1、BSI Standards Publication PD CEN/TR 16673:2014 Information technology RFID privacy impact assessment analysis for specific sectorsPD CEN/TR 16673:2014 PUBLISHED DOCUMENT National foreword This Published Document is the UK implementation of CEN/TR 16673:2014. The UK participation in its preparation w
2、as entrusted to Technical Committee IST/34, Automatic identification and data capture techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are resp
3、onsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 83898 9 ICS 35.240.60 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the
4、 Standards Policy and Strategy Committee on 30 June 2014. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dPD CEN/TR 16673:2014TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 16673 June 2014 ICS 35.240.60 English Version Information technology - RFID privacy i
5、mpact assessment analysis for specific sectors Technologies de linformation - valuation dimpact sur la vie prive des applications RFID dans des secteurs spcifiques Informationstechnik - Verfahren zur Datenschutzfolgenabschtzung (PIA) von RFID fr spezifische Sektoren This Technical Report was approve
6、d by CEN on 20 January 2014. It has been drawn up by the Technical Committee CEN/TC 225. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, I
7、celand, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Ma
8、nagement Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 16673:2014 EPD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 2 Contents Page Foreword 4 Introduction .5 1 Scope 6 2 Terms and def
9、initions .6 3 Symbols and abbreviations 8 4 Brief description of an RFID system 9 4.1 Infrastructure of an RFID system .9 4.2 Components of an RFID system 9 4.2.1 Transponder/Tag9 4.2.2 RFID reader or writer 10 4.2.3 Backend system 10 4.3 Characteristics of RFID technology compared to other data cap
10、ture techniques 10 5 Privacy concept in RFID-based applications . 11 5.1 Interaction between data protection, data security and privacy . 11 5.2 Data protection 12 5.3 Data security . 13 5.4 Privacy . 13 5.5 General privacy risks . 13 5.6 Challenges for a privacy concept in context with RFID 14 5.7
11、Need for transparency 15 6 Library sector overview . 15 6.1 Aspects of the library sector . 15 6.2 RFID technology overview . 16 6.3 Applications and parties involved 17 6.4 Privacy considerations 18 6.4.1 Privacy of possession 18 6.4.2 Privacy of personal data in the central system . 18 6.4.3 The i
12、mpact of NFC-enabled phones . 19 6.5 Prospects for PIA templates 19 7 Retail sector overview 20 7.1 Aspects of the retail sector 20 7.2 RFID Technology Overview . 21 7.3 Applications and parties involved 21 7.3.1 General . 21 7.3.2 Use of RFID in retail logistics 21 7.3.3 The role of the solution pr
13、ovider . 22 7.3.4 Impact of RFID technology for the consumer 22 7.4 Privacy considerations 23 7.5 Technological prospects for privacy enhancements 25 8 Transport sector overview . 25 8.1 Aspects of the transport sector 25 8.2 RFID Technology Overview . 25 8.3 Applications and parties involved 26 8.3
14、.1 General . 26 8.3.2 Types of tickets, features and characteristics . 26 PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 3 8.3.3 Characteristics of automatic fare calculation. 27 8.3.4 Sales channels and their impact on the products . 27 8.4 Privacy considerations . 29 8.5 Other applications not covered
15、 in detail . 29 8.5.1 General . 29 8.5.2 Toll roads and fee collection using RFID 29 8.5.3 Event management using RFID . 30 9 Banking and financial services sector overview . 30 9.1 Aspects of the finance sector 30 9.2 RFID Technology Overview 31 9.2.1 General . 31 9.2.2 Contactless payment cards 32
16、 9.2.3 NFC based payment by mobile phones 32 9.2.4 Micro-tags or stick-on-tags 32 9.3 Applications and parties involved . 32 9.4 Privacy considerations . 32 9.4.1 General . 32 9.4.2 Security of contactless payment cards . 33 9.4.3 Organisations 33 9.4.4 Impact of privacy in the banking and finance s
17、ector 34 9.4.5 Vulnerabilities 34 9.4.6 Transparency, consumer information, commercial confidentiality and security . 35 9.4.7 Implications for the PIA 35 10 Conclusion and recommendations . 36 10.1 Diversity of RFID based applications 36 10.2 Benefits of and recommendation for sector or application
18、 specific templates 36 10.3 Recommendation for a general approach to PIA . 37 Bibliography 38 PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 4 Foreword This document (CEN/TR 16673:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC Technologies”, the secretariat of which is held by NEN. Atte
19、ntion is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This Technical Report is one of a series of related deliverables, which comprise mandate 4
20、36 Phase 2. The other deliverables are: EN 16570, Information technology Notification of RFID The information sign and additional information to be provided by operators of RFID application systems EN 16571, Information technology RFID privacy impact assessment process EN 16656, Information technolo
21、gy - Radio frequency identification for item management - RFID Emblem (ISO/IEC 29160:2012, modified) CEN/TR 16684, Information technology Notification of RFID Additional information to be provided by operators CEN/TS 16685, Information technology Notification of RFID The information sign to be displ
22、ayed in areas where RFID interrogators are deployed CEN/TR 16669, Information technology Device interface to support ISO/IEC 18000-3 Mode 1 CEN/TR 16670, Information technology RFID threat and vulnerability analysis CEN/TR 16671, Information technology Authorisation of mobile phones when used as RFI
23、D interrogators CEN/TR 16672, Information technology Privacy capability features of current RFID technologies CEN/TR 16674, Information technology Analysis of privacy impact assessment methodologies relevant to RFID PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 5 Introduction In response to the growing
24、 deployment of RFID systems in Europe, the European Commission published in 2007 the Communication COM(2007) 96 RFID in Europe: steps towards a policy framework. This Communication proposed steps which needed to be taken for a wider take up of RFID whilst respecting the basic legal framework safegua
