1、BSI Standards PublicationPD CEN/TR 16742:2014Intelligent transport systems Privacy aspects in ITS standardsand systems in EuropePD CEN/TR 16742:2014 PUBLISHED DOCUMENTNational forewordThis Published Document is the UK implementation of CEN/TR16742:2014. It supersedes PD ISO/TR 12859:2009 which is wi
2、thdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee EPL/278, Intelligent transport systems.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a co
3、ntract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 79082 9ICS 35.240.60Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published under the a
4、uthority of theStandards Policy and Strategy Committee on 31 October 2014.Amendments issued since publicationDate Text affectedPD CEN/TR 16742:2014TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 16742 October 2014 ICS 35.240.60 English Version Intelligent transport systems - Privacy as
5、pects in ITS standards and systems in Europe Systmes de transport intelligents - Aspects de la vie prive dans les normes et les systmes en Europe Intelligente Transportsysteme - Datenschutz Aspekte in ITS Normen und Systemen in Europa This Technical Report was approved by CEN on 23 September 2014. I
6、t has been drawn up by the Technical Committee CEN/TC 278. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia
7、, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix
8、 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 16742:2014 EPD CEN/TR 16742:2014CEN/TR 16742:2014 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 2 Terms and definitions .5 3 Symbols and abbre
9、viated terms 7 4 Background information .8 4.1 Historical background .8 4.2 Legal background 9 4.3 Fundamental Rights of Data Protection and Privacy 10 5 Basic elements of data protection and privacy . 12 5.1 Personal information (PI) and its avoidance 12 5.1.1 General . 12 5.1.2 GPS-Data or GPS-Tra
10、jectories 15 5.2 Sensitive data 16 5.3 Individual or data subject 16 5.4 Controller . 17 5.4.1 General . 17 5.4.2 ITS environment 17 5.5 Processor 18 5.6 Third Party . 19 5.7 File or filing system (manually or automatically processed) . 19 5.8 Consent 19 5.9 Withdrawal of consent . 21 5.10 Fairness
11、and legitimacy . 21 5.11 Determination of purpose 21 5.12 Minimization of PI . 22 5.13 Topicality and correctness of PI . 22 5.14 Time limits to PI 23 5.15 Security requirements to PI . 23 5.16 Obligation to keep PI secret 24 5.17 Obligation to inform the data subject (Individual or legal entity) 24
12、 5.18 Right (access) to PI. 25 5.19 Right to rectification and erasure of PI 26 5.20 Right to objection . 27 5.21 Video surveillance (VS) 28 5.22 Shift in the burden of proof . 28 Annex A (informative) Examples of the principle of “cumulative interpretation” . 30 Annex B (informative) Data privacy F
13、ramework, Directives and Guidelines . 33 Annex C (informative) Security related International Standards . 34 PD CEN/TR 16742:2014CEN/TR 16742:2014 (E) 3 Foreword This document (CEN/TR 16742:2014) has been prepared by Technical Committee CEN/TC 278 “Intelligent transport systems”, the secretariat of
14、which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. PD CEN/TR 16742:2014CEN/TR 16742:2014 (E) 4 Introduction This Te
15、chnical Report is a guide for the developers of both ITS itself and its standards when many types of data are exchanged during the performance of its tasks, which includes in some cases personal data and information. Such Personal Data or Personal Information (PI) underlies for their applications sp
16、ecial rules defined in European Union (EU) mandatory directives or a possible EU Regulation concerning the revision of the EU Directives at Data Protection or at the national level national data protection law. In order to avoid an incorrect use of PI in any standard or Technical Report, which would
17、 cause the application of this standard or Technical Specification to be banned by legal courts, this Technical Report gives guidelines for the CEN/TC 278 Working Groups how to deal with PI in compliance with the legal rules. Even though specific data privacy protection legislation is generally achi
18、eved through national legislation and this varies from country to country there exists a basic set of rules which are common in all European countries. These common rules are defined in the European Directives 95/46/EC and 2002/58/EC in their current versions. Countries not members of the European U
19、nion (Switzerland, Norway, Island etc.) have issued national data protection laws, which are very closely aligned to the European Directives. It should also be noted that the European Directives on the protection of individuals (95/46/EC and 2002/58/EC) are regarded as the strongest legal rules arou
20、nd the world. This Technical Report builds on the content of ISO/TR 12859:2009 but extends the rules and recommendations in order to be as compliant as is reasonable with the European Directives and some of the national data protection laws. This means it is more specific and includes some recent de
21、velopments and it tries to include some intentions of what the European Commission is preparing to include in a revised and enforced version of the Directive 95/46/EC (the proposed EU proposal of a Regulation of data protection COM(2012)11 final, 2012/0011 (COD). PD CEN/TR 16742:2014CEN/TR 16742:201
22、4 (E) 5 1 Scope This Technical Report gives general guidelines to developers of intelligent transport systems (ITS) and its standards on data privacy aspects and associated legislative requirements. It is based on the EU-Directives valid at the end of 2013. It is expected that planned future enhance
23、ments of the Directives and the proposed “General Data Protection Regulation” including the Report of the EU-Parliament of 2013-11-22 (P7_A(2013)0402) will not change the guide significantly. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 ac
24、countability principle that individuals, organizations or the community are liable and responsible for their actions and may be required to explain them to the data subject and others and their actions shall comply with measures and making compliance evident, and the associated required disclosures
25、SOURCE: ISO/IEC 24775:2011 Edition:2 2.2 anonymity characteristic of information, which prevents the possibility to determine directly or indirectly the identity of the data subject SOURCE: ISO/IEC 29100:2011 2.3 anonymisation process by which personal information (PI) is irreversibly altered in suc
26、h a way that an Individual or a legal entity can no longer be identified directly or indirectly either by the controller alone or in collaboration with any other party SOURCE: ISO/IEC 29100:2011 2.4 anonymised PI PI that has been subject to a process of anonymisation and that by any means can no lon
