Difference between revisions of "CEN-CENELEC-ETSI Activities"

From IPEN Wiki
Jump to navigation Jump to search
 
(18 intermediate revisions by 2 users not shown)
Line 3: Line 3:
[[File:CEN CENELEC.jpg]][[File:ETSI.jpg]]
[[File:CEN CENELEC.jpg]][[File:ETSI.jpg]]


== <span style="font-size: larger; line-height: 1.2;">CEN-CENELEC JWG8 on Privacy Management of Security Products and Related Services</span> ==
== <span style="font-size: larger; line-height: 1.2">CEN-CENELEC JWG8 on Privacy Management of Security Products and Related Services</span> ==


{| border="1" cellspacing="1" cellpadding="1" style="width: 900px;"
{| style="width: 900px;" border="1" cellpadding="1" cellspacing="1"
|-
|-
| Context
| Context<br/>
|  
|  
The European commission has issued in early 2015 a mandate to European Standardisation Organisations (or ESOs), CEN, CENELEC, ETSI) to work on a roadmap of standards covering the privacy management of security products and related services
The European commission has issued in early 2015 a mandate to European Standardisation Organisations (or ESOs), CEN, CENELEC, ETSI) to work on a roadmap of standards covering the privacy management of security products and related services


<span style="line-height: 1.6;">Consequently, CEN/CENELEC has decided to launch a joint working group JWG8, the secretariat of which will be managed by AFNOR (France).</span>
<span style="line-height: 1.6">Consequently, CEN/CENELEC has decided to launch a joint working group JWG8, the secretariat of which will be managed by AFNOR (France).</span>


The objective if to define a roadmap and work plan for October 2015
The objective is to define a roadmap and work plan for October 2015


|-
|-
Line 21: Line 21:


JWG8 page:&nbsp;[http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Privacy/Pages/default.aspx http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Privacy/Pages/default.aspx]
JWG8 page:&nbsp;[http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Privacy/Pages/default.aspx http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Privacy/Pages/default.aspx]
|-
| Events
|
*Kick-off meeting march 5th, 2015 Paris
*meeting june 15th, 2015 Brussels.
*meeting september 14th, 2015 Paris. Discussion on a workplan proposal. Involved the European Commission as well as a number of European projects (e.g. EuroForGen, Concord, Episecc,&nbsp;Xp-DITE, Terascreen, Darwin, Crisp, Ingrest, Evidence, Respect)&nbsp;


|-
|-
Line 28: Line 35:
<ul style="line-height: 18.9090900421143px;">
<ul style="line-height: 18.9090900421143px;">
<li>Chair: Claire Waast-Richards (EDF)</li>
<li>Chair: Claire Waast-Richards (EDF)</li>
<li>Secretary: Philippe Magnabosco (AFNOR)</li>
</ul>
</ul>


Editing team
Editing team
<ul style="line-height: 18.9090900421143px;">
<ul style="line-height: 18.9090900421143px;">
<li>French delegation: Antonio Kung, Mourad Faher, Denis Pinkas</li>
<li>French delegation: Jean-François Sulzer, Antonio Kung, Mourad Faher, Denis Pinkas</li>
<li>German delegation: Matthias Reinis, Kai Rannenberg</li>
<li>German delegation: Matthias Reinis, Kai Rannenberg</li>
<li>UK delegation: Alan Shipman, John Mitchell</li>
<li>UK delegation: Alan Shipman, John Mitchell</li>
<li>Austrian delegation: Eike Wolf</li>
<li>ANEC: Matthias Pocs</li>
<li>ANEC: Matthias Pocs</li>
<li>CEN-CENELEC: Alina Iatan</li>
<li>CEN-CENELEC: Alina Iatan</li>
Line 48: Line 57:
|}
|}


== <span style="font-size: larger; line-height: 1.2">CEN/TC225 - AIDC technologies</span> ==


