1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS ISO 24100:2010Intelligent transport systems Basic principles for personaldata protection in probevehicle information servicesBS ISO 24100:2010 BRITISH STANDARDNational forewor
2、dThis British Standard is the UK implementation of ISO 24100:2010.The UK participation in its preparation was entrusted to TechnicalCommittee EPL/278, Road transport informatics.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not
3、 purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. BSI 2010ISBN 978 0 580 55209 0ICS 03.220.01; 35.240.60Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published under the authori
4、ty of theStandards Policy and Strategy Committee on 31 July 2010Amendments issued since publicationDate Text affectedBS ISO 24100:2010Reference numberISO 24100:2010(E)ISO 2010INTERNATIONAL STANDARD ISO24100First edition2010-05-01Intelligent transport systems Basic principles for personal data protec
5、tion in probe vehicle information services Systmes intelligents de transport Les principes de base pour la protection des donnes personnelles de sonde BS ISO 24100:2010ISO 24100:2010(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file
6、 may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat a
7、ccepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that
8、 the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2010 All rights reserved. Unless otherwise specified, no part of this publication may b
9、e reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. +
10、41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2010 All rights reservedBS ISO 24100:2010ISO 24100:2010(E) ISO 2010 All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Normative references1 3 Terms and definitions .
11、1 4 Privacy context for probe vehicle systems 4 5 Reference architecture5 6 Personal data included in probe vehicle systems .6 6.1 Personal data .6 6.2 Encryption data that can become personal data .7 6.3 Authentication data that can become personal data.8 7 The basic principles 8 7.1 General .8 7.2
12、 Collection limitation principle 8 7.3 Data quality principle 9 7.4 Purpose specification principle .9 7.5 Use-limitation principle.10 7.6 Security safeguards principle 10 7.7 Openness principle .10 7.8 Individual participation principle .10 7.9 Accountability principle10 Annex A (informative) Threa
13、ts to personal data in probe vehicle systems11 Bibliography23 BS ISO 24100:2010ISO 24100:2010(E) iv ISO 2010 All rights reservedForeword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing Internat
14、ional Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with I
15、SO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical c
16、ommittees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to th
17、e possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 24100 was prepared by Technical Committee ISO/TC 204, Intelligent transport systems. BS ISO 24100:2010ISO 24100:2010(E) I
18、SO 2010 All rights reserved vIntroduction Probe vehicle systems are being investigated and deployed throughout the world. It is expected that the number of practical systems will grow steadily over the next few years. In general, probe data collection systems will incorporate extensive technical mea
19、sures to minimize the use of personal data and protect any personal data that are used. Nevertheless, because technical measures cannot address every situation, we must address the possibility that situations may arise in which personal data become vulnerable to misuse. Since data collected by such
20、systems can reveal sensitive personal information, it is critical to address consumer requirements for personal data protection through a formal policy for handling these data. This protection is particularly important because it is difficult to completely eliminate any possibility of probe data bei
21、ng linked to a particular person or vehicle. For example, consider a probe vehicle information service that does not include any personal data within the probe data, but uses personal data to authenticate the data source and ensure data integrity when collecting probe data. In this case, even if per
22、sonal data are not contained in the collected probe data, probe data senders may still be identified. It is important to have both a system to protect personal data and a set of basic principles that are observed by the probe vehicle information service providers to reassure probe data senders about
23、 their personal data and facilitate the creation of information services using useful probe data. The definition of personal data refers to the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. The framework for describing the basic principles is adopted from the e
24、ight principles of the said recommendation. The basic principles in this International Standard are examined and developed on the basis of the results of the threat analysis. This International Standard is promulgated in order to promote the smooth deployment and expansion of probe vehicle informati
25、on services, in particular the following. a) If the providers of probe vehicle information services are not consistent in their handling of the privacy aspect of personal data, it could give rise to confusion in the marketplace and generate public mistrust of the services themselves. The development
26、 of this International Standard will facilitate the development of standard procedures common to all probe vehicle information service providers. b) Increasing the transparency of probe vehicle information services will enable drivers to know better in advance how probe data are to be collected and
27、used, which will help dispel their anxieties about the possible misuse of their personal data. c) Having an International Standard will allow more efficient research and development work on probe vehicle information systems and enhance the universality, commonality and interoperability of these serv
28、ices, thereby facilitating their smooth expansion. BS ISO 24100:2010BS ISO 24100:2010INTERNATIONAL STANDARD ISO 24100:2010(E) ISO 2010 All rights reserved 1Intelligent transport systems Basic principles for personal data protection in probe vehicle information services 1 Scope This International Sta
