iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

EN 16571:2014

(Main)

Information technology - RFID privacy impact assessment process

Information technology - RFID privacy impact assessment process

This European Standard has been prepared as part of the EU RFID Mandate M/436. It is based on the Privacy and Data Protection Impact Assessment Framework for RFID Applications, which was developed by industry, in collaboration with the civil society, endorsed by Article 29, Data Protection Working Party, and signed by all key stakeholders, including the European Commission, in 2011.
It defines aspects of that framework as normative or informative procedures to enable a common European method for undertaking an RFID PIA.
It provides a standardized set of procedures for developing PIA templates, including tools compatible with the RFID PIA methodology.
In addition, it identifies the conditions that require an existing PIA to be revised, amended, or replaced by a new assessment process.

Informationstechnik - Verfahren zur Datenschutzfolgenabschätzung (PIA) von RFID

Diese Europäische Norm wurde im Rahmen des EU-RFID-Mandats M/436 erarbeitet. Grundlage ist ein von der Industrie in Zusammenarbeit mit Organisationen der Zivilgesellschaft aufgestellter Folgenabschätzungs-rahmen in Bezug auf den Datenschutz und die Wahrung der Privatsphäre in RFID-Anwendungen, der von der Artikel-29-Datenschutzgruppe gebilligt und von allen wichtigen Interessenverbänden einschließlich der Europäischen Kommission im Jahr 2011 unterzeichnet wurde.
Es werden normative sowie informative Verfahren des Rahmenwerks einer gesamteuropäischen PIA für RFID-Anwendungen festgelegt.
Es sind eine Reihe normierter Verfahren zur Erarbeitung von PIA-Vorlagen enthalten, dazu gehören Werk-zeuge, die mit RFID betreffenden PIA-Methoden kompatibel sind.
Zusätzlich werden die Bedingungen aufgeführt, die erforderlich sind, um eine vorhandene PIA durch einen neuen Bewertungsprozess zu überarbeiten, zu ändern oder zu ersetzen.

Technologies de l'information - Processus d'évaluation d'impact sur la vie privée des applications RFID

La présente Norme européenne a été élaborée dans le cadre du mandat M/436 de l'Union européenne relatif à l'identification RFID. Elle se base sur le Cadre d’évaluation d’impact des applications RFID sur le respect de la vie privée et la protection des données, qui a été développé par l'industrie, en collaboration avec la société civile, approuvé par le Groupe de travail « Article 29 » et signé par tous les principaux intervenants, y compris la Commission européenne, en 2011.
Elle définit les aspects dudit cadre sous forme de procédures normatives ou informatives pour permettre une méthode européenne commune afin d’entreprendre une EIVP des applications RFID.
Elle fournit un ensemble normalisé de procédures pour l’élaboration de modèles d'EIVP, comprenant des outils compatibles avec la méthodologie d'EIVP des applications RFID.
De plus, elle identifie les conditions qui requièrent qu’une EIVP existante soit révisée, amendée ou remplacée par un nouveau processus d'évaluation.

Informacijska tehnologija - Postopek ocenjevanja vpliva RFID na zasebnost

Ta evropski standard je bil pripravljen kot del mandata EU RFID M436. Temelji na okviru ocenjevanja vpliva na zasebnost in varnost podatkov za aplikacije RFID, ki ga je razvila industrija v sodelovanju s civilno družbo, določa ga člen 29 Delovne skupine za varstvo podatkov, leta 2011 pa so ga podpisali vsi ključni deležniki, vključno z Evropsko komisijo.
Vidike tega okvira določa kot normativne ali informativne postopke, da se omogoči skupna evropska metoda za izvajanje ocenjevanja vpliva RFID na zasebnost.
Zagotavlja standardiziran sklop postopkov za pripravo predlog za ocenjevanje vpliva na zasebnost, vključno z orodji, združljivimi z metodologijo ocenjevanja vpliva RFID na zasebnost.
Poleg tega določa pogoje, ki zahtevajo revizijo, spremembo ali zamenjavo obstoječega ocenjevanja vpliva na zasebnost z novim postopkom ocenjevanja.

