Thursday, May 14, 2009

COMISIA EUROPEANA a adoptat o RECOMANDARE catre statele membre UE privind folosirea cipurilor si etichetelor RFID

Comisia Europeana, printr-o RECOMANDARE din 12 Mai a.c., introdusa de catre Viviane Reding, comisarul european pentru societatea informațională și media, solicita statelor membre sa adopte mai multe masuri privind siguranta folosirii cipurilor RFID.
Desi destinata in principal producatorilor si companiilor care folosesc etichetele RFID pe produse de larg consum, Recomandarea Comisiei priveste si organismele statului. Comisia Europeana prevede, de asemenea, explicit, ca statul trebuie sa se consulte cu cetatenii si societatea civila in vederea elaborarii unui cadru privind protectia vietii private si a datelor personale.
Nu trebuie sa ne amagim: Recomandarea doreste sa stabilieasca metodele de imbunatatire ale folosirii tehnicii RFID asupra populatiei, tinand insa cont de opinia si informarea societatii civile si a opiniei publice privin riscurile existente asupra libertatilor individuale, fapt subliniat in mai multe randuri. Cu toate acestea, conform RFID Journal, producatorii si utilizatorii tehnicii sustin ca aceasta Recomandare le da siguranta ca Uniunea Europeana accepta dezvoltarea pietei RFID. "Recomandarea ne permite sa ne focalizam pe inovatii", a declarat reprezentantul EPCglobal, una dintre companiile "nonprofit" care sustin implementarea rapida a tehnologiei RFID.
De subliniat ca in statele UE Comisia Europeana a declansata o ampla consultare publica inca din 2006.

Ce ne intereseaza pe noi, deci:

Privacy and data protection impact assessments
4. Member States should ensure that industry, in collaboration with relevant civil society
stakeholders, develops a framework for privacy and data protection impact assessments. This
framework should be submitted for endorsement to the Article 29 Data Protection Working
Party within 12 months from the publication of this Recommendation in the Official Journal
of the European Union.

5. Member States should ensure that operators, notwithstanding their other obligations pursuant to Directive 95/46/EC:
(a) conduct an assessment of the implications of the application implementation
for the protection of personal data and privacy, including whether the
application could be used to monitor an individual. The level of detail of the
assessment should be appropriate to the privacy risks possibly associated with
the application;
(b) take appropriate technical and organisational measures to ensure the protection
of personal data and privacy;
(c) designate a person or group of persons responsible for reviewing the
assessments and the continued appropriateness of the technical and
organisational measures to ensure the protection of personal data and privacy;
(d) make available the assessment to the competent authority at least six weeks
before the deployment of the application;
(e) once the framework for privacy and data protection impact assessments as set
out in point 4 is available, implement the above provisions in accordance with

Information security
6. Member States should support the Commission in identifying those applications that might
raise information security threats with implications for the general public. For such
applications, Member States should ensure that operators, together with national competent
authorities and civil society organisations, develop new schemes, or apply existing schemes,
such as certification or operator self-assessment, in order to demonstrate that an appropriate
level of information security and protection of privacy is established in relation to the
assessed risks.

Gasiti aici textul integral al Recomandarii si documentele aditionale: EU recommendation on RFID applications, vezi si the citizen's summary si expected impact assessment (Mai, 2009)

Vezi si EFECTUL SAPTAMANII MARI asupra comisarilor europeni: Comisarul European pentru Societatea Informationala si Media avertizeaza asupra Cipurilor RFID

Pentru documentare privind masurile europene:

European Commission Issues RFID Privacy Recommendations - RFID Journal
Online consultation results on the staff paper "Early Challenges to the Internet of Things" (January 2009)
Future trends of the Internet: From the Internet of Data to the Internet of Things (Speech of Gérald Santucci January 28, 2009)
Internet of Things - Internet of the Future conference report and conference website (Nice, October 6-7, 2008)
The European Commission staff working paper on the Internet of Things (IoT) (September 2008).
The European Economic and Social Committee (EESC) formal opinion on the Internet of things (September 18, 2008)
Policy and Technological Drivers in the Internet of Things (Speech of Gérald Santucci March 27, 2008)
Opinion of the European Data Protection Supervisor of 20 December 2007 on Radio Frequency Identification (RFID) in Europe
Opinion of the Article 29 Working Party on data protection issues related to RFID technology of 19 January 2005 (WP 105)
Results of the Public Consultation on Article 29 Working Document 105 on Data Protection Issues Related to RFID Technology of 28 June 2005 (WP 111)
Eu-funded research and development projects on RFID (2007)
JRC/IPTS RFID technologies report
Members of the RFID expert group
RFID - Lighthouse project (Vice-President EU Commission 03/05/2007)
Communication - steps towards a policy framework (15/03/2007)
Complete online consultation report (15/03/2007)
MEMO/06/378:A final conference in October 2006 presented the consultation's main outcomes. IP/06/289: Commission launches public consultation on radio frequency ID tags (2006)
MEMO/06/112: Radio Frequency Identification Devices (RFID): Frequently Asked Questions
Vezi si

No comments: