iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

FprCEN/TR 18241

(Main)

Privacy management in products and services - Biometric access control products and services

Privacy management in products and services - Biometric access control products and services

This document contains recommendations on how to integrate the principle of ‘data protection and privacy by design’
during the entire lifecycle of biometric access-control products and services, in order to achieve ‘data protection and
privacy by default’.
Biometric facial recognition for access control is covered by this document. Biometric facial recognition for surveillance is
covered by CEN/CLC/JTC 13 TR ‘Video surveillance’.
This document specifies recommendations for the management of data protection and privacy by design in biometricaccess-
control products and services. This document extends ISO/IEC 27552. This document applies to aspects of data
protection and privacy by design. This document is not applicable to non-biometric aspects of access control, or to aspects
not relating to data protection or privacy.

Biometrische Zugangskontrolle mit Gesichtserkennung

Management de la protection de la vie privée dans les produits et services - Produits et services de commande d'accès biométrique

Vodenje zasebnosti pri izdelkih in storitvah - Izdelki in storitve za biometrični nadzor dostopa

General Information

Status
Not Published
Publication Date
12-Nov-2025
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/JTC 13/WG 5 - Data Protection, Privacy and Identity Management
Current Stage
5020 - Submission to Vote - Formal Approval
Start Date
24-Jul-2025
Due Date
06-May-2021
Completion Date
24-Jul-2025
Directive
95/46/EC - Protection of individuals with regard to the processing of personal data and on the free movement of such data
Mandate
M/530 - [C(2015)102] Standardization request on privacy and personal data protection management in the design and development and in the production and service provision and process in the security technologies
Ref Project
kSIST-TP FprCEN/TR 18241:2025 - Privacy management in products and services - Biometric access control products and services
kTP FprCEN/TR 18241:2025kTP FprCEN/TR 18241:2025
PreviousNext
Draft
kTP FprCEN/TR 18241:2025
English language
12 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2025
Vodenje zasebnosti pri izdelkih in storitvah - Izdelki in storitve za biometrični
nadzor dostopa
Privacy management in products and services - Biometric access control products and
services
Biometrische Zugangskontrolle mit Gesichtserkennung
Management de la protection de la vie privée dans les produits et services - Produits et
services de commande d'accès biométrique
Ta slovenski standard je istoveten z: FprCEN/TR 18241
ICS:
35.030 Informacijska varnost IT Security
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL REPORT FINAL DRAFT
RAPPORT TECHNIQUE
TECHNISCHER REPORT
July 2025
ICS
English version
Privacy management in products and services - Biometric
access control products and services
Management de la protection de la vie privée dans les Biometrische Zugangskontrolle mit Gesichtserkennung
produits et services - Produits et services de
commande d'accès biométrique
This draft Technical Report is submitted to CEN members for Vote. It has been drawn up by the Technical Committee
CEN/CLC/JTC 13.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.

Warning : This document is not a Technical Report. It is distributed for review and comments. It is subject to change without
notice and shall not be referred to as a Technical Report.

CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2025 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. FprCEN/TR 18241:2025 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 General. 6
4.1 Preparing the grounds for data protection and privacy by design and by default . 6
4.2 Structure for disassembling product and service into applicable categories . 6
4.2.1 Introduction . 6
4.2.2 Product layers . 6
4.2.3 Service layers . 7
4.3 Self-declaration and levels of achievement . 7
5 Process for a privacy aware development of products and services . 7
5.1 Leadership and market intelligence . 7
5.2 Preparation . 7
5.3 Design . 7
5.3.1 Determination of DPbPP requirements . 7
5.3.2 Development . 7
5.3.3 Production and service provision . 7
5.3.4 Release of products and services . 7
5.4 Performance evaluation . 7
5.5 Improvement . 7
6 Basic requirements on the design of products and services . 8
6.1 Access . 8
6.1.1 Access to data . 8
6.1.2 Copy of data . 8
6.2 Accountability . 8
6.3 Accuracy . 8
6.4 Data de-identification . 8
6.5 Data minimization . 9
6.6 Data portability . 9
6.7 Confidentiality . 9
6.8 Erasure. 9
6.9 Fairness . 9
6.9.1 Determination of user age . 9
6.9.2 Configurable children age threshold . 9
6.10 Information security . 9
6.10.1 Unauthorized or unlawful processing . 9
6.10.2 Data loss . 9
6.10.3 Information protection targets . 9
6.10.4 Restore . 10
6.11 Lawfulness . 10
6.11.1 Data disclosure . 10
6.11.2 Consent . 10
6.12 Objection to processing . 10
6.13 Automated decision making . 10
6.14 Restriction of processing . 10
6.15 Storage limitation . 10
6.16 Transparency . 10
6.16.1 Information . 10
6.16.2 Record of processing activities . 10
7 Requirements to the self-declaration of privacy aware design . 11
7.1 Process requirements . 11
7.2 Preparation based on the product and service layer requirements . 11
7.3 Preparation additionally based on conduction of a DPIA . 11
7.4 Determination of the level of achievement . 11
7.5 Self-declaration statement . 11
Bibliography . 12