General Information

Status
Published
Publication Date
24-Jun-2014
Withdrawal Date
30-Dec-2014
ICS
35.240.60 - IT applications in transport
Technical Committee
CEN/TC 225 - AIDC technologies
Drafting Committee
CEN/TC 225 - AIDC technologies
Current Stage
9060 - Closure of 2 Year Review Enquiry - Review Enquiry
Start Date
02-Dec-2019
Completion Date
02-Dec-2019
Mandate
M/436 - Standardisation mandate to the European Standardisation Organisation CEN, CENELEC and ETSI in the field of information and communication technologies applied to Radio Frequency Identification (RFID) and systems
Ref Project
SIST EN 16571:2014 - Information technology - RFID privacy impact assessment process

Buy Standard

EN 16571:2014EN 16571:2014
PreviousNext
Standard
EN 16571:2014
English language
103 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
EN 16571:2014EN 16571:2014
PreviousNext
Standard
EN 16571:2014
English language
103 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Informacijska tehnologija - Postopek ocenjevanja vpliva RFID na zasebnostVerfahren zur Datenschutzfolgenabschätzung (PIA) von RFIDProcessus d'évaluation de l'impact en termes de respect de la vie privée de l'identification RFIDInformation technology - RFID privacy impact assessment process35.020Informacijska tehnika in tehnologija na splošnoInformation technology (IT) in generalICS:Ta slovenski standard je istoveten z:EN 16571:2014SIST EN 16571:2014en,fr,de01-december-2014SIST EN 16571:2014SLOVENSKI
STANDARD



SIST EN 16571:2014



EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 16571
June 2014 ICS 35.240.60 English Version
Information technology - RFID privacy impact assessment process
Technologies de l'information - Processus d'évaluation d'impact sur la vie privée des applications RFID
Verfahren zur Datenschutzfolgenabschätzung (PIA) von RFID This European Standard was approved by CEN on 14 May 2014.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels © 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 16571:2014 ESIST EN 16571:2014



EN 16571:2014 (E) 2 Contents Page Foreword .5 Introduction .6 1 Scope .7 2 Normative references .7 3 Terms and definitions .7 4 Symbols and abbreviations . 11 5 Structure of this European Standard . 12 6 Field of reference for this European Standard . 12 6.1 'RFID' as defined by the EU RFID Recommendation . 12 6.2 'RFID application' as defined by the EU RFID Recommendation . 13 6.3 'RFID operator' as defined by the EU RFID Recommendation . 13 6.4 Relationship between the RFID PIA and data protection and security . 14 6.5 Relevant inputs for the PIA process . 17 6.5.1 General . 17 6.5.2 The privacy capability statement . 17 6.5.3 The Registration Authority . 17 6.5.4 RFID PIA templates . 17 7 RFID operator's organizational objectives of the RFID PIA .
...

SLOVENSKI STANDARD
SIST EN 16571:2014
01-december-2014
Informacijska tehnologija - Postopek ocenjevanja vpliva RFID na zasebnost
Information technology - RFID privacy impact assessment process
Verfahren zur Datenschutzfolgenabschätzung (PIA) von RFID
Processus d'évaluation de l'impact en termes de respect de la vie privée de
l'identification RFID
Ta slovenski standard je istoveten z: EN 16571:2014
ICS:
35.040.50 Tehnike za samodejno Automatic identification and
razpoznavanje in zajem data capture techniques
podatkov
SIST EN 16571:2014 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN 16571:2014

---------------------- Page: 2 ----------------------
SIST EN 16571:2014

EUROPEAN STANDARD
EN 16571

NORME EUROPÉENNE

EUROPÄISCHE NORM
June 2014
ICS 35.240.60
English Version
Information technology - RFID privacy impact assessment
process
Technologies de l'information - Processus d'évaluation Verfahren zur Datenschutzfolgenabschätzung (PIA) von
d'impact sur la vie privée des applications RFID RFID
This European Standard was approved by CEN on 14 May 2014.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same
status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 16571:2014 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
SIST EN 16571:2014
EN 16571:2014 (E)
Contents Page
Foreword .5
Introduction .6
1 Scope .7
2 Normative references .7
3 Terms and definitions .7
4 Symbols and abbreviations . 11
5 Structure of this European Standard . 12
6 Field of reference for this European Standard . 12
6.1 'RFID' as defined by the EU RFID Recommendation . 12
6.2 'RFID application' as defined by the EU RFID Recommendation . 13
6.3 'RFID operator' as defined by the EU RFID Recommendation . 13
6.4 Relationship between the RFID PIA and data protection and security . 14
6.5 Relevant inputs for the PIA process . 17
6.5.1 General . 17
6.5.2 The privacy capability statement . 17
6.5.3 The Registration Authority .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN 17230:2020(Main)
Information technology - RFID in rail
SIST EN 17230:2021