29、ndard states the basic rules to be observed by service providers who handle personal data in probe vehicle information services. This International Standard is aimed at protecting the personal data as well as the intrinsic rights and interests of probe data senders, i.e., owners and drivers of vehic
30、les fitted with in-vehicle probe systems. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amend
31、ments) applies. ISO 21217, Intelligent transport systems Communications access for land mobiles (CALM) Architecture ISO 22837, Vehicle probe data for wide area communications 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 authentication ensu
32、ring that the identity of a subject or resource is the one claimed 3.2 authentication data data used for the purpose of authentication 3.3 collect obtain probe packages/data from vehicles 3.4 contextual data not directly identifiable data to provide information about an individual in combination wit
33、h other information NOTE Contextual data require the same level of protection as do personal data. 3.5 cryptography discipline which embodies principles, means and methods for the transformation of data in order to hide its information content, prevent its unauthorized use, establish its authenticit
34、y, prevent its undetected modification, and/or prevent its repudiation BS ISO 24100:2010ISO 24100:2010(E) 2 ISO 2010 All rights reserved3.6 data source probe data sender from a vehicle to a probe data collector in a probe vehicle system 3.7 data subject individual from whom personal data are collect
35、ed, disclosed or used by a probe data collector 3.8 decryption inverse function of encryption 3.9 encryption function of transforming data by the discipline of cryptography so as to make the data undecipherable to anyone other than the legitimate sender and receiver 3.10 encryption data data used fo
36、r the purpose of encryption 3.11 integrity safeguarding the accuracy and completeness of information and processing methods 3.12 personal data data which pertain to an individual and can identify a particular individual, and are handled by probe vehicle systems defined in ISO 22837 when collecting p
37、robe data via a communication network NOTE It also includes data that can be referred to other databases and thereby used to identify a particular individual. 3.13 probe collection land-side activity that receives probe messages sent by vehicles and extracts probe data from these messages 3.14 probe
38、 data vehicle sensor information formatted as probe data elements and/or probe messages that are processed, formatted and transmitted to a land-based centre for processing to create a good understanding of the driving environment 3.15 probe data collector party that is responsible for receiving prob
39、e messages sent by a probe data sender NOTE A probe data collector is responsible for probe data at any stage. 3.16 probe data sender entity that is responsible for sending probe messages to a probe data collector 3.17 probe header set of data required in order to effect a transmission NOTE It is (t
40、he information) processed at the communication layer, such as a unique communication ID, and includes information on the transmitting/original entity. Personal data may be included depending on the communication medium used. BS ISO 24100:2010ISO 24100:2010(E) ISO 2010 All rights reserved 33.18 probe
41、 message structured collation of data elements suitable to be delivered to the onboard communication device for transmission to a land-based centre NOTE A probe message should not contain any information that identifies the particular vehicle from which it originated or any of the vehicles occupants
42、, directly or indirectly. In delivering a probe message to be transmitted by the onboard communication device, the onboard data collection system will request that the message be packaged and transmitted without any vehicle- or occupant-identifying information. 3.19 probe package set of data blocks
43、transmitted from vehicles to probe data collectors NOTE A probe package includes/constitutes a probe payload and a probe header. Figure 1 shows the overall structure of the probe package. AuthenticationdataProbemessageProbe HeaderProbe payloadAuthenticationdataProbemessagerobe he erProbe packageFigu
44、re 1 Model of data transmitted from vehicles 3.20 probe payload set of data transmitted at the application layer from vehicles to probe data collectors NOTE A probe payload includes/constitutes probe messages and authentication data. A probe message does not include any personal data, however, perso
45、nal data may be included in a probe payload. 3.21 probe processing land-side activity that receives collected probe data from probe collection and processes them NOTE Probe processing does not receive any information from probe collection that identifies the vehicle or driver. 3.22 probe vehicle sys
46、tem system consisting of vehicles that collect and transmit probe data and land-based centres that collate and process data from many vehicles to build an accurate understanding of the overall roadway and driving environment NOTE This International Standard does not refer to the function of “turn of
47、f” (sending the probe data by an individual) since some probe vehicle systems have a switch to stop sending probe data and others do not. 3.23 provide transmit, disseminate or transfer outside a country for disclosure of data 3.24 use extracting probe data from probe packages, recording and carrying
48、 out other operations on probe data including organization, retrieval, consultation and disclosure by providing BS ISO 24100:2010ISO 24100:2010(E) 4 ISO 2010 All rights reserved4 Privacy context for probe vehicle systems This International Standard sets out the following items related to probe vehic
49、le systems that collect probe data from private vehicles and process the data statistically to generate useful information that is provided to various end users. A reference architecture for probe vehicle systems. This International Standard shows probe vehicle systems in which personal data are handled at the time of probe data collection. It should be defined in compliance with the reference architecture in ISO 22837. The definition of personal data included in probe vehicle systems. This International Standard is defined in refe
