BS PD CEN TR 16742-2014 Intelligent transport systems Privacy aspects in ITS standards and systems in Europe《智能运输系统 欧洲智能运输系统标准和体系的隐私问题》.pdf

1、BSI Standards Publication PD CEN/TR 16742:2014 Intelligent transport systems Privacy aspects in ITS standards and systems in EuropePD CEN/TR 16742:2014 PUBLISHED DOCUMENT National foreword This Published Document is the UK implementation of CEN/TR 16742:2014. It supersedes PD ISO/TR 12859:2009 which

2、 is withdrawn. The UK participation in its preparation was entrusted to Technical Committee EPL/278, Intelligent transport systems. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provis

3、ions of a contract. Users are responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 79082 9 ICS 35.240.60 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was pu

4、blished under the authority of the Standards Policy and Strategy Committee on 31 October 2014. Amendments issued since publication Date Text affectedPD CEN/TR 16742:2014TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 16742 October 2014 ICS 35.240.60 English Version Intelligent transpor

5、t systems - Privacy aspects in ITS standards and systems in Europe Systmes de transport intelligents - Aspects de la vie prive dans les normes et les systmes en Europe Intelligente Transportsysteme - Datenschutz Aspekte in ITS Normen und Systemen in Europa This Technical Report was approved by CEN o

6、n 23 September 2014. It has been drawn up by the Technical Committee CEN/TC 278. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland,

7、Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management

8、 Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 16742:2014 EPD CEN/TR 16742:2014 CEN/TR 16742:2014 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 2 Terms and definitions

9、 .5 3 Symbols and abbreviated terms 7 4 Background information .8 4.1 Historical background .8 4.2 Legal background 9 4.3 Fundamental Rights of Data Protection and Privacy 10 5 Basic elements of data protection and privacy . 12 5.1 Personal information (PI) and its avoidance 12 5.1.1 General . 12 5.

10、1.2 GPS-Data or GPS-Trajectories 15 5.2 Sensitive data 16 5.3 Individual or data subject 16 5.4 Controller . 17 5.4.1 General . 17 5.4.2 ITS environment 17 5.5 Processor 18 5.6 Third Party . 19 5.7 File or filing system (manually or automatically processed) . 19 5.8 Consent 19 5.9 Withdrawal of cons

11、ent . 21 5.10 Fairness and legitimacy . 21 5.11 Determination of purpose 21 5.12 Minimization of PI . 22 5.13 Topicality and correctness of PI . 22 5.14 Time limits to PI 23 5.15 Security requirements to PI . 23 5.16 Obligation to keep PI secret 24 5.17 Obligation to inform the data subject (Individ

12、ual or legal entity) 24 5.18 Right (access) to PI. 25 5.19 Right to rectification and erasure of PI 26 5.20 Right to objection . 27 5.21 Video surveillance (VS) 28 5.22 Shift in the burden of proof . 28 Annex A (informative) Examples of the principle of “cumulative interpretation” . 30 Annex B (info

13、rmative) Data privacy Framework, Directives and Guidelines . 33 Annex C (informative) Security related International Standards . 34 PD CEN/TR 16742:2014 CEN/TR 16742:2014 (E) 3 Foreword This document (CEN/TR 16742:2014) has been prepared by Technical Committee CEN/TC 278 “Intelligent transport syste

14、ms”, the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. PD CEN/TR 16742:2014 CEN/TR 16742:2014 (

15、E) 4 Introduction This Technical Report is a guide for the developers of both ITS itself and its standards when many types of data are exchanged during the performance of its tasks, which includes in some cases personal data and information. Such Personal Data or Personal Information (PI) underlies

16、for their applications special rules defined in European Union (EU) mandatory directives or a possible EU Regulation concerning the revision of the EU Directives at Data Protection or at the national level national data protection law. In order to avoid an incorrect use of PI in any standard or Tech

