1、BSI Standards Publication PD CEN/TS 16685:2014 Information technology Notification of RFID The information sign to be displayed in areas where RFID interrogators are deployedPD CEN/TS 16685:2014 PUBLISHED DOCUMENT National foreword This Published Document is the UK implementation of CEN/TS 16685:201
2、4. The UK participation in its preparation was entrusted to Technical Committee IST/34, Automatic identification and data capture techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necess
3、ary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 84083 8 ICS 35.240.60 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Docum
4、ent was published under the authority of the Standards Policy and Strategy Committee on 30 June 2014. Amendments issued since publication Date Text affectedPD CEN/TS 16685:2014TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 16685 June 2014 ICS 35.240.60 English Version
5、 Information technology - Notification of RFID - The information sign to be displayed in areas where RFID interrogators are deployed Technologies de linformation - Notification didentification par radiofrquence (RFID): Signe informationnel et informations complmentaires exigibles lorsque des lecteur
6、s RFID sont dploys Informationstechnik - Notifizierung von RFID - Informationszeichen, das berall dort angebracht werden muss, wo RFID-Lesegerte im Einsatz sind This Technical Specification (CEN/TS) was approved by CEN on 8 March 2014 for provisional application. The period of validity of this CEN/T
7、S is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an
8、 EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the nation
9、al standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slova
10、kia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means
11、 reserved worldwide for CEN national Members. Ref. No. CEN/TS 16685:2014 EPD CEN/TS 16685:2014 CEN/TS 16685:2014 (E) 2 Contents Page Foreword 3 0 Introduction 4 0.1 General 4 0.2 Objectives .4 0.3 Applicability 4 1 Scope 5 2 Normative References .5 3 Terms and definitions .5 4 The Common European RF
12、ID Notification Signage System .7 4.1 Introduction 7 4.2 Definition of the Common European Notification Signage System .8 4.3 The Common RFID emblem 8 4.4 Purpose of the application(s) .8 4.5 Contact Point 9 4.5.1 General 9 4.5.2 Name of the operator of the application 9 5 Placement of RFID Signs no
13、tifying the presence of RFID readers .9 6 Placement of signs notifying the presence of RFID transponders 9 7 Scope and Purpose of Application statement on items carrying a transponder . 10 8 Guidelines on Additional information: the Information Policy 10 8.1 General . 10 8.2 Information policy requi
14、rements with respect to RFID privacy . 10 8.3 Guidelines on additional information for the information policy with respect to RFID privacy . 10 8.3.1 Application information . 10 8.3.2 RFID privacy information and notification within promotional material . 10 8.3.3 RFID privacy information and notif
15、ication within Sales material and pre-contract information 11 8.3.4 RFID privacy relevant contractual clauses 12 8.3.5 Post sale user RFID privacy information including end of use of an item . 12 8.3.6 RFID privacy information and notification to be obtained from manufacturers and other RFID technol
16、ogy suppliers. . 13 9 Legibility/Accessibility . 13 Bibliography . 14 PD CEN/TS 16685:2014 CEN/TS 16685:2014 (E) 3 Foreword This document (CEN/TS 16685:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC technologies”, the secretariat of which is held by NEN. Attention is drawn to the po
17、ssibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This Technical Specification is one of a series of related deliverables, which comprise mandate 436 Phase 2. The o
18、ther deliverables are: EN 16570, Information technology Notification of RFID The information sign and additional information to be provided by operators of RFID application systems EN 16571, Information technology RFID privacy impact assessment process EN 16656, Information technology - Radio freque
19、ncy identification for item management - RFID Emblem (ISO/IEC 29160:2012, modified) CEN/TR 16684, Information technology Notification of RFID Additional information to be provided by operators CEN/TR 16669, Information technology Device interface to support ISO/IEC 18000-3 Mode 1 CEN/TR 16670, Infor
20、mation technology RFID threat and vulnerability analysis CEN/TR 16671, Information technology Authorisation of mobile phones when used as RFID interrogators CEN/TR 16672, Information technology Privacy capability features of current RFID technologies CEN/TR 16673, Information technology RFID privacy
21、 impact assessment analysis for specific sectors CEN/TR 16674, Information technology Analysis of privacy impact assessment methodologies relevant to RFID According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Tec
22、hnical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovak
23、ia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 16685:2014 CEN/TS 16685:2014 (E) 4 0 Introduction 0.1 General In response to the growing deployment of RFID systems in Europe, the European Commission published in 2007 the Communication COM(2007) 96 RFID in Europe: s
24、teps towards a policy framework. This Communication proposed steps which needed to be taken to reduce barriers to adoption of RFID whilst respecting the basic legal framework safeguarding fundamental values such as health, environment, data protection, privacy and security. In December 2008, the Eur
25、opean Commission addressed Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate addresses the data protection, privacy and information policy aspects of RFID, and is being executed in two phases. Phase 1, completed in May 2011, identified the work needed
26、 to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report TR 187 020, which was published in May 2011. Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This European Technical
27、Specification is one of eleven deliverables for M/436 Phase 2. It builds on the research undertaken in the related Technical Report Notification of RFID: Additional information to be provided by operators. 0.2 Objectives The objective of this Technical Specification is to provide enterprises, both l
