Key Benefits:
402. Regulation of the Federal Minister for Transport, Innovation and Technology on Data Security (TKG-DSVO data security regulation)
Pursuant to § § 94 (4) and (102c) of the Federal Act, which enacted a telecommunications law (Telecommunications Act 2003-TKG 2003), BGBl. I n ° 70/2003, as last amended by the Federal Law BGBl. I n ° 102/2011 shall, in agreement with the Federal Minister for the Interior and the Federal Minister for Justice, in accordance with § § 1 to 4 and 8 to 25 be:
Section 1
General
Subject matter and scope
§ 1. (1) This Regulation shall apply to the more detailed provisions
| 1. |
the format, the data fields and the syntax of the CSV file when transmitting information on traffic data (Section 99 (5) of the TKG 2003) and data (§ 102b TKG2003), |
|||||||||
| 2. |
for data security and for logging in the transmission of the information referred to in Z 1, and |
|||||||||
| 3. |
on data security for storage and access logging of data supply data |
|||||||||
| . |
||||||||||
(2) The scope of this Regulation shall cover the use of traffic data, access data and location data, as well as master data, to the extent that these data are processed in conjunction with the data categories just mentioned.
Definitions
§ 2. (1) traffic data, access data and location data as well as-as far as they are processed in connection with the previously mentioned data categories-master data are referred to as
| 1. |
"operating data", insofar as these are necessary for the provider for the purposes recorded in section 99 (2) and (3) of the TKG 2003; |
|||||||||
| 2. |
"Data for data", insofar as these are stored in stock by the provider solely on the basis of the obligation pursuant to § 102a TKG 2003 for the purposes specified in § 102b TKG 2003 (Section 92 (3) Z 6b TKG 2003). |
|||||||||
(2) This Regulation shall designate the term
| 1. |
"provider" means operators of public communications services, |
|||||||||
| 2. |
"stock database" means a database for the storage of data. |
|||||||||
Exceptions
§ 3. The provisions of the 3. Section not to be applied
| 1. |
in the cases of § 98 TKG 2003, |
|||||||||
| 2. |
in the event of danger in default in the cases of § 99 (5) Z 3 and 4 TKG 2003, |
|||||||||
| 3. |
in the determination of the current location according to § § 134 et seq. of the Code of Criminal Procedure 1975 (StPO), BGBl. N ° 631 in the version BGBl. I No 67/2011, and |
|||||||||
| 4. |
in the transmission of accompanying call data in the context of a monitoring of messages. |
|||||||||
Data Security Scale
§ 4. (1) The security scale in the use of data within the meaning of § 2 para. 1 shall be in accordance with the requirements of § 95 TKG 2003.
(2) In the case of the use of data in the form of data in accordance with Section 102 (1) TKG 2003 of paragraph 1 above paragraph 1, the special provisions expressly regulated in the second section of this Regulation shall apply to an increased security scale.
Section 2
Data security at the provider within the company
Appropriate technical and organisational measures for the safety of data supply
§ 5. (1) Data supply data must be stored by the provider in such a way that their logical distinction between operational data is unique for each access and use.
(2) A physically separate data storage of operating data and data supply data is not necessary. The provider shall, by means of appropriate technical and organisational measures, ensure that the data supply database is designed in such a way that access to data is only subject to compliance with the specific security requirements in accordance with § 7 are possible.
(3) If there is no longer any operational justification for the storage as operating data, these data shall be deleted immediately from the operational databases and transferred to the stock database. If the storage in the stock database has already been carried out previously in accordance with § 6, the identification of the simultaneous operational storage must be removed simultaneously or immediately after the deletion from the operational databases.
(4) The provider has to document the method for technical and organizational separation in a comprehensible manner and has this documentation for the case of an examination by the Data Protection Commission pursuant to § 102c Para. 1 TKG 2003 on request of the Data Protection Commission shall be made available.