17、nical Report, which would cause the application of this standard or Technical Specification to be banned by legal courts, this Technical Report gives guidelines for the CEN/TC 278 Working Groups how to deal with PI in compliance with the legal rules. Even though specific data privacy protection legi

18、slation is generally achieved through national legislation and this varies from country to country there exists a basic set of rules which are common in all European countries. These common rules are defined in the European Directives 95/46/EC and 2002/58/EC in their current versions. Countries not

19、members of the European Union (Switzerland, Norway, Island etc.) have issued national data protection laws, which are very closely aligned to the European Directives. It should also be noted that the European Directives on the protection of individuals (95/46/EC and 2002/58/EC) are regarded as the s

20、trongest legal rules around the world. This Technical Report builds on the content of ISO/TR 12859:2009 but extends the rules and recommendations in order to be as compliant as is reasonable with the European Directives and some of the national data protection laws. This means it is more specific an

21、d includes some recent developments and it tries to include some intentions of what the European Commission is preparing to include in a revised and enforced version of the Directive 95/46/EC (the proposed EU proposal of a Regulation of data protection COM(2012)11 final, 2012/0011 (COD). PD CEN/TR 1

22、6742:2014 CEN/TR 16742:2014 (E) 5 1 Scope This Technical Report gives general guidelines to developers of intelligent transport systems (ITS) and its standards on data privacy aspects and associated legislative requirements. It is based on the EU-Directives valid at the end of 2013. It is expected t

23、hat planned future enhancements of the Directives and the proposed “General Data Protection Regulation” including the Report of the EU-Parliament of 2013-11-22 (P7_A(2013)0402) will not change the guide significantly. 2 Terms and definitions For the purposes of this document, the following terms and

24、 definitions apply. 2.1 accountability principle that individuals, organizations or the community are liable and responsible for their actions and may be required to explain them to the data subject and others and their actions shall comply with measures and making compliance evident, and the associ

25、ated required disclosures SOURCE: ISO/IEC 24775:2011 Edition:2 2.2 anonymity characteristic of information, which prevents the possibility to determine directly or indirectly the identity of the data subject SOURCE: ISO/IEC 29100:2011 2.3 anonymisation process by which personal information (PI) is i

26、rreversibly altered in such a way that an Individual or a legal entity can no longer be identified directly or indirectly either by the controller alone or in collaboration with any other party SOURCE: ISO/IEC 29100:2011 2.4 anonymised PI PI that has been subject to a process of anonymisation and th

27、at by any means can no longer be used to identify an Individual or legal entity SOURCE: ISO/IEC 29100:2011 2.5 committing of PI transfer of PI from the controller to a processor in the context of a commissioned work 2.6 consent individuals or legal entitys (data subject) explicitly or implicitly fre

28、ely given agreement to the processing of its PI in the course of which the data subject has been in advance completely informed about the purpose, the legal basis and the third parties, receiving data subjects PI, and all these in a comprehensible form PD CEN/TR 16742:2014 CEN/TR 16742:2014 (E) 6 2.

29、7 controller any natural or legal person, public authority, agency or any other body which alone or jointly with others collect and/or process and determine the purposes and means of the processing of PI, independently whether or not a person uses the PI by themselves or assigns the tasks to a proce

30、ssor; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law SOURCE: EU-Dir 95/46/EU Art 2 lit d 2.8 data subject any natural or legal person or

31、association of persons whose PI is processed and is not identical to the controller or processor or third party Note 1 to entry: ISO/IEC 29100 uses this definition for the person of which personal data are used the Principal. The above definition is that one that is used in EU-Directives. 2.9 identi

32、fiability conditions which result in a data subject being identified, directly or indirectly, on the basis of a given set of PI 2.10 identify establishes the link between a data subject and its PI or a set of PI 2.11 identity set of attributes which makes it possible to identify, contact or locate t

33、he data subject SOURCE: ISO/IEC 29100:2011 2.12 personal information PI any data or information related to an individual or legal entity or an association of person or individuals by which the individual or legal entity or association of persons could be identified Note 1 to entry: The EU-Dir 95/48/

