1、BSI Standards PublicationBS EN 16570:2014Information technology Notification of RFID The information sign andadditional information to beprovided by operators of RFIDapplication systemsBS EN 16570:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN 16570:2014.T
2、he UK participation in its preparation was entrusted to TechnicalCommittee IST/34, Automatic identification and data capturetechniques.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovis
3、ions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 81785 4ICS 35.240.60Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published u
4、nder the authority of theStandards Policy and Strategy Committee on 31 July 2014.Amendments issued since publicationDate Text affectedBS EN 16570:2014EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 16570 July 2014 ICS 35.240.60 English Version Information technology - Notification of RFID - The
5、 information sign and additional information to be provided by operators of RFID application systems Technologies de linformation - Notification didentification par radiofrquence (RFID) - Signe informationnel et informations complmentaires devant tre dlivres par les exploitants de systmes dapplicati
6、on didentification RFIDInformationstechnik - Notifizierung von RFID - Das Informationszeichen und zustzliche Informationen, die von den Betreibern von RFID-Anwendungssystemen bereitgestellt werden mssen This European Standard was approved by CEN on 14 May 2014. CEN members are bound to comply with t
7、he CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Manageme
8、nt Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status
9、 as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
10、Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN Al
11、l rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 16570:2014 EBS EN 16570:2014EN 16570:2014 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 1.1 General 5 1.2 Objective .5 1.3 Applicability 5 2 Normative references 5 3 Terms and de
12、finitions .5 4 The Common European RFID Notification Signage System .7 4.1 Introduction 7 4.2 Definition of the Common European Notification Signage System .8 4.3 The common European RFID notification sign 8 4.4 The Common RFID emblem 8 4.5 Contact Point 9 4.5.1 General 9 4.5.2 Name of the operator
13、of the application 9 4.6 Purpose of the application(s) .9 5 Placement of RFID Signs notifying the presence of RFID interrogators 10 5.1 General . 10 5.2 Notification of multiple applications in an area . 10 6 Notification of the presence of tags on or in items . 10 6.1 Common RFID Emblem 10 6.2 Cont
14、act Point . 11 6.3 Scope and purpose. 11 7 Additional information: the Information Policy . 11 7.1 Summary PIA . 11 7.2 Information policy requirements with respect to RFID privacy . 11 7.3 RFID privacy information and notification within promotional material . 11 7.3.1 General . 11 7.3.2 RFID priva
15、cy information and notification within sales material and pre-contract information 12 7.3.3 RFID privacy relevant contractual clauses 12 7.3.4 Post sale user RFID privacy information including end of use of an item . 13 7.3.5 RFID privacy information and notification to be obtained from manufacturer
16、s and other RFID technology suppliers 14 8 Legibility/Accessibility . 14 Bibliography . 15 BS EN 16570:2014EN 16570:2014 (E) 3 Foreword This document (EN 16570:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC technologies”, the secretariat of which is held by NEN. This European Standa
17、rd shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by January 2015, and conflicting national standards shall be withdrawn at the latest by January 2015. Attention is drawn to the possibility that some of the elements of th
18、is document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. This European Standard is
19、one of a series of related deliverables, which together comprise M/436 Phase 2. The other deliverables are: EN 16571, Information technology RFID privacy impact assessment process; EN 16656, Information technology Radio frequency identification for item management RFID Emblem (ISO/IEC 29160:2012, mo
20、dified); CEN/TR 16669, Information technology Device interface to support ISO/IEC 18000-3, CEN/TR 16670, Information technology RFID threat and vulnerability analysis; CEN/TR 16671, Information technology Authorisation of mobile phones when used as RFID interrogators; CEN/TR 16672, Information techn
21、ology Privacy capability features of current RFID technologies; CEN/TR 166731), Information technology RFID privacy impact assessment analysis for specific sectors; CEN/TR 16674, Information technology Analysis of privacy impact assessment methodologies relevant to RFID; CEN/TR 166842), Information
22、technology Notification of RFID Additional information to be provided by operators; CEN/TS 16685, Information technology Notification of RFID The information sign to be displayed in areas where RFID interrogators are deployed. According to the CEN/CENELEC Internal Regulations, the national standards
23、 organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxemb
24、ourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. 1) CEN/TR 16673 contains practical examples of PIA systems. 2) CEN/TR 16684 contains practical examples of notification signage systems. BS EN 16570:2014EN 1657
25、0:2014 (E) 4 Introduction In response to the growing deployment of RFID systems in Europe, the European Commission published in 2007 the Communication COM(2007) 96 RFID in Europe: steps towards a policy framework. This Communication proposed actions to overcome barriers to wider take-up of RFID to b
26、enefit society and the economy whilst incorporating appropriate privacy, health and environmental safeguards. In December 2008, the European Commission addressed Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate addresses the data protection, privacy
27、and information policy aspects of RFID, and has been executed in two phases. Phase 1, completed in May 2011, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report TR 187 020, which was published in May 2011
28、. Phase 2 delivered the execution of the standardization work programme identified in the first phase. This European Norm is one of 11 deliverables of EC Mandate M/436 RFID Phase 2. It builds on the research undertaken in the related Technical Report CEN/TR 16684:2014, Information technology Notific