(5) The provider shall have the actual storage period of operating data as well as any internal guidelines relating thereto for the case of an audit by the Data Protection Commission pursuant to Section 102c (1) TKG 2003 or at the request of the Data Protection Commission. shall be informed.
Differentiation of operating data and data supply data
§ 6. (1) An arrangement of the Public Prosecutor's Office pursuant to Section 135 (2a) of the StPO for information on the data on the data in question shall, in all cases, also allow the provider to process and transmit operating data for the purpose of fulfilling his/her obligation to provide information.
(2) If a data supply contains data, the provider shall transmit this information as additional information.
(3) In order to simplify the operative operation with regard to data information pursuant to § 99 (5) TKG 2003 or § 102b TKG 2003, the provider may also store the data referred to in § 2 paragraph 1 in the data storage database even if this data is at the same time as operating data. In this case, it should be indicated in the stock database for each data category that these data are also present in the database of the provider which is necessary in operation.
(4) If an information contains data stored in accordance with paragraph 3 at the same time as operating data, the provider shall transmit this circumstance as additional information.
Audit-proof logging and four-eye principle in the case of access to stock data
§ 7. (1) The provider has to design its systems at the technical and organizational level in such a way that access to data is only possible by specially authorised employees in accordance with the four-eye principle. Any access to the data must be authorized by two persons with a special authorization to do so. The authorization by the second person can also take place in a timely manner for access by the first person, if the effective maintenance of the four-eye principle is ensured.
(2) Access to data or operating data in the event of an order by the Public Prosecutor's Office pursuant to Section 135 (2a) of the StPO must be recorded at the provider in such a way that the protocol data is protected from alteration and falsification and the data Completeness, regularity, security against loss, compliance with the retention periods as well as the documentation, readability and verifiability of the procedure are preserved.
(3) Logging includes:
| 1. |
the reference to the public prosecutor's or court order referred to by the provider with the request for information, in accordance with the provisions of the StPO, which is based on the transmission of the data, |
|||||||||
| 2. |
in the cases referred to in Article 99 (5) (3) and (4) of the TKG 2003, the number of files of the safety authority notified to the provider by means of the request for information, |
|||||||||
| 3. |
the date of the request (delivery to the provider's mailbox in accordance with Section 17 (1)) as well as the date and exact date of the information being given (notification of the reply to the post office of the authority in the transit point according to § § 17 (1)). 17 (3), whereby these data are to be transmitted from the transit point as additional information to the provider, |
|||||||||
| 4. |
the number of data records transmitted after the date of commencement of the communication process and the categories referred to in § 102a (2) to (4) TKG 2003 (classification of categories according to the Appendix, Chapter 1.1.2), |
|||||||||
| 5. |
the period of storage of the data transmitted from the date on which the data were stored as operating data (§ 2 (1) (1) (1)) and in the form of data in accordance with § 2 (1) (2) (2) (2)) at the time of the order of information (date of the public prosecutor's office) Arrangement according to § 138 para. 3 StPO or date of the request pursuant to § 53 (3a) and (3b) of the Security Police Act-SPG, BGBl. No 566/1991, as amended by the BGBl version. I No 33/2011), |
|||||||||
| 6. |
the name and address of the subscriber concerned by the information on the data on the supply data, provided that the provider has such data; |
|||||||||
| 7. |
a unique identifier that allows the assignment of the persons who have accessed the data in the provider's enterprise, and |
|||||||||
| 8. |
in the case of information on the provision of data (Section 135 (2a) of the StPO), the offence which is based on the order, otherwise the indication that only operating data are used. |
|||||||||
Section 3
Data security in the transmission of operational traffic and location data and data for information purposes to law enforcement and security authorities
General
§ 8. (1) The data shall be transmitted via a central transit point, which the Federal Minister of Transport, Innovation and Technology has to set up at Bundesrechenzentrum GmbH.
(2) The technical specification of the transit point must be provided with an encrypted transmission path (transport encryption).