34、EC names in its Art 2 lit. (a) the personal information as “personal data” and defines it as: “any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identi

35、fication number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”. 2.13 processor natural person or legal entity or organization that processes PI on behalf of and in accordance with the instructions of a PI controller and if it use PI

36、only for the commissioned work 2.14 sub-processor privacy stakeholder that processes PI on behalf of and in accordance with the instructions of a PI processor 2.15 privacy right of a natural person or legal entity or association of persons acting on its own behalf, to determine the degree to which t

37、he confidentiality of its personal information (PI) is maintained or disclosed to others SOURCE: ISO/IEC 24775:2011 PD CEN/TR 16742:2014 CEN/TR 16742:2014 (E) 7 2.16 processing of PII any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as

38、 collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction SOURCE: EU-Dir 95/48/EC Art 2 lit(b) 2.17 sensitive data any pers

39、onal information related to a natural person revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data or sex life; its processing is prohibited except for closing circumstances 2.18 use of PI action that circumvents all kinds of o

40、perations with the set of PI or certain elements of it meaning both processing of PI and transmission of PI to a third party 2.19 processing PI collecting, recording, storing, sorting, comparing, modification, interlinking, reproduction, consultation, output, utilisation, committing, blocking, erasu

41、re or destruction, disclosure or any kind of operation with PI except the transmission of PI to a third party 2.20 third party any person or legal entity receiving PI of a data subject other than the data subject itself or the controller or the processor 2.21 transmitting PI transfer of PI to recipi

42、ents other than the data subject, the controller or a processor, in particular publishing of data as well as the use of data for another application purpose of the controller 3 Symbols and abbreviated terms The following abbreviations are common to this document: APEC Asia-Pacific Economic Cooperati

43、on Art Article (clause in an EU Directive or similar document) C-ITS Cooperative ITS CoE Council of Europe Dir Directive (as in EU Directive) EC European Council EU European Union ITS Intelligent Transport Service OECD Organization for Economic Co-operation and Development para paragraph PI Personal

44、 Information PD CEN/TR 16742:2014 CEN/TR 16742:2014 (E) 8 RDB relational databases UN United Nations VS Video Surveillance 4 Background information 4.1 Historical background At the time of first codifications of rights (e.g. ancient Hammurabis-Stone (1770 BC), ancient Grecian Drakons law (621 BC, co

45、dification of existing law, abolition of vendetta), Solons law reform (593 BC, general discharge of debts, abolition of bonded labour, personal freedom of citizens and structured in four classes), Kleistenes law reform (507 BC, one homogenous citizen class, extension of political participation), the

46、 ancient Roman Twelve-Table-Law (450 BC) and Justinians Corpus Iuris Civilis (534 AD) the basic rights of a person like dignity were seldom subject to regulation. The codifications served mainly the written declaration and determination of basic rules for possession and property, related human actio

47、ns, solving conflicts, the balance of interests between different positions of persons or rights of domination of a sovereign and some criminal law for severe criminal acts. The first written declaration of freedom rights happened in the “Magna Carta Libertatum” on June 15th 1215 AD in England, by w

48、hich Jonathan Landless (1199 1216) granted the Church of England and the nobility some privileges. This document contains additionally (par 39) the freedom for all free citizens. However, this freedom of citizens was in reality performed about some hundred years later. The “Magna Carta Libertatum” i

49、s valid constitutional law in Great Britten today. The written rights of freedom of all citizens was confirmed indirectly in the “Habeas Corpus Act” (1679) and the possibility of a fair defence of them before a court by the “Bill of Rights of England” (1689) which was model for the US Constitution. The right of freedom and the dignity of a person were intensively discussed during the age of Enlightenment by Montesquieu, Rousseau, Voltaire, dAlembert and Diderot to mention the best known. However, the sovereigns did not convert their ideas in law, b