European foreword
This document (FprCEN/TR 18241:2025) has been prepared by Technical Committee CEN-
CENELEC/JTC 13 “Cybersecurity and Data Protection”, the secretariat of which is held by DIN.
This document is currently submitted to the Vote on TR.
This document has been prepared under a Standardization Request given to CEN by the European
Commission and the European Free Trade Association, and supports essential requirements of
EU Directive(s) / Regulation(s).
Introduction
EN 17529 applies to all products and services in general, in order to achieve data protection and privacy
by design and by default. Its scope includes biometric access-control products and services. For this
specific category of products and services, this document adds information that explains how industry
can use EN 17529 in the case of biometric access-control products and services.
Results incorporated in this document received funding from the European Union’s Horizon 2020
research and innovation programme under grant agreement No 101168144.
1 Scope
This document contains recommendations on how to integrate the principle of ‘data protection and
privacy by design’ during the entire lifecycle of biometric access-control products and services, in order
to achieve ‘data protection and privacy by default’.
NOTE 1 The GDPR requires the effective integration of data-protection safeguards into the processing of
personal data (Article 25).
NOTE 2 Biometric access control includes cards and passports, biometric comparisons on card, in databases and
a combination of both, as well as one-to-one and one-to-many (and many-to-many) comparisons.
NOTE 3 Biometric access control is used at work and border control as well as in combination with cards and
PINs and in online and mobile services.
Facial recognition for access control is covered by this document.
This document extends EN 17529.
This document applies to aspects of data protection and privacy by design.
This document is not applicable to non-biometric aspects of access control, or to aspects not relating to
data protection or privacy.
NOTE 4 In general, biometrics is for example covered by ISO/JTC 1/SC 37 and CEN/TC 224/WG 18.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
No terms and definitions are listed in this document.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp/
— IEC Electropedia: available at https://www.electropedia.org/
4 General
All clauses in this document contain information additional to the respective clauses in EN 17529, unless
it is explicitly stated that certain assumptions made in EN 17529 are not technically possible in the case
of biometric access control.
4.1 Preparing the grounds for data protection and privacy by design and by default
There are specific rules for biometrics and sensitive data in the GDPR, which can be used to prepare the
grounds for data protection and privacy by design and by de
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN 17745:2025(Main)
Agricultural and forestry machinery - Environmental requirements for granule applicator of Plant Protection Products
SIST EN 17745:2025

This document specifies general constructive and functional requirements and their test methods for granule applicator with regard to minimizing the potential risk of environmental contamination during use.
This document deals with all the significant environmental hazards related to the granule applicators.
This document does not deal with safety requirements for protection of the operator only.
NOTE   General safety requirements are covered by EN ISO 4254-1:2015 and EN ISO 4254-1:2015/A1:2021.
This document is not applicable to granule applicators manufactured before the date of its publication.

  • Draft
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13892-9:2025(Main)
Methods of test for screed materials - Part 9: Dimensional stability
SIST EN 13892-9:2025

This document specifies a method for determining the dimensional stability (i.e. the shrinkage and swelling) of cementitious screed, calcium sulphate screed, magnesite screed and synthetic resin screed materials made in accordance with EN 13892-1.

  • Draft
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18025:2025(Main)
Water quality - Guidance standard on a strategic approach to river restoration
kSIST FprEN 18025:2025

This document gives guidelines for the restoration of rivers, including their channels, riparian zones and floodplains. The word ‘river’ is used as a generic term to describe permanently flowing and intermittent watercourses of all sizes, with the exception of artificial water bodies such as canals. Some aspects of landscape restoration beyond the boundaries of what are often considered typical river processes are also considered.
A clear framework of guiding principles to help inform the planning and implementation of river restoration work is provided. These principles are applicable to individuals and organizations wishing to restore rivers, and stress the importance of monitoring and appraisal. This document makes reference to existing techniques and guidance, where these are appropriate and within the scope of this document.
This document gives guidelines on:
-   the core principles of restoration;
-   aims and overall outcomes of river restoration;
-   the spectrum of typical approaches to river restoration with a focus on those that are nature-based and restore both physical and ecological aspects;
-   identifying opportunities for restoration and possible constraints, with a focus on physical and natural rather than socio-economic aspects;
-   different scales of restoration and how restoration works across different catchments and landscapes;
-   the importance of monitoring and appraising restoration work across the range of approaches and scales.

