New CEN-CENELEC Technical Committees for Infosec and Data Protection Standardization (TC8) Brussels - 19 September 2017 Alessandro GUARINO Chair,

Similar documents
European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards

Standardization and Regulations in the EU/EFTA

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

Introduction to the European Standardization System

Standardization mandate addressed to CEN, CENELEC and ETSI in the field of Information Society Standardization

EC Mandate: Adaptation to climate change use of standards to make key infrastructures more resilient. Ab de Buck/ Caroline van Hoek

The European Standards Organisations (ESOs) Outreach Activities

European Standards & Community Specifications

Some keynote messages on standardization and trade between US and EU

Standardization of Knowledge and Skills for IT Security

NSAI s ICT standardization participation and consultation system and operation as ETSI/NSO. Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC

The European approach of using standards in support of regional legislation and free circulation of goods/services

EN 50600, EU COC, EMAS AND EUROPEAN DATA CENTRE ENERGY EFFICIENCY MANAGEMENT

The European System of Standardization in the Globalized Economy. AFSEC General Assembly Johannesburg, 10 August 2010

European Standardization

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

Status of activities Joint Working Group on standards for Smart Grids in Europe

BS EN :2017. Electronic Invoicing and associated PDs (TSs and TRs) Copyright 2017 BSI. All rights reserved 06/10/2017

Recent developments CEN and CENELEC

EUROPEAN ACCREDITATION LEGAL FRAMEWORK

10007/16 MP/mj 1 DG D 2B

EUROPEAN COMMISSION Enterprise Directorate-General

A comprehensive approach on personal data protection in the European Union

EUROPEAN COMMISSION DIRECTORATE GENERAL FOR INTERPRETATION

European Commission Directorate General Enterprise and Industry INSTITUTIONAL FRAMEWORK ON

Revision of the EPB Overarching Standard EN15603 (future EN-ISO ) Annex A-B approach and expected time schedule

DATA CENTRE CODES AND STANDARDS

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

Jaap Hogeling Chair CEN TC 371 Program Committee on EPBD (Energy Performance Buildings Directive)

Belgrade Serbia November 2010 Jan Coenraads,

The role of Standardization in support of harmonization

CEN Workshop Standards Compliant Formats for Fatigue Test Data (FaTeDa) Project Plan

EUROPEAN DATA CENTRE STANDARDS

INSPIRE status report

Standardization for DRR: Opportunities or barriers?

Governmental acceptance supported by accredited certification. Presentation to the GLOBALG.A.P SUMMIT 2012

ISO/IEC TR TECHNICAL REPORT

New ETSI-CEN-CENELEC approach for rapid SG deployments. Jean-Pierre Mennella CIM User Group, Oslo 18 June, 2014

Introduction to Standards Development

Inter American Accreditation Cooperation. IAAC, IAF and ILAC Resolutions Applicable to IAAC MLA Peer Evaluations

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Chemical Regulations. Reducing Duplication and Proliferation in Standards Development

Mandate to CEN, CENELEC and ETSI for Standardisation in the field of electric motors

Work to establish standard ENTSOE STAKEHOLDER COMMITTEE 1

Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant

Directive on security of network and information systems (NIS): State of Play

ISO/IEC JTC 1 N 13145

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

Kick-off Meeting DPIA Test phase

Electronic Commerce Working Group report

The Network and Information Security Directive - ENISA's contribution

Cybersecurity. Quality. security LED-Modul. basis. Comments by the electrical industry on the EU Cybersecurity Act. manufacturer s declaration

ISO/IEC INTERNATIONAL STANDARD

ICT Legal Consulting on GDPR: the possible value of certification in data protection compliance and accountability

ETSI Introduction. Dr. Carmine Rizzo CISA, CISM, CISSP, ITIL, PRINCE2. ETSI Technical Officer ETSI Standardisation Projects

Introduction to Conformity Assessment and ISO/CASCO Tool Box

About BSI & Brexit. Presentation by: Asghar Ashrafi BSI Retired Employee : Oct 2016

The ResiStand Project

TECHNICAL WORKING PROCEDURES

UK-led international standards for BIM

Regulating Cyber: the UK s plans for the NIS Directive

ISO/IEC JTC 1 Study Group on Smart Cities

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679)

Approval Process & Decision Making

Draft Terms of Reference for ISO TC 46/SC 9 Working Group 10: ISO Project 3901, revision of the "International Standard Recording Code (ISRC)"

United4Health session Regulatory Framework Trends & Updates. Nicole Denjoy COCIR Secretary General Wed. 7 May 2014, Berlin (Germany)

Transport Security Standards

Ecma International. January 2018 Speed

ISO/IEC JTC1/SC7 /N3614

Improving recognition of ICT security standards Recommendations for the Member States for the conformance to NIS Directive

ARTICLE 29 DATA PROTECTION WORKING PARTY

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

Pierre Sebellin. Systems Technical Officer International Electrotechnical Commission

Standardization supporting innovation and growth

IOGP. Supplementary Procedure for Development and Maintenance of ISO Standards as an ISO Liaison Member. Approved

Testing and Certification Procedure

An Overview of ISO/IEC family of Information Security Management System Standards

Towards a European e-competence Framework

ISO/IEC JTC 1/SC 27 N7769

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

The ISO/TMB Smart Cities Strategic Advisory Group (S_Cities SAG)

Collective Letter 17_3382 CEL/GC/grg 20 July 2017 page 1 of 24

Impacts of the GDPR in Afnic - Registrar relations: FAQ

ENISA s Position on the NIS Directive

Coordination Meeting of Standardisation Activities for assessing the Environmental Impact of ICT

Making cloud SLAs readily usable in the EU private sector. C-SIG WG on Cloud Standards 18 January 2017 Brussels, Belgium

UDI in Europe. Mr. Salvatore Scalzo, Policy and Legal Officer, Medical Devices, DG GROW, European Commission. 19 October 2017

GUIDE 75. Strategic principles for future IEC and ISO standardization in industrial automation. First edition

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market

M403 ehealth Interoperability Overview

ISO/IEC JTC1/SC7 3810

Security and resilience in Information Society: the European approach

Architecture and Standards Development Lifecycle

Status of the ecall initiative

IoT and Privacy by Design

ISO/IEC TR TECHNICAL REPORT. Systems and software engineering Life cycle management Part 1: Guide for life cycle management

ISO/IEC INTERNATIONAL STANDARD. General requirements for the competence of testing and calibration laboratories

Transcription:

New CEN-CENELEC Technical Committees for Infosec and Data Protection Standardization (TC8) Brussels - 19 September 2017 Alessandro GUARINO Chair, CEN/CENELEC/TC 8 Privacy Management in Products and Services CEO, StudioAG

European Standardization System European Committee for Standardization European Committee for Electrotechnical Standardization European Telecommunications Standards Institute

CEN and CENELEC Standards are Market driven and business-lead Representing a consensus among all interested parties, including industry, SMEs & societal stakeholders Voluntary Developed by independent organizations following open and transparent process Highly aligned with International standards (cooperation agreements with ISO and IEC) European-focused

A Unique System 1 European Standard Identical national standards EU28+EFTA+Turkey,FYROM All conflicting standards removed Access to a market of 600 million consumers!

Participation to Technical Bodies 3 layer structure for technical work Reporting line Technical Board (BT) Reporting line Technical Committee (TC) Working Group (BT/WG) Working Group (WG) Working Group (WG)

CEN/CENELEC TCs Chairman Neutral, nominated by a National Body and ratified by members s vote Secretariat Technical support (DIN) National Delegations Experts nominated by members Partners and Liasion Organizations (European and International - Active participation in the work but without voting rights

European Standards (EN) Voluntary in application (Standardization Legislation) Established by a diverse set of stakeholders (NB-based, but open to experts from many backgrounds) Reflect Consensus Common European Reference Documents Timeframe of EN development: Circa 26.6 months from WI to Definitive text available

Other documents TS Technical specifications (no immediate consensus for EN or subject still under technical development) May act as a pre-standard No obligation to retire conflicting national standards TR Technical report Informative material (best practices, state of the art)

Standardization Request SR M/530 Accepted by CEN and CENELEC in January 2015 (originating from DG HOME) Scope: develop standardization deliverables which should set out requirements on How to address and manage privacy issues during the design and development of security technologies and service provision, allowing manufacturers and service providers to develop, implement and execute a widely recognised Privacy by Design (PbD) approach in their processes Prepare an informative document specifying the privacy management processes with an explanation on how to realise them

M/530 Standardization Request Legal Basis Art. 8 of the Charter of Fundamental Rights (Data Protection as a Fundamental Right in the EU distinct from Privacy) General Data Protection Regulation Art. 25 (1) Privacy/DP by design Art. 25 (2) Privacy/DP by Default

M/530 Standardization Request Rationale Increased demand for and use of security technologies Huge amount of personal data collected, stored, processed (inside and outside the EU) Privacy and Data Protection should be seen as an enabler of products and services in the Digital Single Market

TC 8 Privacy Management in Products and Services Tasks Translate the concept of Privacy by Design into concrete indications for manufacturers and service providers to plan, implement, control and revise a management process appropriately addressing privacy needs and requirements in each step of the design and development and production and service provision of security technologies and services. Adapt established internationally recognised quality management principles (EN ISO 9001, ISO/IEC 27001, ISO/IEC 27002) to a standard providing privacy management principles Scope - to cover privacy and personal data protection in products and services.

TC 8 - Privacy Management in Products and Services Activity First meeting 19/7/2017 in Berlin Future: Telco 3/10, Meeting in Milan 27/11/2017 WI Privacy by Design (in ballot) This EN will provide requirements for manufacturers and/or service providers to implement Data protection and Privacy by design and by default early in their development of their products and services. The standard will be applicable to all business sectors, including the security industry. [in support of Reg 2016/679 - GDPR] WI 2 Videosurveillance WI 3 Biometric face recognition

Back to M/530... Standardization Request Deadline for publication of the European standard and the other deliverables (foreseeably two TSs) January 2019

Other Plans Possible adoption of ISO/IEC 29134 Guidelines for Privacy Impact Assessment Possible Vienna Agreement with ISO COPOLCO(Committee on Consumer Policy) on Privacy by Design for consumer products COPOLCO WI: Specification of the design process to provide consumer goods and services that meet consumers domestic processing privacy needs as well as the personal privacy requirements of Data Protection. In order to protect consumer privacy the functional scope includes security in order to prevent unauthorized access to data as fundamental to consumer privacy, and consumer privacy control with respect to access to a person s data and their authorized use for specific purposes.

Www.cencenelec.eu www.studioag.eu Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback