SIST-TP CEN/CLC/TR 17919:2023

SLOVENSKI STANDARD
SIST-TP CEN/CLC/TR 17919:2023
01-maj-2023
Varstvo podatkov in zasebnosti z načrtovanjem in kot privzeto - Tehnično poročilo
o uporabnosti v industriji videonadzora - Stanje tehnike
Data protection and privacy by design and by default - Technical Report on applicability
to the videosurveillance industry - State of the art
Videoüberwachung
Protection des données et de la vie privée dès la conception et par défaut - Rapport
technique sur l'applicabilité au secteur de la vidéosurveillance - État de l'art
Ta slovenski standard je istoveten z: CEN/CLC/TR 17919:2023
ICS:
35.030 Informacijska varnost IT Security
SIST-TP CEN/CLC/TR 17919:2023 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TP CEN/CLC/TR 17919:2023

---------------------- Page: 2 ----------------------
SIST-TP CEN/CLC/TR 17919:2023


TECHNICAL REPORT CEN/CLC/TR 17919

RAPPORT TECHNIQUE

TECHNISCHER REPORT
February 2023
ICS 35.030

English version

Data protection and privacy by design and by default -
Technical Report on applicability to the video surveillance
industry - State of the art
 Datenschutz durch Technikgestaltung und durch
datenschutzfreundliche Voreinstellungen -
Technischer Bericht über die Anwendbarkeit in der
Videoüberwachungsindustrie - Stand der Technik


This Technical Report was approved by CEN on 9 January 2023. It has been drawn up by the Technical Committee CEN/CLC/JTC
13.

CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and United Kingdom.
























CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2023 CEN/CENELEC All rights of exploitation in any form and by any means
Ref. No. CEN/CLC/TR 17919:2023 E
reserved worldwide for CEN national Members and for
CENELEC Members.

---------------------- Page: 3 ----------------------
SIST-TP CEN/CLC/TR 17919:2023
CEN/CLC/TR 17919:2023 (E)
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 High level objectives . 6
5 Guidelines regarding the process to follow . 6
6 Verification of the ability to comply with the applicable privacy provisions . 7
6.1 Access . 7
6.2 Accountability . 8
6.3 Accuracy . 8
6.4 Data de-identification . 9
6.5 Data minimization . 9
6.6 Data portability . 9
6.7 Confidentiality . 9
6.8 Erasure. 10
6.9 Consent and children . 10
6.10 Information security . 10
6.11 Lawfulness . 12
6.12 Objection to processing . 12
6.13 Automated decision making . 13
6.14 Storage limitation . 13
6.15 Transparency . 13
Bibliography . 15

2

---------------------- Page: 4 ----------------------
SIST-TP CEN/CLC/TR 17919:2023
CEN/CLC/TR 17919:2023 (E)
European foreword
This document (CEN/CLC/TR 17919:2023) has been prepared by Technical Committee
CEN/CLC/JTC 013 “Cybersecurity and Data protection”, the secretariat of which is held by DIN.
This document has been prepared in complement of EN 17529: Data protection and privacy by design and
by default 2021, under mandate M530 given to CEN/CENELEC by the European Commission.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
3

---------------------- Page: 5 ----------------------
SIST-TP CEN/CLC/TR 17919:2023
CEN/CLC/TR 17919:2023 (E)
Introduction
This document explains how EN 17529, “Data Protection and Privacy by Design and by Default”, is
applicable to the video-surveillance industry, a security industry which is permanently serving the
objectives of its various customers, themselves subject to a balance between privacy and security
expectations, eventually changing with the political, local and conjunctural situations.
EN 17529 defines the process through which the developers and/or manufacturers of all types of
products and services make sure that the end-users thereof will be encouraged and be able to use them
in compliance with the applicable privacy rules, directly or after an appropriate set-up. Concretely,
implementing this standard will allow this industry sector to provide its customers (and especially their
data controllers) with solutions designed with the necessary options and flexibility to comply with their
privacy protection obligations over the lifetime of the delivered solutions.
It should be noted that in parallel to this report, the European Data Protection Board (EDPB) has
published its Guidelines 3/2019 on processing of personal data through video devices, version 2.0, which
provide an official interpretation of the use of the Regulation (EU) 2016/679 of the European Parliament
and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of
personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data
Protection Regulation, GDPR) applied to video-surveillance systems.
4

---------------------- Page: 6 ----------------------
SIST-TP CEN/CLC/TR 17919:2023
CEN/CLC/TR 17919:2023 (E)
1 Scope
This document illustrates, through a review of the state of the art, the applicability of the EN 17529 to the
domain of the video-surveillance industries, a security industrial domain which is serving the objectives
of its various customers, themselves subject to a delicate balance between privacy and security objectives
eventually changing with the political, local and conjunctural situations.
Implementing this standard will allow this industry to provide its customers with solutions designed with
the necessary options and flexibility to contribute to their privacy protection obligations over the lifetime
of the delivered solution.
The present document considers at this stage the core video-surveillance solutions consisting in up to:
• A number of cameras (fixed or PTZ);
• A Video Management System (VMS) including its storage capability;
• A display and replay capability:
Basic video analytics allowing automatic detection in the video of each camera of simple geometric
situations (movement detection, line crossing, etc.), but excluding embedded tools allowing
automated distinguishing, direct identification or tracking of individuals;
• IP interfacing with external (not included) terminals.
This basic set-up may be expanded in future versions.
The “off-the-shelf” system and sub-system manufacturers are the core targets of this document;
companies doing systems installation may be indirectly addressed, but service providers eventually
running the systems are not covered.
2 Normative references
The following documents are referred to in the text in such a way that some, or all, of their content
constitutes references for this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
EN 17529:2022, Data protection and privacy by design and by default
3 Terms and definitions
For the purposes of this document, the terms and definitions given in EN 17529 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
• IEC Electropedia: available at https://www.electropedia.org/
• ISO Online browsing platform: available at https://www.iso.org/obp
3.1
pan-tilt and zoom
PTZ
capacity of a camera to be controlled remotely regarding direction and zoom
5