(3) In addition, encryption of the contents of both the request and the reply from sender to recipient should be provided by asymmetric encryption methods (content encryption). Asymmetrical encryption methods can be implemented as hybrid methods.
(4) The participants in the data exchange are identified and authenticated via the transit point via an advanced electronic signature.
Run-through Point-Basic Structure
§ 9. (1) The transit point is an electronic mailbox system for the safe handling of inquiries and information within the meaning of § 94 (4) TKG 2003. In this case, all the parties involved are connected to the transit point via an encrypted transmission channel.
(2) The passage point shall be set up in such a way that for the Bundesrechenzentrum GmbH as service provider the transit point in the sense of § 4 Z 5 of the Data Protection Act 2000 (DSG 2000), BGBl. I n ° 165/1999, as amended by the BGBl version. I n ° 133/2009, access to the personal content of requests for data information, as it is not possible to reply to.
(3) Information about the data and information about operating data is handled via the transit point. Exceptions are permitted only in the extent permitted by § 3. All information cases are recorded statistically by way of the through-through point.
(4) In the specification of the transit point, it should be provided that the integrity of the data as well as the identity of the transmitter can be verified by the recipient (signature).
Establishment and operation of the transit point-adjudicating entity and implementation
§ 10. (1) The Federal Minister of Transport, Innovation and Technology is responsible for the establishment and operation of the transit point, as well as the management of certificates and data security.
(2) The institution, the certificate administration and the operation of the transit point shall be carried out by Bundesrechenzentrum GmbH. The Bundesrechenzentrum GmbH is a functional service provider within the meaning of § 4 Z 5 DSG 2000 for the client, for whose application data are transferred to the transit point or taken over by the transit point.
(3) The Federal Minister of Transport, Innovation and Technology may use a service provider to audit the actual implementation of the technical specification by the Bundesrechenzentrum GmbH.
Audition of the transit points functions
§ 11. The Federal Minister of Transport, Innovation and Technology shall ensure that:
| 1. |
the actual implementation of the transit point by the Bundesrechenzentrum GmbH corresponds to the specifications for the through-passage, |
|||||||||
| 2. |
those services provided by the transit point for execution in the client software of the respective users, verifiable for a client administrator (signature) and the interface definition to the transit point is equivalent to |
|||||||||
| 3. |
Only an audited interface compliant software of the transit point allows a correct data transmission, |
|||||||||
| 4. |
only authenticated users can unambiguously deposit their public keys in the transit point to their respective institution, and |
|||||||||
| 5. |
any change in the transit point of a re-audit for the purpose of ensuring the verifiability of the authenticity of the software by the end users is subject to change. |
|||||||||
Overview of the functions of the transit point
§ 12. (1) The transit point provides electronic mailboxes for the processing of information within the meaning of Section 94 (4) TKG 2003, which are to be used by using a web service or a web application.
(2) All services authorised for the processing of requests for information on the part of the authorized authorities as well as all the providers according to § 102a TKG 2003 shall each be subject to a subscriber identification and an associated mailbox from the Pass-through location assigned. Each user has access only to the mailbox of that subscriber (service provider or provider) to which the user belongs.
(3) The authentication of the users is carried out by the transit point in accordance with the requirements of § 13.
(4) The encryption of the transmission path shall be ensured via the passage point using a suitable technology according to the state of the art.
(5) In order to encrypt the requests and the information, the transit point administers the public keys of all authorised departments and of all providers which are subject to storage in accordance with § 102a TKG 2003. Only authenticated users can deposit the public key of their organization at the run-through location. Each user retrieves the public key of the recipient before sending his message to encrypt the content at the transit point.
(6) All information cases must be recorded in the transit point in a revision-proof way. The scope of this logging is regulated in § 22.
Authentication-Integration using the Portal composite and Unique-ID
§ 13. (1) The transit point shall give each request a unique, unique transaction number for checking the authenticity of the request and for tracking each request, as well as its reply (Unique-ID). The transaction number must be able to close both the underlying concrete request of the Authority and the operators requested.