29、ation of RFID Additional information to be provided by operators. It is intended that the procedures defined in this EN shall be used by individual RFID operators - or by entire sectors - for notification of the presence of RFID applications. BS EN 16570:2014EN 16570:2014 (E) 5 1 Scope 1.1 General T
30、he scope of this EN is to define the requirements for a Common European Notification Signage system to be used by operators of RFID application systems deployed within the EU Member States. 1.2 Objective The objective of this EN is to provide enterprises, both large and small, with a common and acce
31、ssible framework for the design and display of RFID notification signs. In addition to the information placed on the sign, the framework includes the information policy - needed to answer enquiries received from individuals accessing the contact point noted on the sign itself. This minimizes the vol
32、ume of information written on the sign. This European Standard defines: a) the details of data and graphics that shall be included on the signage; b) the presentational requirements for the signage, taking account of the need; 1) to provide a practical solution given constraints on print technique a
33、nd print area; 2) for a consistent common and recognisable signage; c) means to support accessibility; d) the structure and content of an information policy to meet the informational needs of individuals with respect to RFID privacy. 1.3 Applicability This EN provides an application-agnostic framewo
34、rk which may be used by all enterprises operating RFID applications in the European Union. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies.
35、 For undated references, the latest edition of the referenced document (including any amendments) applies. EN 16571, Information technology RFID privacy impact assessment process EN 16656:2014, Information technology Radio frequency identification for item management RFID Emblem (ISO/IEC 29160:2012,
36、 modified) 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 common European RFID notification emblem graphic design which notifies the presence of radio frequency identification (RFID) systems BS EN 16570:2014EN 16570:2014 (E) 6 Note 1 to entr
37、y: This emblem is defined in EN 16656 as the filled general-purpose emblem (Figure B.3). Users of this European Norm should use EN 16656 rather than ISO/IEC 29160:2012. The EN version contains specific advice regarding the use of the RFID Emblem in an EU environment, especially in relation to minimu
38、m sizing of the emblem. Note 2 to entry: The term “emblem” is used to signify that the Common European Emblem is non-commercial and does not make any statement of interoperability. 3.2 common European RFID notification sign physical expression of the RFID notification signage system Note 1 to entry:
39、 It has three elements: 1) the common European RFID Notification Emblem, 2) the scope and purpose of the RFID application, 3) the contact point where further information about the application may be obtained. 3.3 controller or data controller natural or legal person, public authority or agency, or a
40、ny other body which alone or jointly with others determines the purpose and means of the processing of personal data Note 1 to entry: Where the purpose and means of the processing are determined by national or Community laws or regulations the controller or the specific criteria for his nomination m
41、ay be designated by national or Community Law. 3.4 common European notification emblem emblem which is used to signify that the Common European Emblem is non-commercial and does not make any statement of interoperability 3.5 logo symbol, graphic design or other small design that indicates branding,
42、trademark, or interoperability capability 3.6 operator RFID application operator natural or legal person, public authority, agency, or any other body, which, alone or jointly with others, determines the purposes and means of operating an application, including controllers of personal data using an R
43、FID application Note 1 to entry: At the application level, the identity of the operator is context related. 3.7 personal data information on a persons characteristics apart from identity data (name, birth date and place, address, governmental identification card number, etc.) Note 1 to entry: These
44、data include: religious or philosophical beliefs, race, political opinions, health, sexual orientation, membership of a trade union, personal data connected with a persons criminal behaviour, personal data connected with unlawful or objectionable conduct for which a ban has been imposed (a street ba
45、n, for example). 3.8 personal data processing operation or any set of operations upon personal data BS EN 16570:2014EN 16570:2014 (E) 7 Note 1 to entry: These encompass data such as: collecting, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by t
46、ransmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. 3.9 RFID (Radio Frequency Identification) electro-magnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag t
47、hrough a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or other data stored on it 3.10 RFID application or application application that processes data through the use of tags and interrogators, and which is supported by a back-end system and a netw
48、orked communication infrastructure 3.11 RFID interrogator fixed or mobile data capture and identification device using a radio frequency electromagnetic wave or reactive field coupling to stimulate and effect a modulated data response from a tag or group of tags 3.12 RFID tag or Tag (including conta
49、ctless cards) device having the ability to produce a radio signal or a RFID device that re-couples, back- scatters or reflects (depending on the type of device) and modulates a carrier signal received from an interrogator Note 1 to entry: For the purposes of this EN, an RF tag applies to any transponder that is capable of communicating using the radio frequency portion of the spectrum for communication purposes. As such it applies to any form factor including cards, phones, etc., that contain a transponder: