1、September 2014 Translation by DIN-Sprachendienst.English price group 11No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).
2、ICS 35.240.60!%;$i“2240170www.din.deDDIN EN 16570Information technology Notification of RFID The information sign and additional information to be provided byoperators of RFID application systems;English version EN 16570:2014,English translation of DIN EN 16570:2014-09Informationstechnik Notifizieru
3、ng von RFID Das Informationszeichen und zustzliche Informationen, die von den Betreibern vonRFID-Anwendungssystemen bereitgestellt werden mssen;Englische Fassung EN 16570:2014,Englische bersetzung von DIN EN 16570:2014-09Technologies de linformation Notification didentfication par radiofrquence (RFI
4、D) Signe informationnel et informations complmentaires devant tre dlivres par lesexploitants de systmes dapplication didentification RFID;Version anglaise EN 16570:2014,Traduction anglaise de DIN EN 16570:2014-09www.beuth.deDocument comprises 17 pagesIn case of doubt, the German-language original sh
5、all be considered authoritative.08.14 DIN EN 16570:2014-09 2 A comma is used as the decimal marker. National foreword This document (EN 16570:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC technologies” (Secretariat: NEN, Netherlands). The responsible German body involved in its pre
6、paration was the DIN-Normenausschuss Informationstechnik und Anwendungen (Information Technology and selected IT Applications Standards Committee), Working Committee NA 043-01-31 AA Automatische Identifikation und Datenerfassungsverfahren. This European Standard specifies requirements for common Eur
7、opean RFID notification signs to be used by operators of RFID applications to indicate the presence of a radio frequency identification (RFID) system. In addition, this standard also defines procedures for making RFID tags visible which are attached to or embedded in objects that can be purchased or
8、 are in use within the European Union. As a rule, the requirement that operators of RFID systems use a common European sign to notify the presence of an RFID system will have consequences for the Privacy Impact Assessment (PIA) document that they are required to draw up to assess the privacy impact
9、of their RFID system. Such a notification sign is an essential means of mitigating potential risks. This European Standard defines: the technologies that require such notification signs; the type of application for which the visibility of the notification sign is required, in connection with the typ
10、e of individual involved (customer, general citizen, salesperson, etc.); who is an operator of an RFID application; the data and graphical information which are to be included in the notification sign; requirements for the presentation of the notification sign; methods for ensuring accessibility. Th
11、e common European RFID notification sign has three elements: a graphical emblem designed along the lines of DIN EN ISO/IEC 29160; text describing the scope and purposes of the RFID application, including the application operators address and telephone number; information regarding the “contact point
12、” from which further information regarding the RFID application can be obtained; this may include the postal address, e-mail address, telephone number or a URL. The aim of this European Standard is to set up a common practical framework which allows companies of any size to on a voluntary basis draf
13、t RFID notification signs and make them visible. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 16570 July 2014 ICS 35.240.60 English Version Information technology - Notification of RFID - The information sign and additional information to be provided by operators of RFID application systems
14、Technologies de linformation - Notification didentification par radiofrquence (RFID) - Signe informationnel et informations complmentaires devant tre dlivres par les exploitants de systmes dapplication didentification RFIDInformationstechnik - Notifizierung von RFID - Das Informationszeichen und zus
15、tzliche Informationen, die von den Betreibern von RFID-Anwendungssystemen bereitgestellt werden mssen This European Standard was approved by CEN on 14 May 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
16、the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, Fr
17、ench, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgari
18、a, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turke
19、y and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Re
20、f. No. EN 16570:2014 EEN 16570:2014 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 1.1 General 5 1.2 Objective .5 1.3 Applicability 5 2 Normative references 5 3 Terms and definitions .5 4 The Common European RFID Notification Signage System .7 4.1 Introduction 7 4.2 Definition of the Commo
21、n European Notification Signage System .8 4.3 The common European RFID notification sign 8 4.4 The Common RFID emblem 8 4.5 Contact Point 9 4.5.1 General 9 4.5.2 Name of the operator of the application 9 4.6 Purpose of the application(s) .9 5 Placement of RFID Signs notifying the presence of RFID in
22、terrogators 10 5.1 General . 10 5.2 Notification of multiple applications in an area . 10 6 Notification of the presence of tags on or in items . 10 6.1 Common RFID Emblem 10 6.2 Contact Point . 11 6.3 Scope and purpose. 11 7 Additional information: the Information Policy . 11 7.1 Summary PIA . 11 7
23、.2 Information policy requirements with respect to RFID privacy . 11 7.3 RFID privacy information and notification within promotional material . 11 7.3.1 General . 11 7.3.2 RFID privacy information and notification within sales material and pre-contract information 12 7.3.3 RFID privacy relevant con
24、tractual clauses 12 7.3.4 Post sale user RFID privacy information including end of use of an item . 13 7.3.5 RFID privacy information and notification to be obtained from manufacturers and other RFID technology suppliers 14 8 Legibility/Accessibility . 14 Bibliography . 15 DIN EN 16570:2014-09 EN 16
25、570:2014 (E) 3 Foreword This document (EN 16570:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC technologies”, the secretariat of which is held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsemen
