1、BSI Standards PublicationPD CEN/TS 16685:2014Information technology Notification of RFID The information sign to bedisplayed in areas where RFIDinterrogators are deployedPD CEN/TS 16685:2014 PUBLISHED DOCUMENTNational forewordThis Published Document is the UK implementation of CEN/TS16685:2014.The U
2、K participation in its preparation was entrusted to TechnicalCommittee IST/34, Automatic identification and data capturetechniques.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions
3、 of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 84083 8ICS 35.240.60Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published und
4、er the authority of theStandards Policy and Strategy Committee on 30 June 2014.Amendments issued since publicationDate Text affectedPD CEN/TS 16685:2014TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 16685 June 2014 ICS 35.240.60 English Version Information technology
5、- Notification of RFID - The information sign to be displayed in areas where RFID interrogators are deployed Technologies de linformation - Notification didentification par radiofrquence (RFID): Signe informationnel et informations complmentaires exigibles lorsque des lecteurs RFID sont dploys Infor
6、mationstechnik - Notifizierung von RFID - Informationszeichen, das berall dort angebracht werden muss, wo RFID-Lesegerte im Einsatz sind This Technical Specification (CEN/TS) was approved by CEN on 8 March 2014 for provisional application. The period of validity of this CEN/TS is limited initially t
7、o three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/
8、TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of A
9、ustria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sw
10、eden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for
11、CEN national Members. Ref. No. CEN/TS 16685:2014 EPD CEN/TS 16685:2014CEN/TS 16685:2014 (E) 2 Contents Page Foreword 3 0 Introduction 4 0.1 General 4 0.2 Objectives .4 0.3 Applicability 4 1 Scope 5 2 Normative References .5 3 Terms and definitions .5 4 The Common European RFID Notification Signage S
12、ystem .7 4.1 Introduction 7 4.2 Definition of the Common European Notification Signage System .8 4.3 The Common RFID emblem 8 4.4 Purpose of the application(s) .8 4.5 Contact Point 9 4.5.1 General 9 4.5.2 Name of the operator of the application 9 5 Placement of RFID Signs notifying the presence of R
13、FID readers .9 6 Placement of signs notifying the presence of RFID transponders 9 7 Scope and Purpose of Application statement on items carrying a transponder . 10 8 Guidelines on Additional information: the Information Policy 10 8.1 General . 10 8.2 Information policy requirements with respect to R
14、FID privacy . 10 8.3 Guidelines on additional information for the information policy with respect to RFID privacy . 10 8.3.1 Application information . 10 8.3.2 RFID privacy information and notification within promotional material . 10 8.3.3 RFID privacy information and notification within Sales mate
15、rial and pre-contract information 11 8.3.4 RFID privacy relevant contractual clauses 12 8.3.5 Post sale user RFID privacy information including end of use of an item . 12 8.3.6 RFID privacy information and notification to be obtained from manufacturers and other RFID technology suppliers. . 13 9 Leg
16、ibility/Accessibility . 13 Bibliography . 14 PD CEN/TS 16685:2014CEN/TS 16685:2014 (E) 3 Foreword This document (CEN/TS 16685:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC technologies”, the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the
17、 elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This Technical Specification is one of a series of related deliverables, which comprise mandate 436 Phase 2. The other deliverables are: EN
18、16570, Information technology Notification of RFID The information sign and additional information to be provided by operators of RFID application systems EN 16571, Information technology RFID privacy impact assessment process EN 16656, Information technology - Radio frequency identification for ite
19、m management - RFID Emblem (ISO/IEC 29160:2012, modified) CEN/TR 16684, Information technology Notification of RFID Additional information to be provided by operators CEN/TR 16669, Information technology Device interface to support ISO/IEC 18000-3 Mode 1 CEN/TR 16670, Information technology RFID thr
20、eat and vulnerability analysis CEN/TR 16671, Information technology Authorisation of mobile phones when used as RFID interrogators CEN/TR 16672, Information technology Privacy capability features of current RFID technologies CEN/TR 16673, Information technology RFID privacy impact assessment analysi
21、s for specific sectors CEN/TR 16674, Information technology Analysis of privacy impact assessment methodologies relevant to RFID According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Aust
22、ria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Swede
23、n, Switzerland, Turkey and the United Kingdom. PD CEN/TS 16685:2014CEN/TS 16685:2014 (E) 4 0 Introduction 0.1 General In response to the growing deployment of RFID systems in Europe, the European Commission published in 2007 the Communication COM(2007) 96 RFID in Europe: steps towards a policy frame
24、work. This Communication proposed steps which needed to be taken to reduce barriers to adoption of RFID whilst respecting the basic legal framework safeguarding fundamental values such as health, environment, data protection, privacy and security. In December 2008, the European Commission addressed
25、Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate addresses the data protection, privacy and information policy aspects of RFID, and is being executed in two phases. Phase 1, completed in May 2011, identified the work needed to produce a complete fram
26、ework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report TR 187 020, which was published in May 2011. Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This European Technical Specification is one of ele
27、ven deliverables for M/436 Phase 2. It builds on the research undertaken in the related Technical Report Notification of RFID: Additional information to be provided by operators. 0.2 Objectives The objective of this Technical Specification is to provide enterprises, both large and small, with a comm