<span style="line-height: 1.6">As stated in Wikipedia&nbsp;: ''Automatic identification and data capture (AIDC) refers to the methods of automatically identifying objects, collecting data about them, and entering that data directly into computer systems (i.e. without human involvement). Technologies typically considered as part of AIDC include bar codes, Radio Frequency Identification (RFID), biometrics, magnetic stripes, Optical Character Recognition (OCR), smart cards, and voice recognition. AIDC is also commonly referred to as “Automatic Identification,” “Auto-ID,” and "Automatic Data Capture."''</span>


== <span style="font-size: larger; line-height: 1.2;">CEN/TC225 - AIDC technologies</span> ==
=== <span style="font-size: 18.2520008087158px; line-height: 29.2032012939453px">Data Protection, Privacy and Information Aspects of RFID</span> ===


<span style="line-height: 1.6;">As stated in Wikipedia : ''Automatic identification and data capture (AIDC) refers to the methods of automatically identifying objects, collecting data about them, and entering that data directly into computer systems (i.e. without human involvement). Technologies typically considered as part of AIDC include bar codes, Radio Frequency Identification (RFID), biometrics, magnetic stripes, Optical Character Recognition (OCR), smart cards, and voice recognition. AIDC is also commonly referred to as “Automatic Identification,” “Auto-ID,” and "Automatic Data Capture."''</span>
{| style="line-height: 20.7999992370605px; width: 900px;" border="1" cellpadding="1" cellspacing="1"
<span style="font-size: larger; line-height: 1.2;"></span>
{| border="1" cellspacing="1" cellpadding="1" style="line-height: 20.7999992370605px; width: 900px;"
|-
|-
| Context
| Context
Line 60: Line 69:
In December 2008, the European Commission addressed the Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems.&nbsp;The Mandate M/436 was accepted by the ESOs in the first months of 2009. The Mandate addresses the data protection, privacy and information aspects of RFID, and is being executed in two phases.
In December 2008, the European Commission addressed the Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems.&nbsp;The Mandate M/436 was accepted by the ESOs in the first months of 2009. The Mandate addresses the data protection, privacy and information aspects of RFID, and is being executed in two phases.


Phase 1, completed in May 2011, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report&nbsp;[http://www.etsi.org/deliver/etsi_tr/187000_187099/187020/01.01.01_60/tr_187020v010101p.pdf TR 187 020], which was published in May 2011.
Phase 1, completed in May 2011, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report ([http://www.etsi.org/deliver/etsi_tr/187000_187099/187020/01.01.01_60/tr_187020v010101p.pdf http://www.etsi.org/deliver/etsi_tr/187000_187099/187020/01.01.01_60/tr_187020v010101p.pdf]), which was published in May 2011.


Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This second phase ended in July 2014 with the publication of different technical reports and the publication of two European standards:
Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This second phase ended in July 2014 with the publication of different technical reports and the publication of two European standards:


<font color="#333333">[http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_PROJECT:38577&cs=1201C63DE7F80DEAB30AE7D3BD4035F0A EN 16571]: «&nbsp;Information technology - RFID privacy impact assessment process» and</font>
*<font color="#333333">[http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_PROJECT:38577&cs=1201C63DE7F80DEAB30AE7D3BD4035F0A http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_PROJECT:38577&amp;cs=1201C63DE7F80DEAB30AE7D3BD4035F0A]: «&nbsp;Information technology - RFID privacy impact assessment process» and</font>
*<font color="#333333">[http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_PROJECT:38350&cs=117C4B4C6C024833E3B87802F882742D0 http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_PROJECT:38350&amp;cs=117C4B4C6C024833E3B87802F882742D0]: «&nbsp;Information technology - Notification of RFID - The information sign and additional information to be provided by operators of RFID application systems».</font>


