1、 Reference number ISO/TR 12859:2009(E) ISO 2009TECHNICAL REPORT ISO/TR 12859 First edition 2009-06-01 Intelligent transport systems System architecture Privacy aspects in ITS standards and systems Systmes intelligents de transport Architecture de systme Aspects privs dans les normes et les systmes S
2、IT ISO/TR 12859:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
3、 downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found i
4、n the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the add
5、ress given below. COPYRIGHT PROTECTED DOCUMENT ISO 2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either IS
6、O at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2009 All rights reservedISO/TR 12859:2009(E) ISO 200
7、9 All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Terms, definitions and abbreviated terms1 2.1 Terms and definitions .1 2.2 Abbreviated terms .2 3 Background2 3.1 Origin and basis of this Technical Report 2 3.2 Privacy requires security3 3.3 The investigative process.3 4
8、Recommendations 5 4.1 Basis of recommendations.5 4.2 Avoidance of harm 5 4.3 Fairly and lawfully .5 4.4 Specified, explicit and legitimate purposes5 4.5 Explicit and legitimate and must be determined at the time of collection of the data.5 4.6 Not further processed in a way incompatible with the pur
9、poses for which they are originally collected 5 4.7 Not to be disclosed without the consent of the data subject .6 4.8 Adequate, relevant and not excessive in relation to the purposes for which they are collected .6 4.9 Accurate and, where necessary, kept up to date.6 4.10 Identification of data sub
10、jects for no longer than is necessary for the purposes for which the data were collected.6 4.11 Restriction to those who have a demonstrable “need to know”6 4.12 Clear and accessible.7 4.13 Security safeguards 7 4.14 Cumulative interpretation of multiple recommendations .7 Annex A (informative) Data
11、 privacy Framework, Directives and Guidelines8 Annex B (informative) Example of national implementation of guidelines.9 Annex C (informative) Examples of the principle of “cumulative interpretation”11 Annex D (informative) Security-related International Standards .14 Bibliography17 ISO/TR 12859:2009
12、(E) iv ISO 2009 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body in
13、terested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechni
14、cal Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the
15、 technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committee has collected data of a different kind from that which is no
16、rmally published as an International Standard (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are co
17、nsidered to be no longer valid or useful. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TR 12859 was prepared by Technical Committee ISO/TC 204
18、, Intelligent transport systems. ISO/TR 12859:2009(E) ISO 2009 All rights reserved vIntroduction Intelligent transport systems (ITS) are intrinsically linked to the movement and exchange of data. Some of these data are purely situational or anonymous, however several, either by themselves or as part
19、 of multiple data concepts, which independently can be purely situational or anonymous, taken together can provide personal information. In the modern world, it is often neither possible nor desirable for information to always be anonymous, therefore, the privacy of data is protected around the worl
20、d by data privacy and data protection regulations. While the evolution and development of ITS technology provides many opportunities for the provision of increasingly sophisticated ITS services mostly designed for the benefit of users, when designing ITS systems and standards it is imperative that,
21、as part of the fundamental design, the legal and moral requirements for the privacy and protection of data be taken into account at an early stage of system design. This is not only desirable from a moral point of view, but is required in order for a system or standard to be legally compliant. This
22、means taking into consideration not only the potential use, but also protection against misuse of data in a system. Specific data privacy protection legislation is generally achieved through national legislation and this varies from country to country. The general principles are geographically commo
23、n, however, and due to provisions made by trading blocks such as the European Union and APEC, there are many universal aspects to data privacy and data protection. Users tend to interpret these guidelines in the context of their national laws. For users in EU member states, Directive 95/46/EC of the
24、 European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and its successive instruments are mandatory within these states. International courts are likely to give precedence to a c
25、ombination of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD Guidelines) and either Directive 95/46/EC or the APEC Privacy Framework, as appropriate. Using the guidelines espoused by Directive 95/46/EC, the APEC Privacy Framework and the OECD Guidelines
26、, this Technical Report provides guidance to developers of ITS standards and systems on general data privacy and protection aspects for the fundamental architecture and design of all ITS standards, systems and implementations. TECHNICAL REPORT ISO/TR 12859:2009(E) ISO 2009 All rights reserved 1Intel
27、ligent transport systems System architecture Privacy aspects in ITS standards and systems 1 Scope This Technical Report gives general guidelines to developers of intelligent transport systems (ITS) standards and systems on data privacy aspects and associated legislative requirements for the developm
28、ent and revision of ITS standards and systems. For guidance on specific data protection and data privacy requirements on the subject of ITS probe data, see ISO 24100 1) . 2 Terms, definitions and abbreviated terms For the purposes of this document, the following terms, definitions and abbreviated te
29、rms apply. 2.1 Terms and definitions 2.1.1 accountability responsibility for complying with measures, making compliance evident, and the associated required disclosures 2.1.2 collection limitation limit to the collection of personal data 2.1.3 data protection use of means such as legal safeguards to
30、 prevent the misuse of information stored on computers, particularly information about individual people 2.1.4 data quality standard of acceptability of accuracy of personal data 2.1.5 individual participation right of an individual to have access to personal data held about the individual and the a
31、bility to challenge and correct such data 2.1.6 openness policy of openness about developments, practices and policies with respect to personal data 1) To be published. ISO/TR 12859:2009(E) 2 ISO 2009 All rights reserved2.1.7 personal data data about a living individual, identified or identifiable,
32、as determined by the privacy laws and conventions of a political jurisdiction 2.1.8 personal information controller entity or organization that controls the collection, holding, processing or use of personal information 2.1.9 privacy quality of being secluded from the presence or view of others 2.1.