(2) The authentication of the users of the authorized authorities takes place through the respective root portal of the user (portal network).
(3) For the authentication of the users on the part of the providers, a regular portal is to be provided in the specification of the transit point, which is the security class 3, version 2.1.0 of 8 February 2008, available at: "http://reference.e-government.gv.at/uploads/media/SecClass_2-1-0_2007-12-14.pdf", the portal compound agreement, version 1.0 of 21 November 2002, available at "http://reference.e-government.gv.at/uploads/media/pvv1.0-21112002.pdf".
Access authorities
§ 14. (1) The Federal Minister of the Interior and the Federal Minister of Justice give the Bundesrechenzentrum GmbH a limited number of services for the specification of the transit point, which as participants in the transit point for the handling of Requests for information are justified.
(2) The Federal Minister of the Interior and the Federal Minister of Justice of the Bundesrechenzentrum GmbH shall make amendments to the services announced in accordance with paragraph 1 above for the purpose of making the relevant changes in the The passage point is to be disclosed.
(3) For the Data Protection Commission, the Federal Minister for Justice and for the legal protection officers of the Federal Minister of Justice and the Federal Minister of the Interior, provision should be made for access in the specification to the transit point, which shall: in accordance with the respective tasks of these bodies, access to the protocol data pursuant to § 22 (4) or to the statistics pursuant to § 23 (3) is made possible.
Connection of the providers
§ 15. (1) The connection to the transit point is mandatory for all providers who are obliged to store data in accordance with Section 102a (6) of the TKG 2003. The collection of all storage-based providers for the first-time establishment of the provider's master portal pursuant to § 13 para. 3 takes place by broadcasting and telecom regulatory GmbH, which of the Bundesrechenzentrum GmbH a list of all registered providers for import and release.
(2) In the event of a new storage-based provider or an existing one, broadcasting and Telekom Regulierungs-GmbH shall have all the necessary information about this provider of the Bundesrechenzentrum GmbH for the release or deactivation of the Connection to the passage point to be announced.
Security level of the connection
§ 16. (1) The connection of the authorities to the transit point must comply with the requirements of the security class 3 in the portal collective agreement.
(2) The connection of the providers to the transit point is subject to the requirements of security level 3, version 1.3 of 24 July 2003, available at " http://www.digitales.oesterreich.gv.at/DocView.axd? CobId = 21832 " from the definition of security levels in the communication citizen-authority in the area of eGovernment.
Mailboxes and Delivery
§ 17. (1) A request for information from an authorized user on the side of the authority shall be sent to the mailbox of the provider selected via the transit point. The passage point allows the selection of several providers. The specification of the transit point has to provide a system of notification via the receipt of a request for information in the provider's mailbox. The request for information is collected manually by access to the provider's mailbox after appropriate authentication of the user. A pick-up of the request for information by web service can be provided in the specification to the through-point.
(2) In the specification of the transit point, it is necessary to ensure that an answer can already be carried out before the transmission of the request via the transit point. To this end, a unique ID is assigned to the provider fully automatically through the run-through point.
(3) The provider shall respond to a request for information by transmitting an encrypted CSV file according to the interface specification in the annex to this Regulation. The transit point automatically ensures that the response is delivered to the correct mailbox of the requesting service. However, in the cases referred to in paragraph 2, the addressed service must be determined by means of individual selection via the transit point.
(4) The transit point, after receipt of the reply to the inbox of the requesting service, sends a notification of the filing of the reply to the service.
(5) The removal of the information is effected manually by access to the post box of the service station after corresponding authentication of the user. A pick-up of the information by web service can be provided in the specification to the transit point.
Response Encryption/Signature
§ 18. (1) The trustworthy body for the deposit of the certificates is the Federal Ministry of Transport, Innovation and Technology, which technically perceivates this function via the transit point. In the transit point, each subscriber can only deposit associated unique keys to his institution.