  • Draft
    45 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 80000-9:2019/A1:2025(Amendment)
Quantities and units - Part 9: Physical chemistry and molecular physics - Amendment 1 (ISO 80000-9:2019/Amd 1:2025)
SIST EN ISO 80000-9:2019/A1:2025
  • Draft
    4 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13892-10:2025(Main)
Method of test for screed materials - Part 10: Determination of moisture content - Calcium Carbide Method
SIST EN 13892-10:2025

This document specifies the CM method for determining the moisture content of cementitious screed, calcium sulphate screed and magnesite screed made according to EN 13813.

  • Draft
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN ISO/TS 23359:2025(Main)
Nanotechnologies - Chemical characterization of graphene-related two-dimensional materials from powders and liquid dispersions (ISO/TS 23359:2025)
kSIST-TS FprCEN ISO/TS 23359:2025

This document specifies methods for characterizing the chemical properties of powders or liquid dispersions containing graphene-related two-dimensional material (GR2M), using a set of suitable measurement techniques.
This document covers the determination of elemental composition, oxygen to carbon ratio, trace metal impurities, weight percentage of chemical species and functional groups present, by use of the following techniques:
— X-ray photoelectron spectroscopy (XPS);
— thermogravimetric analysis (TGA);
— inductively coupled plasma mass spectrometry (ICP-MS);
—Fourier-transform infrared spectroscopy (FTIR).
This document covers sample preparation, protocols and data analysis for the different techniques.

  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 13916:2025(Main)
Welding - Measurement of preheating temperature, interpass temperature and preheat maintenance temperature (ISO 13916:2025)
kSIST FprEN ISO 13916:2025

This document specifies requirements for the measurement of preheating temperature, interpass temperature and preheat maintenance temperature for fusion welding. This document can also be applied as appropriate in the case of other welding processes. This document does not apply to the measurement of post weld heat treatment temperatures.

  • Draft
    8 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 15382:2025(Main)
Radiological protection - Procedures for monitoring the dose to the lens of the eye, the skin and the extremities (ISO 15382:2025)
kSIST FprEN ISO 15382:2025

This document provides procedures for monitoring the dose to the skin, the extremities, and the lens of the eye. It gives guidance on how to decide if such dosemeters are needed and to ensure that individual monitoring is appropriate to the nature of the exposure, taking practical considerations into account.
This document specifies procedures for individual monitoring of radiation exposure of the skin of the body, extremities (skin of the hands, fingers, wrists, forearms including elbow, lower leg including patella, feet and ankles), and lens of the eye in planned exposure situations. It covers practices which involve a risk of exposure to photons in the range of 8 keV to 10 MeV, electrons and positrons in the range of 0,07 MeV to 1,2 MeV mean beta energies being equivalent to 0,22 MeV and 3,6 MeV beta maximum energy - in accordance to the ISO 6980 series, and neutrons in the range of thermal to 20 MeV.
This document gives guidance for the design of a monitoring programme to ensure compliance with legal individual dose limits. It refers to the appropriate operational dose quantities, and it gives guidance on the type and frequency of individual monitoring and the type and positioning of the dosemeter. Finally, different approaches to assess and analyse skin, extremity, and lens of the eye doses are given.
It is not in the scope of this document to consider exposure due to alpha radiation fields.
NOTE 1        The requirements for the monitoring of the occupational exposure may be given in national regulations.
NOTE 2        Dose to the lens of the eye due to intake of tritium is not in the scope of this document. Moreover, the situation of the workers that work in contaminated atmosphere and can have alpha and/or radon eye lens dose is also not in the scope.

  • Draft
    40 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 14383-1:2025(Main)
Crime prevention through building design, urban planning and city maintenance - Part 1: Vocabulary
kSIST FprEN 14383-1:2025

This document defines terms for the crime prevention through building design, urban planning and city maintenance. For some specific terms used in the other parts of the EN 14383-series, it provides equivalent terms in three languages, as well as definitions.
This document uses the crime type definitions of the ICCS [5] (including the coding in numbers).
In a national context national definitions of crime types may be preferred.

  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 21254-1:2025(Main)
Lasers and laser-related equipment - Test methods for laser-induced damage threshold - Part 1: Definitions and general principles (ISO 21254-1:2025)
kSIST FprEN ISO 21254-1:2025

This document defines terms used in conjunction with, and the general principles of, test methods for determining the laser-induced damage threshold and for the assurance of optical laser components subjected to laser radiation.

  • Draft
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day