CEN TR 16673-2014 Information technology - RFID privacy impact assessment analysis for specific sectors《信息技术 特定行业的RFID隐私影响的分析评估》.pdf

1、BSI Standards PublicationPD CEN/TR 16673:2014Information technology RFIDprivacy impact assessmentanalysis for specific sectorsPD CEN/TR 16673:2014 PUBLISHED DOCUMENTNational forewordThis Published Document is the UK implementation of CEN/TR 16673:2014.The UK participation in its preparation was entr

2、usted to Technical Committee IST/34, Automatic identification and data capture techniques.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible f

3、or its correct application. The British Standards Institution 2014.Published by BSI Standards Limited 2014ISBN 978 0 580 83898 9ICS 35.240.60Compliance with a British Standard cannot confer immunity from legal obligations.This Published Document was published under the authority of the Standards Pol

4、icy and Strategy Committee on 30 June 2014.Amendments/corrigenda issued since publicationDate T e x t a f f e c t e dPD CEN/TR 16673:2014TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 16673 June 2014 ICS 35.240.60 English Version Information technology - RFID privacy impact assessment

5、 analysis for specific sectors Technologies de linformation - valuation dimpact sur la vie prive des applications RFID dans des secteurs spcifiques Informationstechnik - Verfahren zur Datenschutzfolgenabschtzung (PIA) von RFID fr spezifische Sektoren This Technical Report was approved by CEN on 20 J

6、anuary 2014. It has been drawn up by the Technical Committee CEN/TC 225. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland,

7、 Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre:

8、 Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 16673:2014 EPD CEN/TR 16673:2014CEN/TR 16673:2014 (E) 2 Contents Page Foreword 4 Introduction .5 1 Scope 6 2 Terms and definitions .6 3 Sym

9、bols and abbreviations 8 4 Brief description of an RFID system 9 4.1 Infrastructure of an RFID system .9 4.2 Components of an RFID system 9 4.2.1 Transponder/Tag9 4.2.2 RFID reader or writer 10 4.2.3 Backend system 10 4.3 Characteristics of RFID technology compared to other data capture techniques 1

10、0 5 Privacy concept in RFID-based applications . 11 5.1 Interaction between data protection, data security and privacy . 11 5.2 Data protection 12 5.3 Data security . 13 5.4 Privacy . 13 5.5 General privacy risks . 13 5.6 Challenges for a privacy concept in context with RFID 14 5.7 Need for transpar

11、ency 15 6 Library sector overview . 15 6.1 Aspects of the library sector . 15 6.2 RFID technology overview . 16 6.3 Applications and parties involved 17 6.4 Privacy considerations 18 6.4.1 Privacy of possession 18 6.4.2 Privacy of personal data in the central system . 18 6.4.3 The impact of NFC-enab

12、led phones . 19 6.5 Prospects for PIA templates 19 7 Retail sector overview 20 7.1 Aspects of the retail sector 20 7.2 RFID Technology Overview . 21 7.3 Applications and parties involved 21 7.3.1 General . 21 7.3.2 Use of RFID in retail logistics 21 7.3.3 The role of the solution provider . 22 7.3.4

13、 Impact of RFID technology for the consumer 22 7.4 Privacy considerations 23 7.5 Technological prospects for privacy enhancements 25 8 Transport sector overview . 25 8.1 Aspects of the transport sector 25 8.2 RFID Technology Overview . 25 8.3 Applications and parties involved 26 8.3.1 General . 26 8

14、.3.2 Types of tickets, features and characteristics . 26 PD CEN/TR 16673:2014CEN/TR 16673:2014 (E) 3 8.3.3 Characteristics of automatic fare calculation. 27 8.3.4 Sales channels and their impact on the products . 27 8.4 Privacy considerations . 29 8.5 Other applications not covered in detail . 29 8.

15、5.1 General . 29 8.5.2 Toll roads and fee collection using RFID 29 8.5.3 Event management using RFID . 30 9 Banking and financial services sector overview . 30 9.1 Aspects of the finance sector 30 9.2 RFID Technology Overview 31 9.2.1 General . 31 9.2.2 Contactless payment cards 32 9.2.3 NFC based p

16、ayment by mobile phones 32 9.2.4 Micro-tags or stick-on-tags 32 9.3 Applications and parties involved . 32 9.4 Privacy considerations . 32 9.4.1 General . 32 9.4.2 Security of contactless payment cards . 33 9.4.3 Organisations 33 9.4.4 Impact of privacy in the banking and finance sector 34 9.4.5 Vul

17、nerabilities 34 9.4.6 Transparency, consumer information, commercial confidentiality and security . 35 9.4.7 Implications for the PIA 35 10 Conclusion and recommendations . 36 10.1 Diversity of RFID based applications 36 10.2 Benefits of and recommendation for sector or application specific template

18、s 36 10.3 Recommendation for a general approach to PIA . 37 Bibliography 38 PD CEN/TR 16673:2014CEN/TR 16673:2014 (E) 4 Foreword This document (CEN/TR 16673:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC Technologies”, the secretariat of which is held by NEN. Attention is drawn to t

19、he possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This Technical Report is one of a series of related deliverables, which comprise mandate 436 Phase 2. The oth

20、er deliverables are: EN 16570, Information technology Notification of RFID The information sign and additional information to be provided by operators of RFID application systems EN 16571, Information technology RFID privacy impact assessment process EN 16656, Information technology - Radio frequenc

21、y identification for item management - RFID Emblem (ISO/IEC 29160:2012, modified) CEN/TR 16684, Information technology Notification of RFID Additional information to be provided by operators CEN/TS 16685, Information technology Notification of RFID The information sign to be displayed in areas where