33、10 purpose specification purpose for which personal data are collected 2.1.11 security safeguard safeguard against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data 2.1.12 use limitation limit to the purposes for which personal data can be used 2.2 Abbre
34、viated terms APEC Asia-Pacific Economic Cooperation NOTE This is the group of Pacific Rim countries that meet with the purpose of improving economic and political ties. OECD Organisation for Economic Co-operation and Development NOTE This organization promotes stable economic growth in its member st
35、ates and provides advice to other countries. EU European Union NOTE This is the union with economic, monetary and political ties and intergovernmental coordination of foreign and security policies among 27 European member states. 3 Background 3.1 Origin and basis of this Technical Report This Techni
36、cal Report originated from discussions in ISO/TC 204 and CEN TC 278, subsequent to legal studies undertaken in Austria concerning the use of personal data in ITS. The pressure for business case justification initially sustains such developments without a clear legal position and it is necessary to c
37、onsider the technical and engineering possibilities, as well as ensure that they evolve within a framework of generally (internationally) accepted data protection principles and of course within national data protection legislation. This Technical Report attempts to create the necessary nexus for in
38、telligent infrastructure systems and provide for their implementation to the greatest extent possible. It attempts to serve as a scientifically based study and a practical handbook. It includes the consideration of a representative selection of technical “scenarios”, as well as a comprehensive and d
39、etailed account of the most important applicable legal areas. ISO/TR 12859:2009(E) ISO 2009 All rights reserved 3There are now data privacy and data protection laws in most countries, therefore it is not possible to take every provision in each country into account. Rather, the recommendations of th
40、is Technical Report provide general guidelines which the user should use for general guidance within the context of the national legislation of an implementation (which takes precedence). Developers of standards should test the basic architecture and concept design of their standards against the rec
41、ommendations in this Technical Report. For an example of national implementation of guidelines, see Annex B. The recommendations in Clause 4 take the form of a checklist of features to be consulted when developing a standard or an implementation. This Technical Report does not attempt to interpret t
42、he reference documents in Annex A. Where further information is required, see Annex A for the references to the sources. The recommendations given in this Technical Report are based on the APEC Privacy Framework, Directive 95/46/EC, Directive 2002/58/EC and the OECD Guidelines, instruments which cov
43、er most of the world. NOTE While the OECD Guidelines and the APEC Privacy Framework are policy instruments which are advisory in nature, Directive 95/46/EC is mandatory for EU countries. Most countries have pledged to use these instruments, along with specific national legislation, to implement basi
44、c principles of data privacy and protection of data held on individual persons. Although they vary in detail, the general principles are common and originate with the OECD Guidelines. Directive 95/46/EC is more specific, has more protection requirements and is mandatory for EU member states. 3.2 Pri
45、vacy requires security Privacy is required in ITS services and this involves following recognized and secure operations. Although this Technical Report does not specify such means, the following aspects should be considered (see references in Annex A). Special attention should be given to the proces
46、sing, transmission and storage of information, with authorized access for approved users and potential information flows with external entities which might get involved. Moreover, in the ITS context, cooperation among the various organizations acquiring the information is often expected, in order to
47、 promote the exchange of data with the aim of improving functionalities in several ITS service domains. In this case, the comprehension of other particular requirements and interfaces which are often under undefined responsibilities also needs to be assessed in terms of security risks and possible t
48、hreats to privacy. Where appropriate, it is recommended that the guidelines defined for the management of information security in accordance with the ISO/IEC 27000 series of International Standards, with special reference to ISO/IEC 27002, be followed. The recommendations for the management of commu
49、nications and operations or the measures taken in relation to the access control and privileges for authorized users should also be followed. There are a number of security-related International Standards (including the ISO/IEC 27000 series) which can assist in the achievement of privacy (see Annex D). 3.3 The investigative process Some examples are provided in this subclause to highlight data protection and data privacy aspects where existing law should be taken into consideration in the design of systems and standards. This Technical Repor