The RFID tag location, tag data content and functional requirements have been developed for application on the main line railway networks. Other networks (such as metro) could apply to this document but are outside of its scope.
This document contains:
-   description of the RFID tag installation location;
-   description of the RFID tag data content;
-   description of the functional requirements in relation to the RFID tag track side reading performance.

  • Standard
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16570:2014(Main)
Information technology - Notification of RFID - The information sign and additional information to be provided by operators of RFID application systems
SIST EN 16570:2014

1.1   General
The scope of this EN is to define the requirements for a Common European Notification Signage system to be used by operators of RFID application systems deployed within the EU Member States.
1.2   Objective
The objective of this EN is to provide enterprises, both large and small, with a common and accessible framework for the design and display of RFID notification signs.
In addition to the information placed on the sign, the framework includes the information policy - needed to answer enquiries received from individuals accessing the contact point noted on the sign itself. This minimizes the volume of information written on the sign.
This European Standard defines:
a)   the details of data and graphics that shall be included on the signage;
b)   the presentational requirements for the signage, taking account of the need;
1)   to provide a practical solution given constraints on print technique and print area;
2)   for a consistent common and recognisable signage;
c)   means to support accessibility;
d)   the structure and content of an information policy to meet the informational needs of individuals with respect to RFID privacy.
1.3   Applicability
This EN provides an application-agnostic framework which may be used by all enterprises operating RFID applications in the European Union.

  • Standard
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16656:2014(Main)
Information technology - Radio frequency identification for item management - RFID Emblem (ISO/IEC 29160:2012, modified)
SIST EN 16656:2014

This European Standard specifies the design and use of the RFID Emblem: an easily identified visual guide that indicates the presence of radio frequency identification (RFID). It does not address location of the RFID Emblem on a label. Specific placement requirements are left to application standards developers.
It also specifies an RFID Index, which can be included in the RFID Emblem and which addresses the complication added by the wide range of RFID tags (frequency, protocol and data structure). The RFID Index is a two-character code that provides specific information about compliant tags and interrogators. Successful reading of RFID tags requires knowledge of the frequency, protocol and data structure information provided by the RFID Index.

  • Standard
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 16669:2014(Main)
Information technology - Device interface to support ISO/IEC 18000-3
SIST-TP CEN/TR 16669:2014

The scope of this Technical Report is to assess the need to develop a Technical Specification to define an interface that provides RFID system control components with low-level access to RFID interrogators for the purpose of optimising RFID data access and control operations.

  • Technical report
    20 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 16670:2014(Main)
Information technology - RFID threat and vulnerability analysis
SIST-TP CEN/TR 16670:2014

The scope of the Technical Report is to consider the threats and vulnerabilities associated with specific characteristics of RFID technology in a system comprising:
—   the air interface protocol covering all the common frequencies;
—   the tag including model variants within a technology;
—   the interrogator features for processing the air interface;
—   the interrogator interface to the application.
The Technical Report addresses specific RFID technologies as defined by their air interface specifications. The threats, vulnerabilities, and mitigating methods are presented as a toolkit, enabling the specific characteristics of the RFID technology being used in an application to be taken into consideration. While the focus is on specifications that are standardized, the feature analysis can also be applied to proprietary RFID technologies. This should be possible because some features are common to more than one standardized technology, and it should be possible to map these to proprietary technologies.
Although this Technical Report may be used by any operator, even for a small system, the technical details are better considered by others. In particular the document should be a tool used by RFID system integrators, to improve security aspects using a privacy by design approach. As such it is also highly relevant to operators that are not SME’s, and to industry bodies representing SME members.
Although this Technical Report may be used by any operator, even for a small system, the technical details are better considered by others. In particular the document should be a tool used by RFID system integrators, to improve security aspects using a privacy by design approach. As such it is also highly relevant to operators that are not SME’s, and to industry bodies representing SME members.