22、 RFID interrogators are deployed CEN/TR 16669, Information technology Device interface to support ISO/IEC 18000-3 Mode 1 CEN/TR 16670, Information technology RFID threat and vulnerability analysis CEN/TR 16671, Information technology Authorisation of mobile phones when used as RFID interrogators CEN

23、/TR 16672, Information technology Privacy capability features of current RFID technologies CEN/TR 16674, Information technology Analysis of privacy impact assessment methodologies relevant to RFID PD CEN/TR 16673:2014CEN/TR 16673:2014 (E) 5 Introduction In response to the growing deployment of RFID

24、systems in Europe, the European Commission published in 2007 the Communication COM(2007) 96 RFID in Europe: steps towards a policy framework. This Communication proposed steps which needed to be taken for a wider take up of RFID whilst respecting the basic legal framework safeguarding fundamental va

25、lues such as health, environment, data protection, privacy and security. In December 2008, the European Commission addressed Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate M/436 was accepted by the ESOs in the first months of 2009. The Mandate addr

26、esses the data protection, privacy and information aspects of RFID, and is being executed in two phases. Phase 1, completed in May 2011, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report TR 187 020, whi

27、ch was published in May 2011. Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This Technical Report is one of eleven deliverables for M/436 Phase 2. Its focus is on four major sectors that have a number of implementations of RFID that curr

28、ently impact European society. Using these as detailed case studies will assist in addressing the development of the standard on the Privacy Impact Assessment. For the purpose of this work, the definitions of “RFID Operator“ and “RFID Application“ will be those provided in the EC RFID Recommendation

29、 of 2009-05-12. PD CEN/TR 16673:2014CEN/TR 16673:2014 (E) 6 1 Scope The scope of this Technical Report is to use the RFID PIA Framework as the basis for exploring issues with four major sectors involved with RFID: libraries; retail; e-Ticketing, toll roads, fee collection, events management; banking

30、 and financial services. After specific sector research and consolidation of the results of industry workshops and seminars that take place in several EU Member States, this Technical Report will identify the characteristics that need to be taken into consideration by operators of RFID systems in th

31、e example sectors. In addition it will provide advice to operators in the sector on significant variants both in terms of technology and application data. This will enable the appropriate risk factors to be taken into account. Based on the synthesis of the applications in the chosen sectors, this Te

32、chnical Report will also identify a set of factors relevant to specific RFID technologies and features that will need to be taken into account in preparing a Privacy and Data Protection Impact Assessment for many RFID applications. 2 Terms and definitions For the purposes of this document, the follo

33、wing terms and definitions apply. NOTE Definitions are derived from EU Recommendation C(2009) 3200 final, EU Directive 95/46/EC, ISO/IEC 19762 (all parts) 2.1 data controller controller natural or legal person, public authority, agency or any other body which alone or jointly with others determines

34、the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law 2.2 data subjects consent any f

35、reely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed 2.3 identified or identifiable person person who can be identified, directly or indirectly, in particular by reference to an identification nu

36、mber or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity 2.4 individual natural person who interacts with or is otherwise involved with one or more components of an RFID application (e.g., back-end system, communications infrastructure, RF

37、ID tag), but who does not operate an RFID application or exercise one of its functions. In this respect, an individual is different from a user. An individual may not be directly involved with the functionality of the RFID application, but rather, for example, may merely possess an item that has an

38、RFID tag 2.5 PD CEN/TR 16673:2014CEN/TR 16673:2014 (E) 7 information security preservation of the confidentiality, integrity and availability of information 2.6 monitoring any activity carried out for the purpose of detecting, observing, copying or recording the location, movement, activities or sta

39、te of an individual 2.7 personal data any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his

40、 physical, physiological, mental, economic, cultural or social identity 2.8 processing of personal data any operation or set of operations which is performed upon personal data, whether or not by automatic data means, such as collection, recording, organization, storage, adaptation or alteration, re

41、trieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction 2.9 data processor processor natural or legal person, public authority, agency or any other body which processes personal data on behalf of

42、the controller 2.10 recipient natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients 2.11 radio frequency id

43、entification RFlD use of electromagnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or other data stored on it 2.

44、12 RFID application application that processes data through the use of tags and readers, and which is supported by a back-end system and a networked communication infrastructure 2.13 RFID application operator RFID operator natural or legal person, public authority, agency, or any other body, which,

45、alone or jointly with others, determines the purposes and means of operating an application, including controllers of personal data using an RFID application 2.14 RFID reader or writer Reader fixed or mobile data capture and identification device using a radio frequency electromagnetic wave or react

46、ive field coupling to stimulate and effect a modulated data response from a tag or group of tags PD CEN/TR 16673:2014CEN/TR 16673:2014 (E) 8 Note 1 to entry: The term interrogator is often used in the context of RFID item management applications, and the term Proximity coupling device and Vicinity c

47、oupling device in the context of card applications. They perform the same functions for any given air interface protocol. 2.15 RFID tag RF tag Tag RFID device having the ability to produce a radio signal or a RFID device which re-couples, back- scatters or reflects (depending on the type of device)

48、and modulates a carrier signal received from a reader or writer Note 1 to entry: The most accurate term is technically “transponder“. The most common and preferred term is tag or RFID tag in the context of RFID item management applications and Proximity integrated circuit card or Vicinity integrated

49、 circuit card in the context of card applications. 2.16 third party any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the data 2.17 threat physical, hardware, or software mechanism with the potential to adversely impact an asset through unauthorised access, destruction, disclosure, modification of data and / or denial o