---------------------- Page: 7 ----------------------
SIST-TP CEN/CLC/TR 17919:2023
CEN/CLC/TR 17919:2023 (E)
4 High level objectives
Referring on the main body of EN 17529 and based on the state of the art, the present TR details how it
is possible for a manufacturer of a video-surveillance system to take into consideration as part of the
quality process followed by its product line, the provisions of EN 17529 making sure that its different
potential end-users can easily and are encouraged to comply with their data protection and privacy
obligations.
To do so, the different prescriptions of EN 17529:2022, Clause 6, will be translated into features and set-
up of a video-surveillance system, while as per the core principle of EN 17529, the manufacturer can have
a formal process through which all such prescriptions are considered (in existence, performance, set-up,
etc.) with regard to the privacy requirements, for each system delivered.
It must be noted:
• That, nevertheless, the product will be delivered, maintained and disposed in compliance with the
written configuration request established by the customer, who remains the sole accountable entity,
even if this may not correspond to an optimum privacy set-up or configuration among the options
proposed by the vendor; this is especially true as video-surveillance systems are often used in
governmental security missions covered by dedicated regulations,
• That this document applies to digital, analogue and hybrid systems (containing both digital and
analogue technologies). It might not be possible to fully decompose these systems into the functional
perspectives envisaged in the example presentation given in EN 17529. System integrators and
manufacturers may need to map their system architectures directly to the data protection and
privacy requirements, using a more natural decomposition into parts as appropriate for their system,
• That in many countries, video-surveillance has been subject to local privacy regulations for many
years and that accordingly at least some of the prescriptions discussed hereafter are covered by
legacy implementations,
• And finally that in parallel to the preparation of this TR, the European Data Protection Board (EDPB)
has published the Guidelines 3/2019 on processing of personal data through video devices, Version 2.0,
which provide an official interpretation of the use of the GDPR applied to video-surveillance systems,
which, as such, prevails on interpretations which may result of provisions of the standard and of this
TR.
5 Guidelines regarding the process to follow
The main body of EN 17529 details, in its Clause 5, process to follow in a comprehensive detailed and
generic manner.
As clearly demonstrated in the EDPB Guidelines, the video-surveillance domain requires a detailed
functional analysis for each individual use case to be able to identify the set of the GDPR (and of Clause 6
below) provisions applicable.
It is worth remembering as well that, although not all the video-surveillance systems are digital, privacy
regulations might remain applicable.
As stated in 5.1.2 of EN 17529 to ensure a proper match between the variety of use cases implied by the
targeted market and their implication in the activation of the GDPR provisions, the organization is
encouraged to select, train and fully inform staff in charge of the process below on
• Applicable legislation, e.g. the GDPR and its functional logic, and
• A comprehensive view of all the usage conditions relative to the different segments covered by the
marketing plans.
6

---------------------- Page: 8 ----------------------
SIST-TP CEN/CLC/TR 17919:2023
CEN/CLC/TR 17919:2023 (E)
This comprehensive functional view applies to the full process described in Clause 5, keeping in mind
that the privacy analysis relative to the specific procurement of a product or a system is outside the scope
of this standard.
To do so, like for quality, the manufacturer can establish a documented process for the design and the
production of the video-surveillance systems (including the cameras, the camera software and the VMS),
with, typically, as an output the following documents:
— A general description of the system,
— Risk assessment report covering the different anticipated use cases,
— Technical requirements, including the security and privacy ones,
— The architecture of the system,
— A description of the manufacturing controls,
— User manual,
— Test reports, including the security test reports (IT vulnerability assessment).
It must be noted that accordingly, and unless the organization develops extremely specific video-
surveillance systems, representing the solutions in terms of the perspective-based decomposition
required by the standard, self-declaration, as well as PIA, are almost impossible to achieve during the
development phase covered by the standard.
Considering the nature of a video-surveillance system, as described in Clause 1, the efforts of the
organization can concentrate on the basic requirements on the design listed in Clause 6 hereafter and it
is the proper response to these basic requirements, that the compliance to the standard is due to ensure.
1
6 Verification of the ability to comply with the applicable privacy provisions
6.1 Access
6.1.1 Access to data
6.1.1.1 Control objective:
A video-surveillance system being by essence designed to monitor a field of view without any
discrimination, its designer can only provide indirect tools to the controllers, for helping them in
providing capabilities for the data subject to access his/her data, as applicable.
6.1.1.2 Implementation in support to access to data by the data subjects
To support the data controllers of their future customers, which will implement its systems, by informing
the potential data subjects of the existence of the system and of their rights, a good practice is that the
manufacturers provide on their website models of posters to be insta
...