26、t, at the latest by January 2015, and conflicting national standards shall be withdrawn at the latest by January 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifyin
27、g any or all such patent rights. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. This European Standard is one of a series of related deliverables, which together comprise M/436 Phase 2. The other deliverables are: EN 1
28、6571, Information technology RFID privacy impact assessment process; EN 16656, Information technology Radio frequency identification for item management RFID Emblem (ISO/IEC 29160:2012, modified); CEN/TR 16669, Information technology Device interface to support ISO/IEC 18000-3, CEN/TR 16670, Informa
29、tion technology RFID threat and vulnerability analysis; CEN/TR 16671, Information technology Authorisation of mobile phones when used as RFID interrogators; CEN/TR 16672, Information technology Privacy capability features of current RFID technologies; CEN/TR 166731), Information technology RFID priv
30、acy impact assessment analysis for specific sectors; CEN/TR 16674, Information technology Analysis of privacy impact assessment methodologies relevant to RFID; CEN/TR 166842), Information technology Notification of RFID Additional information to be provided by operators; CEN/TS 16685, Information te
31、chnology Notification of RFID The information sign to be displayed in areas where RFID interrogators are deployed. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulga
32、ria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Tur
33、key and the United Kingdom. 1) CEN/TR 16673 contains practical examples of PIA systems. 2) CEN/TR 16684 contains practical examples of notification signage systems. DIN EN 16570:2014-09 EN 16570:2014 (E) 4 Introduction In response to the growing deployment of RFID systems in Europe, the European Com
34、mission published in 2007 the Communication COM(2007) 96 RFID in Europe: steps towards a policy framework. This Communication proposed actions to overcome barriers to wider take-up of RFID to benefit society and the economy whilst incorporating appropriate privacy, health and environmental safeguard
35、s. In December 2008, the European Commission addressed Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate addresses the data protection, privacy and information policy aspects of RFID, and has been executed in two phases. Phase 1, completed in May 2011
36、, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report TR 187 020, which was published in May 2011. Phase 2 delivered the execution of the standardization work programme identified in the first phase. This
37、 European Norm is one of 11 deliverables of EC Mandate M/436 RFID Phase 2. It builds on the research undertaken in the related Technical Report CEN/TR 16684:2014, Information technology Notification of RFID Additional information to be provided by operators. It is intended that the procedures define
38、d in this EN shall be used by individual RFID operators - or by entire sectors - for notification of the presence of RFID applications. DIN EN 16570:2014-09 EN 16570:2014 (E) 5 1 Scope 1.1 General The scope of this EN is to define the requirements for a Common European Notification Signage system to
39、 be used by operators of RFID application systems deployed within the EU Member States. 1.2 Objective The objective of this EN is to provide enterprises, both large and small, with a common and accessible framework for the design and display of RFID notification signs. In addition to the information
40、 placed on the sign, the framework includes the information policy - needed to answer enquiries received from individuals accessing the contact point noted on the sign itself. This minimizes the volume of information written on the sign. This European Standard defines: a) the details of data and gra
41、phics that shall be included on the signage; b) the presentational requirements for the signage, taking account of the need; 1) to provide a practical solution given constraints on print technique and print area; 2) for a consistent common and recognisable signage; c) means to support accessibility;
42、 d) the structure and content of an information policy to meet the informational needs of individuals with respect to RFID privacy. 1.3 Applicability This EN provides an application-agnostic framework which may be used by all enterprises operating RFID applications in the European Union. 2 Normative
43、 references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) appl
44、ies. EN 16571, Information technology RFID privacy impact assessment process EN 16656:2014, Information technology Radio frequency identification for item management RFID Emblem (ISO/IEC 29160:2012, modified) 3 Terms and definitions For the purposes of this document, the following terms and definiti
45、ons apply. 3.1 common European RFID notification emblem graphic design which notifies the presence of radio frequency identification (RFID) systems DIN EN 16570:2014-09 EN 16570:2014 (E) 6 Note 1 to entry: This emblem is defined in EN 16656 as the filled general-purpose emblem (Figure B.3). Users of
46、 this European Norm should use EN 16656 rather than ISO/IEC 29160:2012. The EN version contains specific advice regarding the use of the RFID Emblem in an EU environment, especially in relation to minimum sizing of the emblem. Note 2 to entry: The term “emblem” is used to signify that the Common Eur
47、opean Emblem is non-commercial and does not make any statement of interoperability. 3.2 common European RFID notification sign physical expression of the RFID notification signage system Note 1 to entry: It has three elements: 1) the common European RFID Notification Emblem, 2) the scope and purpose
48、 of the RFID application, 3) the contact point where further information about the application may be obtained. 3.3 controller or data controller natural or legal person, public authority or agency, or any other body which alone or jointly with others determines the purpose and means of the processing of personal data Note 1 to entry: Where the purpose and means of the processing are determined by national or Community laws or regulations the controlle