27、ger be used to identify an Individual or legal entity SOURCE: ISO/IEC 29100:2011 2.5 committing of PI transfer of PI from the controller to a processor in the context of a commissioned work 2.6 consent individuals or legal entitys (data subject) explicitly or implicitly freely given agreement to the
28、 processing of its PI in the course of which the data subject has been in advance completely informed about the purpose, the legal basis and the third parties, receiving data subjects PI, and all these in a comprehensible form PD CEN/TR 16742:2014CEN/TR 16742:2014 (E) 6 2.7 controller any natural or
29、 legal person, public authority, agency or any other body which alone or jointly with others collect and/or process and determine the purposes and means of the processing of PI, independently whether or not a person uses the PI by themselves or assigns the tasks to a processor; where the purposes an
30、d means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law SOURCE: EU-Dir 95/46/EU Art 2 lit d 2.8 data subject any natural or legal person or association of persons whos
31、e PI is processed and is not identical to the controller or processor or third party Note 1 to entry: ISO/IEC 29100 uses this definition for the person of which personal data are used the Principal. The above definition is that one that is used in EU-Directives. 2.9 identifiability conditions which
32、result in a data subject being identified, directly or indirectly, on the basis of a given set of PI 2.10 identify establishes the link between a data subject and its PI or a set of PI 2.11 identity set of attributes which makes it possible to identify, contact or locate the data subject SOURCE: ISO
33、/IEC 29100:2011 2.12 personal information PI any data or information related to an individual or legal entity or an association of person or individuals by which the individual or legal entity or association of persons could be identified Note 1 to entry: The EU-Dir 95/48/EC names in its Art 2 lit.
34、(a) the personal information as “personal data” and defines it as: “any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one o
35、r more factors specific to his physical, physiological, mental, economic, cultural or social identity”. 2.13 processor natural person or legal entity or organization that processes PI on behalf of and in accordance with the instructions of a PI controller and if it use PI only for the commissioned w
36、ork 2.14 sub-processor privacy stakeholder that processes PI on behalf of and in accordance with the instructions of a PI processor 2.15 privacy right of a natural person or legal entity or association of persons acting on its own behalf, to determine the degree to which the confidentiality of its p
37、ersonal information (PI) is maintained or disclosed to others SOURCE: ISO/IEC 24775:2011 PD CEN/TR 16742:2014CEN/TR 16742:2014 (E) 7 2.16 processing of PII any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, orga
38、nization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction SOURCE: EU-Dir 95/48/EC Art 2 lit(b) 2.17 sensitive data any personal information related to
39、a natural person revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data or sex life; its processing is prohibited except for closing circumstances 2.18 use of PI action that circumvents all kinds of operations with the set of PI
40、 or certain elements of it meaning both processing of PI and transmission of PI to a third party 2.19 processing PI collecting, recording, storing, sorting, comparing, modification, interlinking, reproduction, consultation, output, utilisation, committing, blocking, erasure or destruction, disclosur
41、e or any kind of operation with PI except the transmission of PI to a third party 2.20 third party any person or legal entity receiving PI of a data subject other than the data subject itself or the controller or the processor 2.21 transmitting PI transfer of PI to recipients other than the data sub
42、ject, the controller or a processor, in particular publishing of data as well as the use of data for another application purpose of the controller 3 Symbols and abbreviated terms The following abbreviations are common to this document: APEC Asia-Pacific Economic Cooperation Art Article (clause in an
43、 EU Directive or similar document) C-ITS Cooperative ITS CoE Council of Europe Dir Directive (as in EU Directive) EC European Council EU European Union ITS Intelligent Transport Service OECD Organization for Economic Co-operation and Development para paragraph PI Personal Information PD CEN/TR 16742
44、:2014CEN/TR 16742:2014 (E) 8 RDB relational databases UN United Nations VS Video Surveillance 4 Background information 4.1 Historical background At the time of first codifications of rights (e.g. ancient Hammurabis-Stone (1770 BC), ancient Grecian Drakons law (621 BC, codification of existing law, a
45、bolition of vendetta), Solons law reform (593 BC, general discharge of debts, abolition of bonded labour, personal freedom of citizens and structured in four classes), Kleistenes law reform (507 BC, one homogenous citizen class, extension of political participation), the ancient Roman Twelve-Table-L
46、aw (450 BC) and Justinians Corpus Iuris Civilis (534 AD) the basic rights of a person like dignity were seldom subject to regulation. The codifications served mainly the written declaration and determination of basic rules for possession and property, related human actions, solving conflicts, the ba
47、lance of interests between different positions of persons or rights of domination of a sovereign and some criminal law for severe criminal acts. The first written declaration of freedom rights happened in the “Magna Carta Libertatum” on June 15th 1215 AD in England, by which Jonathan Landless (1199
48、1216) granted the Church of England and the nobility some privileges. This document contains additionally (par 39) the freedom for all free citizens. However, this freedom of citizens was in reality performed about some hundred years later. The “Magna Carta Libertatum” is valid constitutional law in
49、 Great Britten today. The written rights of freedom of all citizens was confirmed indirectly in the “Habeas Corpus Act” (1679) and the possibility of a fair defence of them before a court by the “Bill of Rights of England” (1689) which was model for the US Constitution. The right of freedom and the dignity of a person were intensively discussed during the age of Enlightenment by Montesquieu, Rousseau, Voltaire, dAlembert and Diderot to mention the best known. However, the sovereigns did not convert their ideas in law, because these ideas would cut ba