28、on and accessible framework for the design and display of RFID notification signs. In addition to the information placed on the sign, the framework includes the off-sign application information resource the “information policy” - needed to answer enquiries received form individuals accessing the con
29、tact point noted on the sign itself. This minimises the volume of information written on the sign. 0.3 Applicability This Technical Specification applies to all enterprises operating RFID applications in the European Union. PD CEN/TS 16685:2014CEN/TS 16685:2014 (E) 5 1 Scope This Technical Specifica
30、tion defines: the details of data and graphics that shall be included on the signage; the presentational requirements for the signage, taking account of the need: to provide a practical solution given constraints on print technique and print area; for a consistent common and recognizable signage; me
31、ans to support accessibility; the structure and content of an information policy to meet the informational needs of individuals with respect to RFID privacy. 2 Normative References The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its
32、 application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 16656:2014, Information technology Radio frequency identification for item management RFID Emblem (ISO/IEC 29160:2012, modi
33、fied) EN 16571:2014, Information technology RFID privacy impact assessment process 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 common European RFID notification emblem easily recognised graphic device that indicates the presence of radio
34、frequency identification systems Note 1 to entry: This emblem is defined in EN 16656:2014 as the filled general purpose emblem (see Figure B.3) Note 2 to entry: Users of this Technical Report should use EN 16656:2014 rather than the ISO/IEC version. The European version contains specific advice rega
35、rding use of the RFID Emblem in an EU environment, especially in relation to sizing of the emblem. 3.2 controller natural or legal person, public authority of agency, or any other body which alone or jointly with others determines the purpose and means of the processing of personal data Note 1 to en
36、try: The purpose and means of the processing are determined by national or Community laws or regulations the controller or the specific criteria for his nomination may be designated by national or Community Law. 3.3 data controller natural or legal person, public authority, agency or any other body
37、which alone or jointly with others determines the purposes and means of the processing of personal data Note 1 to entry: The purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by n
38、ational or Community law. PD CEN/TS 16685:2014CEN/TS 16685:2014 (E) 6 3.4 emblem Common European RFID Notification Emblem to signify that it is non-commercial and does not make any statement of interoperability 3.5 logo graphic devices that indicate proprietary systems and interoperability Note 1 to
39、 entry: A contactless bank or transport card might carry the notification emblem, plus a logo indicating system interoperability, and a logo indicating the card issuer. 3.6 RFID application operator operator natural or legal person, public authority, agency, or any other body, which, alone or jointl
40、y with others, determines the purposes and means of operating an application, including controllers of personal data using an RFID application 3.7 personal data any information relating to an identified or identifiable natural person (data subject) Note 1 to entry: An identifiable person is one who
41、can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. 3.8 personal data processing any operation or any set of operations upon personal data,
42、such as: collecting, recording, organisation, storage; adaptation or alteration, retrieval; consultation, use; disclosure by transmission, dissemination or otherwise making available; alignment or combination; blocking, erasure or destruction 3.9 RFID radio frequency identification means the use of
43、electro-magnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or other data stored on it 3.10 RFID application appl
44、ication application that processes data through the use of tags and readers, and which is supported by a back-end system and a networked communication infrastructure PD CEN/TS 16685:2014CEN/TS 16685:2014 (E) 7 3.11 RFID reader RFID writer reader fixed or mobile data capture and identification device
45、 using a radio frequency electromagnetic wave or reactive field coupling to stimulate and effect a modulated data response from a tag or group of tags 3.12 RFID tag RF tag tag transponder electronic label code plate RFID device having the ability to produce a radio signal or a RFID device that re-co
46、uples, back- scatters or reflects (depending on the type of device) and modulates a carrier signal received from a reader or writer Note 1 to entry: Although transponder is technically the most accurate term, the most common and preferred term is tag or RF tag. Note 2 to entry: For the purposes of M
47、andate M436, an RF tag applies to any transponder that is capable of communicating using the radio frequency portion of the spectrum for communication purposes. As such it applies to any form factor including cards or phones that contain a transponder. 3.13 special personal data all personal data th
48、at provide information on a persons characteristics apart from identity data (name, birth date and place, address, governmental identification card number, etc.): religious or philosophical beliefs; race; political opinions; health; sexual orientation; membership of a trade union; personal data conn
49、ected with a persons criminal behaviour; personal data connected with unlawful or objectionable conduct for which a ban has been imposed (a street ban, for example) 4 The Common European RFID Notification Signage System 4.1 Introduction The EC Recommendation of May 12th2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification, calls for increased awareness by citizens and enterprises about the features a