Difference between revisions of "CEN-CENELEC-ETSI Activities"

The European commission has issued in early 2015 a mandate to European Standardisation Organisations (or ESOs), CEN, CENELEC, ETSI) to work on a roadmap of standards covering the privacy management of security products and related services

Consequently, CEN/CENELEC has decided to launch a joint working group JWG8, the secretariat of which will be managed by AFNOR (France).

The objective if to define a roadmap and work plan for October 2015

Mandate page: http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=548

JWG8 page: http://www.cencenelec.eu/standards/Sectors/DefenceSecurityPrivacy/Privacy/Pages/default.aspx

Working group structure

• Chair: Claire Waast-Richards (EDF)

Editing team

• French delegation: Antonio Kung, Mourad Faher, Denis Pinkas
• German delegation: Matthias Reinis, Kai Rannenberg
• UK delegation: Alan Shipman, John Mitchell
• ANEC: Matthias Pocs
• CEN-CENELEC: Alina Iatan

[Antonio Kung]

• During the IPEN workshop it was made clear that the concept of security products should be more clearly defined (in particular on the contradiction between surveillance and privacy)

In December 2008, the European Commission addressed the Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate M/436 was accepted by the ESOs in the first months of 2009. The Mandate addresses the data protection, privacy and information aspects of RFID, and is being executed in two phases.

Phase 1, completed in May 2011, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report (http://www.etsi.org/deliver/etsi_tr/187000_187099/187020/01.01.01_60/tr_187020v010101p.pdf), which was published in May 2011.

Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This second phase ended in July 2014 with the publication of different technical reports and the publication of two European standards:

• http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_PROJECT:38577&cs=1201C63DE7F80DEAB30AE7D3BD4035F0A: « Information technology - RFID privacy impact assessment process» and
• http://standards.cen.eu/dyn/www/f?p=204:110:0::::FSP_PROJECT:38350&cs=117C4B4C6C024833E3B87802F882742D0: « Information technology - Notification of RFID - The information sign and additional information to be provided by operators of RFID application systems».

Here is a powerpoint presentation of TC225 : http://docbox.etsi.org/Workshop/2013/201301_SECURITYWORKSHOP/03_CENCENELEC_Standardization/CEN_TC225_M436_DESSENNE.pdf

Mandate page: http://ec.europa.eu/growth/tools-databases/mandates/index.cfm?fuseaction=search.detail&id=415

CEN/TC225 page: http://standards.cen.eu/dyn/www/f?p=204:7:0::::FSP_LANG_ID,FSP_ORG_ID:25,6206&cs=1655B872A8BB9229C9ABA80AB8819C24A#1

A dedicated Project Team has been appointed to draft the EN 16571 on PIA for RFID applications

• Project Leader: Claude Tételin (http://www.centrenational-rfid.com/index_gb.cfm French RFID National Centre)

Editing team

• Paul Chartier (https://www.convergent-software.co.uk/ Convergent Software Limited, UK), editor
• Sandra Hohenecker (https://www.gs1-germany.de/ GS1 Germany)
• John Borking (https://www.european-privacy-seal.eu/EPS-en/Home EuroPriSe)
• Peter Eisenegger (http://www.anec.eu/anec.asp ANEC)

The overall objective of the Cloud Standards Coordination initiative led by ETSI is to identify a detailed map of the standards required to support a series of <a href="http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF">policy objectives</a> defined by the European Commission, in particular in critical areas such as security, interoperability, data portability and reversibility.

[Irene Kamara]

The report includes the collection and classification of over 100 cloud computing Use Cases, many of which have a personal data protection focus (e.g. UC SD 3.3.3. Processing Sensitive Data)