Photo #1 (from left, click to enlarge):
Michaël Vanfleteren (EDPS), Pedro Ibáñez Solaberrieta (Banco Guipuzcoano), Mathias Strand (Microsoft), Kirsten Bock (ULD)
Photo #2 (from left, click to enlarge):
Markus Belke (2B Advice), Michaël Vanfleteren (EDPS), Mathias Strand (Microsoft), Kirsten Bock (ULD), Stephan DiNunzio (TÜViT), Antonius Sommer (TÜViT)
Kiel, November 13th, 2008
EuroPriSe today announces permanent establishment by ULD and awards the European Privacy Seal for IT products and IT-based services to the online banking service BGNetPlus, to the digital photo service DiaDirekt, and to Microsoft Corporation for its Software Protection Platform (SPP) Version 1 for Windows Vista RTM, Windows Vista SP1 and Windows Server 2008 RTM. The seal affirms compliance with the demanding EU laws and regulations on data security and privacy.
Trust in IT solutions is still a delicate issue. Who controls information? Who has access? In today's information-driven society, the issue of access to and control over information is enormously important to modern economy and society. Transparency is essential for consumer and user trust and moreover for a sustainable economic development in the information and communication technologies (ICT) sector. To raise justified trust of consumers and business, they need to know how to choose an IT product or service that protects their privacy. This is where EuroPriSe comes in.
EuroPriSe is funded by the European Commission’s eTEN programme with 1.2 million EUR and implemented by a consortium of nine organisations under the leadership of the Independent Centre for Privacy Protection Schleswig-Holstein (ULD). Under the scheme, IT products and IT-based services are audited in order to see if they can be certified as compliant with European regulations on privacy and data security. EuroPriSe uses a quality-assured procedure: an evaluation of the product or service by trusted legal and IT experts, followed by a cross-checking of the evaluation report by an independent and impartial certification body.
“We are happy to announce the permanent establishment of EuroPriSe to continue this successful project” says Dr. Thilo Weichert, Data Protection Commissioner for Germany’s northernmost state and head of ULD. “The requests for certification exceed our expectations. It shows that the EuroPriSe procedure offering private trusted evaluation and independent, impartial certification provides true added value for companies.” Kirsten Bock, EuroPriSe Project manager, explains: “18 products and services qualified for the pilot phase in January 2008. More than 20 additional evaluations from three continents are ongoing. The product range covers small, medium sized and very large products and service. The three awardees of today give a good example for diversity of applicants. The experience gained from the pilots show that the evaluation process is rigorous and must not be underestimated. The cooperation between skilled evaluators and Data Protection Authorities assure a high standard that is rare in an area where compliance cannot be measured by the scale.”
The three new seals awarded by ULD were presented by Michaël Vanfleteren, legal adviser at the secretariat of the European Data Protection Supervisor Peter Hustinx. “I am especially happy to present the European Privacy Seals to companies for their products and services that have successfully proven to be compliant with European privacy and data protection regulations.”
Peter Hustinx, European Data Protection Supervisor, supports EuroPriSe certification: “I am pleased to hear that EuroPriSe will be established permanently by ULD. It will be an important instrument to foster privacy protection in ICT and I expect fundamental contributions addressing harmonious interpretation of European Data Protection regulations. The excellent response EuroPriSe received worldwide underlines the high value of European Privacy Standards. Companies whose products and services undergo the rigorous EuroPriSe assessment demonstrate that good privacy protection can be a competitive advantage.”
The award winning product and services that were evaluated against the EuroPriSe criteria proved compliance with the demanding European Data Protection Regulations. Online banking is a service which is increasingly offered by banks and used by their customers. BGNetPlus offers transparent online procedures and clear contractual information to their customers. The online service offers users key banking services such as balance checking and money transfer. The DiaDirekt service provided by Tsevnic KB offers personal and professional users to get their 35mm negatives, APS images and 35mm slides transferred to digital media format (JPG). The digitalized pictures are burned to a CD and sent to the customer. The 35mm originals are sent back to the customer or physically destroyed. Microsoft’s Software Protection Platform is a service that provides mechanisms to consumers and institutions that protect them from the risk of counterfeit software and better enables volume license customers to manage their software assets. The overall goal of Software Protection Platform is to bring together new anti-piracy innovations, counterfeit detection practices and tamper resistance.
The public evaluation reports are available at https://www.european-privacy-seal.eu/awarded-seals/.
The EuroPriSe consortium is led by the Independent Centre for Privacy Protection Schleswig-Holstein (ICPP/ULD), Germany. The partners from eight European countries include the data protection authorities from Madrid (Agencia de Protección de Datos de la Communidad de Madrid, APDCM) and France (Commission Nationale de l’Informatique et de Libertés, CNIL), the Austrian Academy of Science, London Metropolitan University from the UK, Borking Consultancy from the Netherlands, Ernst and Young AB from Sweden, TÜV Informationstechnik GmbH from Germany, and VaF s.r.o. from Slovakia.
Further information can be found at www.european-privacy-seal.eu.
BGNetPlus online banking service is an additional service provided by the Spanish Banco Guipuzcoano. The online banking access is voluntary and complementary available for Banco Guipuzcoanos individual customers. The platform is a banking service channel that offers users everyday services such as checking their economic situation, ordering payments and transfers, controlling credit card operations or checking purchased stocks´ status.
The Target of Evaluation does not include general banking operatives resulting from users transactions performed on the platform.
The DiaDirekt service provided by Tsevnic KB offers personal and professional users to get their 35mm negatives, APS images and 35mm slides transferred to digital media format (JPG). The digitalized pictures are burned to a CD and sent to the customer. The original 35mm originals are sent back to the customer or physically destroyed.
The Target of Evaluation of this certification comprises:
Processing of customer data and images in order to carry out the DiaDirekt service
Optional sending of marketing letters to customers via an email newsletter (opt in)
Processing of customer data for the purpose of business planning
Processing of customer data for the purpose of bookkeeping
Further information can be found at www.diadirekt.se.
Microsoft Software Protection Platform is the name for the summary of the services activation, volume license management and security breach response for Windows Vista RTM, Windows Vista SP 1 and Windows Server 2008 RTM.
Microsoft’s Software Protection Platform is a service that provides mechanisms to consumers and institutions that protect them from the risk of counterfeit software and better enables volume license customers to manage their software assets. The overall goal of Software Protection Platform is to bring together new anti-piracy innovations, counterfeit detection practices and tamper resistance.
The main usage scenarios of Software Protection Platform are:
Single License Activation
Activation by Original Equipment Manufacturer (OEM)
Volume License Activation with Key Management Server (KMS)
Volume License Activation with Volume License Activation Management Tool (VAMT)
Windows Genuine Advantage (WGA)
Breach Response Tool (BRT)
The genuine test in general as well as the update mechanism was not part of the Target of Evaluation of this certification. Rather, only the data transmission between Software Protection Platform and these components was checked.
For further press inquiries, please contact Mrs. Kirsten Bock,
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)
Holstenstr. 98, 24103 Kiel
Tel: +49 (0)431 988-1200, Fax: -1223