25、rding fundamental values such as health, environment, data protection, privacy and security. In December 2008, the European Commission addressed Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate M/436 was accepted by the ESOs in the first months of 20
26、09. The Mandate addresses the data protection, privacy and information aspects of RFID, and is being executed in two phases. Phase 1, completed in May 2011, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Re
27、port TR 187 020, which was published in May 2011. Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This Technical Report is one of eleven deliverables for M/436 Phase 2. Its focus is on four major sectors that have a number of implementatio
28、ns of RFID that currently impact European society. Using these as detailed case studies will assist in addressing the development of the standard on the Privacy Impact Assessment. For the purpose of this work, the definitions of “RFID Operator“ and “RFID Application“ will be those provided in the EC
29、 RFID Recommendation of 2009-05-12. PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 6 1 Scope The scope of this Technical Report is to use the RFID PIA Framework as the basis for exploring issues with four major sectors involved with RFID: libraries; retail; e-Ticketing, toll roads, fee collection, event
30、s management; banking and financial services. After specific sector research and consolidation of the results of industry workshops and seminars that take place in several EU Member States, this Technical Report will identify the characteristics that need to be taken into consideration by operators
31、of RFID systems in the example sectors. In addition it will provide advice to operators in the sector on significant variants both in terms of technology and application data. This will enable the appropriate risk factors to be taken into account. Based on the synthesis of the applications in the ch
32、osen sectors, this Technical Report will also identify a set of factors relevant to specific RFID technologies and features that will need to be taken into account in preparing a Privacy and Data Protection Impact Assessment for many RFID applications. 2 Terms and definitions For the purposes of thi
33、s document, the following terms and definitions apply. NOTE Definitions are derived from EU Recommendation C(2009) 3200 final, EU Directive 95/46/EC, ISO/IEC 19762 (all parts) 2.1 data controller controller natural or legal person, public authority, agency or any other body which alone or jointly wi
34、th others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law 2.2 data s
35、ubjects consent any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed 2.3 identified or identifiable person person who can be identified, directly or indirectly, in particular by reference to
36、 an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity 2.4 individual natural person who interacts with or is otherwise involved with one or more components of an RFID application (e.g., back-end system, communicatio
37、ns infrastructure, RFID tag), but who does not operate an RFID application or exercise one of its functions. In this respect, an individual is different from a user. An individual may not be directly involved with the functionality of the RFID application, but rather, for example, may merely possess
38、 an item that has an RFID tag 2.5 PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 7 information security preservation of the confidentiality, integrity and availability of information 2.6 monitoring any activity carried out for the purpose of detecting, observing, copying or recording the location, movem
39、ent, activities or state of an individual 2.7 personal data any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more f
40、actors specific to his physical, physiological, mental, economic, cultural or social identity 2.8 processing of personal data any operation or set of operations which is performed upon personal data, whether or not by automatic data means, such as collection, recording, organization, storage, adapta
41、tion or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction 2.9 data processor processor natural or legal person, public authority, agency or any other body which processes perso
42、nal data on behalf of the controller 2.10 recipient natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients 2
43、.11 radio frequency identification RFlD use of electromagnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or othe
44、r data stored on it 2.12 RFID application application that processes data through the use of tags and readers, and which is supported by a back-end system and a networked communication infrastructure 2.13 RFID application operator RFID operator natural or legal person, public authority, agency, or a
45、ny other body, which, alone or jointly with others, determines the purposes and means of operating an application, including controllers of personal data using an RFID application 2.14 RFID reader or writer Reader fixed or mobile data capture and identification device using a radio frequency electro
46、magnetic wave or reactive field coupling to stimulate and effect a modulated data response from a tag or group of tags PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 8 Note 1 to entry: The term interrogator is often used in the context of RFID item management applications, and the term Proximity couplin
47、g device and Vicinity coupling device in the context of card applications. They perform the same functions for any given air interface protocol. 2.15 RFID tag RF tag Tag RFID device having the ability to produce a radio signal or a RFID device which re-couples, back- scatters or reflects (depending
48、on the type of device) and modulates a carrier signal received from a reader or writer Note 1 to entry: The most accurate term is technically “transponder“. The most common and preferred term is tag or RFID tag in the context of RFID item management applications and Proximity integrated circuit card
49、 or Vicinity integrated circuit card in the context of card applications. 2.16 third party any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the data 2.17 threat physical, hardware, or software mechanism with the potential to adversely impact an asset through unauthorised access, destruction, disclosure, modification o