems”, the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
Introduction
This Technical Report is a guide for the developers of both ITS itself and its standards when many types of
data are exchanged during the performance of its tasks, which includes in some cases personal data and
information. Such Personal Data or Personal Information (PI) underlies for their applications special rules
defined in European Union (EU) mandatory directives or a possible EU Regulation concerning the revision of
the EU Directives at Data Protection or at the national level national data protection law. In order to avoid an
incorrect use of PI in any standard or Technical Report, which would cause the application of this standard or
Technical Specification to be banned by legal courts, this Technical Report gives guidelines for the
CEN/TC 278 Working Groups how to deal with PI in compliance with the legal rules.
Even though specific data privacy protection legislation is generally achieved through national legislation and
this varies from country to country there exists a basic set of rules which are common in all European
countries. These common rules are defined in the European Directives 95/46/EC and 2002/58/EC in their
current versions. Countries not members of the European Union (Switzerland, Norway, Island etc.) have
issued national data protection laws, which are very closely aligned to the European Directives. It should also
be noted that the European Directives on the protection of individuals (95/46/EC and 2002/58/EC) are
regarded as the strongest legal rules around the world.
This Technical Report builds on the content of ISO/TR 12859:2009 but extends the rules and
recommendations in order to be as compliant as is reasonable with the European Directives and some of the
national data protection laws. This means it is more specific and includes some recent developments and it
tries to include some intentions of what the European Commission is preparing to include in a revised and
enforced version of the Directive 95/46/EC (the proposed EU proposal of a Regulation of data protection
COM(2012)11 final, 2012/0011 (COD)).
1 Scope
This Technical Report gives general guidelines to developers of intelligent transport systems (ITS) and its
standards on data privacy aspects and associated legislative requirements. It is based on the EU-Directives
valid at the end of 2013. It is expected that planned future enhancements of the Directives and the proposed
“General Data Protection Regulation” including the Report of the EU-Parliament of 2013-11-22
(P7_A(2013)0402) will not change the guide significantly.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
2.1
accountability
principle that individuals, organizations or the community are liable and responsible for their actions and may
be required to explain them to the data subject and others and their actions shall comply with measures and
making compliance evident, and the associated required disclosures
[SOURCE: ISO/IEC 24775:2011 Edition:2]
2.2
anonymity
characteristic of information, which prevents the possibility to determine directly or indirectly the identity of the
data subject
[SOURCE: ISO/IEC 29100:2011]
2.3
anonymisation
process by which personal information (PI) is irreversibly altered in such a way that an Individual or a legal
entity can no longer be identified directly or indirectly either by the controller alone or in collaboration with any
other party
[SOURCE: ISO/IEC 29100:2011]
2.4
anonymised PI
PI that has been subject to a process of anonymisation and that by any means can no longer be used to
identify an Individual or legal entity
[SOURCE: ISO/IEC 29100:2011]
2.5
committing of PI
transfer of PI from the controller to a processor in the context of a commissioned work
2.6
consent
individual's or legal entity's (data subject) explicitly or implicitly freely given agreement to the processing of its
PI in the course of which the data subject has been in advance completely informed about the purpose, the
legal basis and the third parties, receiving data subject’s PI, and all these in a comprehensible form
2.7
controller
any natural or legal person, public authority, agency or any other body which alone or jointly with others collect
and/or process and determine the purposes and means of the processing of PI, independently whether or not
a person uses the PI by themselves or assigns the tasks to a processor; where the purposes and means of
processing are determined by national or Community laws or regulations, the controller or the specific criteria
for his nomination may be designated by national or Community law
[SOURCE: EU-Dir 95/46/EU Art 2 lit d]
2.8
data subject
any natural or legal person or association of persons whose PI is processed and is not identical to the
controller or processor or third party
Note 1 to entry: ISO/IEC 29100 uses this definition for the person of which personal data are used the Principal. The
above definition is that one that is used in EU-Directives.
2.9
identifiability
conditions which result in a data subject being identified, directly or indirectly, on the basis of a given set of PI
2.10
identify
establishes the link between a data subject and its PI or a set of PI
2.11
identity
set of attributes which makes it possible to identify, contact or locate the data subject
[SOURCE: ISO/IEC 29100:2011]
2.12
personal information PI
any data or information related to an individual or legal entity or an association of person or individuals by
which the individual or legal entity or association of persons could be identified
Note 1 to entry: The EU-Dir 95/48/EC names in its Art 2 lit. (a) the personal information as “personal data” and defines
it as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one
who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors
specific to his physical, physiological, mental, economic, cultural or social identity”.
2.13
processor
natural person
...