  • Technical report
    70 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical report
    70 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 16674:2014(Main)
Information technology - Analysis of privacy impact assessment methodologies relevant to RFID
SIST-TP CEN/TR 16674:2014

The scope of this Technical Report (TR) is to identify methodologies that are used for, or have been considered applicable to, wireless technologies. These methodologies are analyzed to identify features that are applicable to RFID.
Based on the Industry RFID PIA Framework endorsed by the Article 29 Data Protection Working Party, the Technical Report focuses on proposing risk analysis methodologies suitable for the data capture area of an RFID system. This includes the RFID tag, the interrogator, the air interface protocol used for communication between them, and the communication from the interrogator to the application.
The Technical Report also proposes risk management features based on the inherent capabilities of a number of RFID technologies that conform to standardized RFID air interface protocols. This should provide enough information to enable the proposed privacy control features to be applied to other RFID technologies including those with proprietary air interface protocols and tag architectures. The risk management features exclude fundamental privacy by design features because these should be the subject of revisions and enhancements to technology standards. The risk management features defined in this Technical Report are considered applicable to current and future implementations of RFID based on existing technology. As such, this Technical Report is considered as input into a standard procedure for undertaking an RFID Privacy Impact Assessment.

  • Technical report
    49 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical report
    49 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 16684:2014(Main)
Information technology - Notification of RFID - Additional information to be provided by operators
SIST-TP CEN/TR 16684:2014

This Technical Report is to assist operators of applications in areas where radio frequency interrogators are deployed, to identify the types of information that are called for in the recommendation.
The Technical Report provides all the current information to assist operators to develop and publish a concise accurate and easy to understand information policy for each of their applications.
The policy should at least include:
—   the identity and address of the operators;
—   the purpose of the application;
—   what data are to be processed by the application, in particular if personal data will be processed, and whether the location of tags will be monitored;
—   a summary of the privacy and data protection impact assessment;
—   the likely privacy risks, if any, relating to the use of tags in the application and the measures that individuals can take to mitigate these risks.

  • Technical report
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical report
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 16685:2014(Main)
Information technology - Notification of RFID - The information sign to be displayed in areas where RFID interrogators are deployed
SIST-TS CEN/TS 16685:2014

This Technical Specification defines:
—   the details of data and graphics that shall be included on the signage;
—   the presentational requirements for the signage, taking account of the need:
—   to provide a practical solution given constraints on print technique and print area;
—   for a consistent common and recognizable signage;
—   means to support accessibility;
—   the structure and content of an information policy to meet the informational needs of individuals with respect to RFID privacy.

  • Technical specification
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical specification
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 16673:2014(Main)
Information technology - RFID privacy impact assessment analysis for specific sectors
SIST-TP CEN/TR 16673:2014

The scope of this Technical Report is to use the RFID PIA Framework as the basis for exploring issues with four major sectors involved with RFID:
—   libraries;
—   retail;
—   e-Ticketing, toll roads, fee collection, events management;
—   banking and financial services.
After specific sector research and consolidation of the results of industry workshops and seminars that take place in several EU Member States, this Technical Report will identify the characteristics that need to be taken into consideration by operators of RFID systems in the example sectors. In addition it will provide advice to operators in the sector on significant variants both in terms of technology and application data. This will enable the appropriate risk factors to be taken into account.
Based on the synthesis of the applications in the chosen sectors, this Technical Report will also identify a set of factors relevant to specific RFID technologies and features that will need to be taken into account in preparing a Privacy and Data Protection Impact Assessment for many RFID applications.

  • Technical report
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical report
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 16672:2014(Main)
Information technology - Privacy capability features of current RFID technologies
SIST-TP CEN/TR 16672:2014

The scope of the Technical Report is to identify technical characteristics of particular RFID air interface protocols that need to be taken into consideration by operators of RFID systems in undertaking their privacy impact assessment. It also provides information for those operators who provide RFID-tagged items that are likely to be read by customers or other organisations.
This Technical Report provides detailed privacy and security characteristics that apply to products that are compliant with specific air interface protocols, and also to variant models that comply with such standards.
The Technical Report also identifies proprietary privacy and security features which have been added to tags, which are problematic of being implemented in open systems which depend on interoperability between different devices. Such proprietary solutions, whilst being technically sound, in fact impede interoperability. The gap analysis thus identified can be used to encourage greater standardization.

  • Technical report
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Technical report
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day