<font color="#333333">[http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_PROJECT:38350&cs=117C4B4C6C024833E3B87802F882742D0 EN 16570]: «&nbsp;Information technology - Notification of RFID - The information sign and additional information to be provided by operators of RFID application systems».</font>
Here is a powerpoint presentation of TC225&nbsp;:&nbsp;[http://docbox.etsi.org/Workshop/2013/201301_SECURITYWORKSHOP/03_CENCENELEC_Standardization/CEN_TC225_M436_DESSENNE.pdf http://docbox.etsi.org/Workshop/2013/201301_SECURITYWORKSHOP/03_CENCENELEC_Standardization/CEN_TC225_M436_DESSENNE.pdf]


|-
|-
| URL
| URL
|  
|  
Mandate page:&nbsp;[http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=415 M/436]
Mandate page: [http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=415 http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&amp;id=415]


CEN/TC225 page:&nbsp;[http://standards.cen.eu/dyn/www/f?p=204:7:0::::FSP_LANG_ID,FSP_ORG_ID:25,6206&cs=1655B872A8BB9229C9ABA80AB8819C24A#1 CEN/TC225]
CEN/TC225 page: [http://standards.cen.eu/dyn/www/f?p=204:7:0::::FSP_LANG_ID,FSP_ORG_ID:25,6206&cs=1655B872A8BB9229C9ABA80AB8819C24A#1 http://standards.cen.eu/dyn/www/f?p=204:7:0::::FSP_LANG_ID,FSP_ORG_ID:25,6206&amp;cs=1655B872A8BB9229C9ABA80AB8819C24A#1]


|-
|-
Line 80: Line 90:
A dedicated Project Team has been appointed to draft the EN 16571 on PIA for RFID applications
A dedicated Project Team has been appointed to draft the EN 16571 on PIA for RFID applications
<ul style="line-height: 18.9090900421143px;">
<ul style="line-height: 18.9090900421143px;">
<li><span style="line-height: 20.7999992370605px;">Project Leader: Claude Tételin ([http://www.centrenational-rfid.com/index_gb.cfm French RFID National Centre])</span></li>
<li><span style="line-height: 20.7999992370605px">Project Leader: Claude Tételin ([http://www.centrenational-rfid.com/index_gb.cfm http://www.centrenational-rfid.com/index_gb.cfm]&nbsp;French RFID National Centre)</span></li>
</ul>
</ul>


Editing team
Editing team
<ul style="line-height: 18.9090900421143px;">
<ul style="line-height: 18.9090900421143px;">
<li><span style="line-height: 20.7999992370605px;">Paul Chartier ([https://www.convergent-software.co.uk/ Convergent Software Limited], UK), editor</span></li>
<li><span style="line-height: 20.7999992370605px">Paul Chartier ([https://www.convergent-software.co.uk/ https://www.convergent-software.co.uk/]&nbsp;Convergent Software Limited, UK), editor</span></li>
<li>Sandra Hohenecker&nbsp;([https://www.gs1-germany.de/ GS1 Germany])</li>
<li>Sandra Hohenecker&nbsp;([https://www.gs1-germany.de/ https://www.gs1-germany.de/]&nbsp;GS1 Germany)</li>
<li>John Borking ([https://www.european-privacy-seal.eu/EPS-en/Home EuroPriSe])</li>
<li>John Borking ([https://www.european-privacy-seal.eu/EPS-en/Home https://www.european-privacy-seal.eu/EPS-en/Home]&nbsp;EuroPriSe)</li>
<li>Peter Eisenegger ([http://www.anec.eu/anec.asp ANEC])</li>
<li>Peter Eisenegger ([http://www.anec.eu/anec.asp http://www.anec.eu/anec.asp]&nbsp;ANEC)</li>
</ul>
</ul>