28、arge and small, with a common and accessible framework for the design and display of RFID notification signs. In addition to the information placed on the sign, the framework includes the off-sign application information resource the “information policy” - needed to answer enquiries received form in
29、dividuals accessing the contact point noted on the sign itself. This minimises the volume of information written on the sign. 0.3 Applicability This Technical Specification applies to all enterprises operating RFID applications in the European Union. PD CEN/TS 16685:2014 CEN/TS 16685:2014 (E) 5 1 Sc
30、ope This Technical Specification defines: the details of data and graphics that shall be included on the signage; the presentational requirements for the signage, taking account of the need: to provide a practical solution given constraints on print technique and print area; for a consistent common
31、and recognizable signage; means to support accessibility; the structure and content of an information policy to meet the informational needs of individuals with respect to RFID privacy. 2 Normative References The following documents, in whole or in part, are normatively referenced in this document a
32、nd are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 16656:2014, Information technology Radio frequency identification for item management RFID Embl
33、em (ISO/IEC 29160:2012, modified) EN 16571:2014, Information technology RFID privacy impact assessment process 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 common European RFID notification emblem easily recognised graphic device that indi
34、cates the presence of radio frequency identification systems Note 1 to entry: This emblem is defined in EN 16656:2014 as the filled general purpose emblem (see Figure B.3) Note 2 to entry: Users of this Technical Report should use EN 16656:2014 rather than the ISO/IEC version. The European version c
35、ontains specific advice regarding use of the RFID Emblem in an EU environment, especially in relation to sizing of the emblem. 3.2 controller natural or legal person, public authority of agency, or any other body which alone or jointly with others determines the purpose and means of the processing o
36、f personal data Note 1 to entry: The purpose and means of the processing are determined by national or Community laws or regulations the controller or the specific criteria for his nomination may be designated by national or Community Law. 3.3 data controller natural or legal person, public authorit
37、y, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data Note 1 to entry: The purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomin
38、ation may be designated by national or Community law. PD CEN/TS 16685:2014 CEN/TS 16685:2014 (E) 6 3.4 emblem Common European RFID Notification Emblem to signify that it is non-commercial and does not make any statement of interoperability 3.5 logo graphic devices that indicate proprietary systems a
39、nd interoperability Note 1 to entry: A contactless bank or transport card might carry the notification emblem, plus a logo indicating system interoperability, and a logo indicating the card issuer. 3.6 RFID application operator operator natural or legal person, public authority, agency, or any other
40、 body, which, alone or jointly with others, determines the purposes and means of operating an application, including controllers of personal data using an RFID application 3.7 personal data any information relating to an identified or identifiable natural person (data subject) Note 1 to entry: An id
41、entifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. 3.8 personal data processing any operation or any set of op
42、erations upon personal data, such as: collecting, recording, organisation, storage; adaptation or alteration, retrieval; consultation, use; disclosure by transmission, dissemination or otherwise making available; alignment or combination; blocking, erasure or destruction 3.9 RFID radio frequency ide
43、ntification means the use of electro-magnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or other data stored on
44、it 3.10 RFID application application application that processes data through the use of tags and readers, and which is supported by a back-end system and a networked communication infrastructure PD CEN/TS 16685:2014 CEN/TS 16685:2014 (E) 7 3.11 RFID reader RFID writer reader fixed or mobile data cap
45、ture and identification device using a radio frequency electromagnetic wave or reactive field coupling to stimulate and effect a modulated data response from a tag or group of tags 3.12 RFID tag RF tag tag transponder electronic label code plate RFID device having the ability to produce a radio sign
46、al or a RFID device that re-couples, back- scatters or reflects (depending on the type of device) and modulates a carrier signal received from a reader or writer Note 1 to entry: Although transponder is technically the most accurate term, the most common and preferred term is tag or RF tag. Note 2 t
47、o entry: For the purposes of Mandate M436, an RF tag applies to any transponder that is capable of communicating using the radio frequency portion of the spectrum for communication purposes. As such it applies to any form factor including cards or phones that contain a transponder. 3.13 special pers
48、onal data all personal data that provide information on a persons characteristics apart from identity data (name, birth date and place, address, governmental identification card number, etc.): religious or philosophical beliefs; race; political opinions; health; sexual orientation; membership of a t
49、rade union; personal data connected with a persons criminal behaviour; personal data connected with unlawful or objectionable conduct for which a ban has been imposed (a street ban, for example) 4 The Common European RFID Notification Signage System 4.1 Introduction The EC Recommendation of May 12 th2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification, calls for increased awareness by citizens an