2011. december 1., csütörtök

Berlini szimpózium a "Rádiófrekvenciás azonosítók alkalmazásának személyiségi jogi hatásvizsgálatairól"

Mai postánkból. Roger Longhorn írta a GSDI L&SE munkacsoport tagjainak.
Forrás: EDRi-gram - biweekly newsletter about digital civil rights in Europe - Number 9.23, 30 November 2011

New Guidelines to RFID Privacy Impact Assessments

On 25 November 2011 the German Federal Office for Information Security (BSI) and the Institute for Management Information Systems of the Vienna University of Economics and Business (WU) held an expert symposium on RFID Privacy Impact Assessments in Berlin and presented their BSI Privacy Impact Assessment (PIA) Guidelines.





The PIA guidelines are based on the RFID PIA Framework, a kind of co-regulation instrument that was signed by Vice President of the European Commission Neelie Kroes and industry representatives earlier this year. The goal of the guidelines is to explain the PIA Framework and to provide RFID application operators with an  in-depth understanding of the framework terminology and proposed procedures. The methodology outlined in the document is understood to be a concretion of the generic process outlined in the PIA framework.


The PIA guidelines will help European RFID operators to ensure a high level of data protection, which can be seen as an important aspect of quality and a unique selling proposition for European companies, said Professor Sarah Spiekermann, Head of the Institute for Management Information Systems. The PIA guidelines are available from the symposium website. PIA case studies for three different sectors will soon be published by BSI.


In his presentation at the symposium the German Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar, explained that, while Data Protection Authorities (DPAs) might not be able to check each and every PIA report, in future, the results of privacy impact assessments and the implementation of their results will be important aspects in data protection inspections. He therefore asked, that PIA reports and the data protection goals identified in the course of the PIA process should be made transparent to DPAs and individuals.


Furthermore, Mr. Schaar called for PIA frameworks being defined on the European level and for the establishment of a European data protection competence centre, which should work on technical means and measures for data protection.


The European Data Protection Supervisor, Peter Hustinx, stressed in his contribution the need to reduce the unhelpful diversity in EU member states' data protection legislation. While there is no need to reinvent data protection, it is necessary to make the current principles work better, to improve the definition of responsibilities and to ensure a better compliance, he said. With regard to privacy impact assessments, Mr. Hustinx envisaged that these could be optional in some cases while being compulsory in others.


A coherent European approach to the implementation of the RFID Privacy Impact Assessment Framework will be in the centre of a conference organised by the European Commission on 8 February 2012 in Brussels, where experiences with the PIA Framework and the future of the European Commission's RFID Recommendation will be discussed.


As EDRi already expressed earlier, the success of RFID Privacy Impact Assessments will, to a large extend, depend on the quality of the assessment. In particular, it will be crucial to address and eliminate risks that stem from third parties and are not directly related with the RFID applications operated by a given company, but facilitate the RFID tags disseminated by the company.


[Links]


Expert Symposium on RFID Privacy Impact Assessments, 25.11.2011, Austrian Embassy Berlin
http://www.wu.ac.at/ec/events/piasymposium


RFID Privacy Impact Assessment Guidelines
http://www.wu.ac.at/ec/events/pia_guideline


Federal Office for Security in Information technology - RFID PIA (only in German)
https://www.bsi.bund.de/DE/Themen/ElektronischeAusweise/RadioFrequencyIdentification/PIA/pia_node.html


EDRi-gram: EU supports RFID with proper protection of consumers' privacy (20.05.2009)
http://www.edri.org/edri-gram/number7.10/rfid-european-commission-recommandation


EDRi-gram: RFID Privacy Impact Assessment Framework formally adopted (06.04.2011)
http://www.edri.org/edrigram/number9.7/rfid-pia-adopted-eu


EDRi-gram: ENDitorial: RFID PIA: Check against delivery
http://www.edri.org/edrigram/number9.10/rfid-pia-check-against-delivery


European Commission Conference: 08.02.2012: Implementation of the RFID Privacy Impact Assessment (PIA) Framework
Invitation:
http://ec.europa.eu/information_society/policy/rfid/documents/piaconferenceinvitation.pdf
Programme:
http://ec.europa.eu/information_society/policy/rfid/documents/piaconferenceprogramme.pdf


(Contribution by Andreas Krisch - EDRi)


Kind regards

Roger Longhorn
ral@alum.mit.edu

_______________________________________________
Legal-Socioecon mailing list
Legal-Socioecon@lists.gsdi.org
http://lists.gsdi.org/mailman/listinfo/legal-socioecon

Nincsenek megjegyzések:

Megjegyzés küldése

About the LAPSI project

LAPSI is a project in the FP7 program of the European Union.
Legal Aspects of the Public Sector Information and Re-use.
Timespan: 30 months. Participants: 20 institutions and organistions. Coordinator: University of Torino.
Kick-off Meeting: Torino, 26-28 March, 2010

Role of HUNAGI in the LAPSI Project

HUNAGI contribution is related mainly to the Geographic Information which are produced, maintained and used in land management, including surveying, mapping, cadastre and land registration, remote sensing and serviced by relevant spatial data infrastructures. From a national economic point of view, the uniform land registration system operating in Hungary is one of the most important databases of the country. This system allows to obtain over the time updated legal and geometric data, as well as other information (e.g. on ownership, land uses, mortgages, etc.). The cadastral maps integrated into the uniform land registration system show spatial relations and references of rights, facts and other information appearing on the property sheets, serving as a basis of engineering planning for the national economy. The national spatial data infrastructure can be built on this uniform, authorized and public land registration system, in small partial modules, following the EU INSPIRE Directive. HUNAGI will participate to all Working Groups and actively take part to Working Groups 01, 03 and 04. It also makes its facilities available to host one of the thematic network seminars or conferences.

About the HUNAGI Team of the LAPSI Project

Team members:
Piroska Zalaba (FvM FTF www.fvm.hu), dr. Szabolcs Mihály (FÖMI www.fomi.hu), dr.József Mlinarics (MATISZ www.matisz.hu), Ferenc Hargitai (MATISZ www.matisz.hu), István Sponga (Neumann-Ház Nonprofit Kft www.neumann-haz.hu), Dr. Tamás A. Kovács (Dr. Kovács A. Tamás Ügyvédi Iroda www.kovacsatamasiroda.hu), Dr. Gábor Remetey-Fülöpp, Team leader (HUNAGI www.hunagi.hu)

Observers/supporters:
Barkóczi Zsolt (HUNAGI www.hunagi.hu), Tóth Sándor (FVM FTF www.fvm.hu)
Klóser Anikó (Meh EKK www.ekk.meh.gov.hu), dr. Marosán Andrea (MeH EKK), dr. Csiszér Gábor (MeH EKK)
Temporal replacements: Éva Harbula for Dr. Szabolcs Mihály (FÖMI)

About the Team Leader

Gabor Remetey-Fülöpp is Secretary General of Hungarian Association of Geo- information/HUNAGI. He holds a degree in Civil Engineering (Budapest) and a second diploma in automation in geodesy. Among his numerous experiences he has been part of the EU Acquis-related institutional development project (1998-2006), of the EC INSPIRE Experts Team (2001-2006), and of the Drafting Team, National SDI Strategy (2004-2006). He also took part to ePSIplus activities.