|-
|-
| Comments
| Comments<br/>
|
 
 
|}
 
== <span style="font-size: larger; line-height: 1.2">ETSI TC Cyber</span> ==
 
{| border="1" cellpadding="1" cellspacing="1" width="1071" style="line-height: 20.7999992370605px; width: 900px;"
|-
| Context<br/>
|
<span style="color: rgb(68, 68, 68); font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 18px;">The Internet has become a critical infrastructure for both businesses and individual users. Growing dependence on networked digital systems has brought with it an increase in both the variety and quantity of cyber-threats. The different methods governing secure transactions in the various Member States of the European Union sometimes make it difficult to assess the respective risks and to ensure adequate security. Building on our world-leading expertise in the security of Information and Communications Technologies (ICT), we set up a new Cyber Security committee (TC CYBER) in 2014 to meet the growing demand for standards to protect the Internet and the communications and business it carries.</span><br/><br/><span style="color: rgb(68, 68, 68); font-family: Arial, Helvetica, sans-serif; font-size: 12px; line-height: 18px;">TC CYBER is working closely with relevant stakeholders to develop appropriate standards to increase privacy and security for organisations and citizens across Europe. The committee is looking in particular at the security of infrastructures, devices, services and protocols, as well as security tools and techniques to ensure security. It offers security advice and guidance to users, manufacturers and network and infrastructure operators.</span>
 
|-
| URL
| [https://portal.etsi.org/TBSiteMap/CYBER/CyberToR.aspx https://portal.etsi.org/TBSiteMap/CYBER/CyberToR.aspx]<br/>
|-
| Comments<br/>
|
 
 
|}
 
== <span style="font-size: larger; line-height: 1.2">ETSI </span>Cloud Standards Coordination final report v.1.0 ==
 
{| border="1" cellpadding="1" cellspacing="1" width="1071" style="width: 900px;"
|-
| Context<br/>
|
<span style="color:#2C3439">The </span><span style="font-size:13px; color:#20272B">overall objective of the Cloud Standards Coordination initiative led by ETSI is to identify a detailed map of the standards required to support a series of</span><span style="font-size:13px; color:#36568B"><u>&nbsp;policy objectives</u></span><span style="font-size:13px; color:#20272B">&nbsp;defined by the European Commission, in particular </span><span style="color:#2C3439">in critical areas such as security, interoperability, data portability and reversibility</span><span style="font-size:13px; color:#20272B">.</span><span style="line-height: 20.7999992370605px; color: rgb(32, 39, 43);">&nbsp;(</span><span style="line-height: 20.7999992370605px; color: rgb(54, 86, 139);"><u>[http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF])</u></span>
 
|-
| URL
| [http://www.etsi.org/images/files/Events/2013/2013_CSC_Delivery_WS/CSC-Final_report-013-CSC_Final_report_v1_0_PDF_format-.PDF http://www.etsi.org/images/files/Events/2013/2013_CSC_Delivery_WS/CSC-Final_report-013-CSC_Final_report_v1_0_PDF_format-.PDF]<br/>
|-
| Comments<br/>
|  
|  
[Irene Kamara]


The report includes the collection and classification of over 100 cloud computing Use Cases, many of which have a personal data protection focus (e.g. UC SD 3.3.3. Processing Sensitive Data)


|}
|}
&nbsp;

Latest revision as of 19:14, 20 April 2016

This page focuses on activities related to privacy carried out in the European Standardisation Organisations (ESOs)

CEN CENELEC.jpgETSI.jpg

CEN-CENELEC JWG8 on Privacy Management of Security Products and Related Services

Context

The European commission has issued in early 2015 a mandate to European Standardisation Organisations (or ESOs), CEN, CENELEC, ETSI) to work on a roadmap of standards covering the privacy management of security products and related services

Consequently, CEN/CENELEC has decided to launch a joint working group JWG8, the secretariat of which will be managed by AFNOR (France).