(2) The authenticity of the software, which is made available by the transit point for encryption by the client, must be clearly verifiable for a client administrator. The encryption and signature is done on the client side, only the public key is picked up at the transit point.
(3) In the specification of the transit point, a clear definition of the file names for the transmission of the response as well as the signature for the encryption of the files must be made. It is an advanced electronic signature within the meaning of § 2 Z 3 of the Signature Act, BGBl. I n ° 190/1999, as amended by the BGBl version. I No 75/2010.
(4) If the response consists of more than one CSV file, it is optionally possible to aggregate all files into a single query into a single file. The entire file can be optionally compressed. The compressed or uncompressed overall file is to be encrypted for transmission, but not the individual files.
Input Fields
§ 19. (1) In the case of each request, the point of passage shall be selected as to whether it is a request for information pursuant to § 53 (3a) of the SPG, § 53 (3b) SPG, § 76a StPO, § 135 (2) of the StPO or § 135 (2a) StPO or a master data information according to § 21. In the transit point, a field is to be provided for the entry of the punishable offence for the logging according to § 7 (3) Z 8 of an arrangement. An arbitrary input mask on the authority side can be freely designed in accordance with the interface specification in the system.
(2) This also applies analogously to an arbitrary input mask on the provider side. In particular, there is no obligation to automatically fill the CSV file.
Additional information
§ 20. The transit point shall support the transmission of additional information. If necessary, additional information can be entered via a web interface to the corresponding query. This additional information could also describe reasons for a Leer message. Whether and to what extent a web interface is to be made available on pages of the transit point is to be regulated in the specification to the transit point. In any case, the transit point shall not have access to the personal contents of the information.
Optional master data information on the transit point
§ 21. Providers and authorized authority may in each case opt in agreement to handle master data information on the transit point. The technical details of such information shall be laid down in the specification of the transit point.
Logging through the transit point
§ 22. (1) The logging of the transit point does not contain any personal data. The unique ID of each request makes the relationship between each request and its answer without reference to the person.
(2) In the case of the transmission of the reply to a request for information, the provider shall transmit the protocol information to the transit point for the purposes referred to in paragraph 4 above, in accordance with § 7 (3) Z 5 and 8.
(3) The protocol data are transmitted in a log file unencrypted via the secure transport connection to the transit point. The format of the file and the file name are to be set in the pass-through specification.
(4) The protocol data are accessible exclusively for the defined protocol data recipients and are archived within the transit point in a separate database. For the Data Protection Commission as well as for the legal protection officers of the Federal Minister of Justice and the Federal Minister of the Interior, the specification of the transit point provides separate permissions for access to the protocol data. .
Statistics from historical data
§ 23. (1) The statistics on the fulfilment of the obligation under Article 10 of Directive 2006 /24/EC on the retention of data relating to the provision of publicly available electronic communications services or public communications networks , and amending Directive 20023 /58/EC, OJ L 327, 22.7.2003, p. No. L 105 of 13 April 2006, S 54, is to be automatically processed in the transit point. The exact definition of the statistics to be compiled must be made in the specification of the transit point.
(2) For the compilation of the statistics the protocol information according to § 7 para. 3 Z 3 to 5 and Z 8 are required. The information in accordance with § 7 (3) (5) and (8) shall be communicated to the provider together with the answer to the request for information to the transit point.
(3) Access to the statistics of the transit point shall be obtained in accordance with Section 102c (4) of the TKG 2003 of the Federal Minister of Justice, the Data Protection Council, and the Data Protection Commission. In addition, an electronic access for the legal protection officers of the Federal Minister of Justice and the Federal Minister of the Interior must be provided in the specification of the transit point.
Cost-bearing of the transit point
§ 24. The investment costs for the transit point are investment costs in accordance with § 94 (1) TKG 2003.
Section 4
Definition syntax and semantics of the CSV file for information
EP020 Interface Definition
§ 25. The interface definition is the result of the asset.
Bures