The objective is to define a roadmap and work plan for October 2015

URL

Mandate page: http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=548

JWG8 page: http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Privacy/Pages/default.aspx

Events
  • Kick-off meeting march 5th, 2015 Paris
  • meeting june 15th, 2015 Brussels.
  • meeting september 14th, 2015 Paris. Discussion on a workplan proposal. Involved the European Commission as well as a number of European projects (e.g. EuroForGen, Concord, Episecc, Xp-DITE, Terascreen, Darwin, Crisp, Ingrest, Evidence, Respect) 
Members of JWG8

Working group structure

  • Chair: Claire Waast-Richards (EDF)
  • Secretary: Philippe Magnabosco (AFNOR)

Editing team

  • French delegation: Jean-François Sulzer, Antonio Kung, Mourad Faher, Denis Pinkas
  • German delegation: Matthias Reinis, Kai Rannenberg
  • UK delegation: Alan Shipman, John Mitchell
  • Austrian delegation: Eike Wolf
  • ANEC: Matthias Pocs
  • CEN-CENELEC: Alina Iatan
Comments

[Antonio Kung]

  • During the IPEN workshop it was made clear that the concept of security products should be more clearly defined (in particular on the contradiction between surveillance and privacy)

CEN/TC225 - AIDC technologies

As stated in Wikipedia : Automatic identification and data capture (AIDC) refers to the methods of automatically identifying objects, collecting data about them, and entering that data directly into computer systems (i.e. without human involvement). Technologies typically considered as part of AIDC include bar codes, Radio Frequency Identification (RFID), biometrics, magnetic stripes, Optical Character Recognition (OCR), smart cards, and voice recognition. AIDC is also commonly referred to as “Automatic Identification,” “Auto-ID,” and "Automatic Data Capture."

Data Protection, Privacy and Information Aspects of RFID

Context

In December 2008, the European Commission addressed the Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate M/436 was accepted by the ESOs in the first months of 2009. The Mandate addresses the data protection, privacy and information aspects of RFID, and is being executed in two phases.

Phase 1, completed in May 2011, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report (http://www.etsi.org/deliver/etsi_tr/187000_187099/187020/01.01.01_60/tr_187020v010101p.pdf), which was published in May 2011.

Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This second phase ended in July 2014 with the publication of different technical reports and the publication of two European standards:

Here is a powerpoint presentation of TC225 : http://docbox.etsi.org/Workshop/2013/201301_SECURITYWORKSHOP/03_CENCENELEC_Standardization/CEN_TC225_M436_DESSENNE.pdf

URL

Mandate page: http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=415

CEN/TC225 page: http://standards.cen.eu/dyn/www/f?p=204:7:0::::FSP_LANG_ID,FSP_ORG_ID:25,6206&cs=1655B872A8BB9229C9ABA80AB8819C24A#1

Members of CEN/TC225

A dedicated Project Team has been appointed to draft the EN 16571 on PIA for RFID applications

Editing team

Comments


ETSI TC Cyber

Context

The Internet has become a critical infrastructure for both businesses and individual users. Growing dependence on networked digital systems has brought with it an increase in both the variety and quantity of cyber-threats. The different methods governing secure transactions in the various Member States of the European Union sometimes make it difficult to assess the respective risks and to ensure adequate security. Building on our world-leading expertise in the security of Information and Communications Technologies (ICT), we set up a new Cyber Security committee (TC CYBER) in 2014 to meet the growing demand for standards to protect the Internet and the communications and business it carries.

TC CYBER is working closely with relevant stakeholders to develop appropriate standards to increase privacy and security for organisations and citizens across Europe. The committee is looking in particular at the security of infrastructures, devices, services and protocols, as well as security tools and techniques to ensure security. It offers security advice and guidance to users, manufacturers and network and infrastructure operators.

URL https://portal.etsi.org/TBSiteMap/CYBER/CyberToR.aspx
Comments


ETSI Cloud Standards Coordination final report v.1.0

Context

The overall objective of the Cloud Standards Coordination initiative led by ETSI is to identify a detailed map of the standards required to support a series of policy objectives defined by the European Commission, in particular in critical areas such as security, interoperability, data portability and reversibility. (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF)

URL http://www.etsi.org/images/files/Events/2013/2013_CSC_Delivery_WS/CSC-Final_report-013-CSC_Final_report_v1_0_PDF_format-.PDF
Comments

[Irene Kamara]

The report includes the collection and classification of over 100 cloud computing Use Cases, many of which have a personal data protection focus (e.g. UC SD 3.3.3. Processing Sensitive Data)