Policies - General conditions and legal framework

Deliverable No.: D3

Policies - General conditions and legal framework

April 2007

Final 1.0

Project funded by the European Community under the Sixth Framework Programme for Research and Technological Development.

Deliverable D 3 Policies – General conditions and legal framework

© eMOTION Consortium Page 2 of 145

Project ref. no.: TREN/06/FP6TR/S07.57248/019939 EMOTION

Project title: eMOTION – Europe-wide multi-Modal On-trip Traffic Information

Deliverable title: Policies issues - General conditions and legal framework

Deliverable number: D3

Deliverable status: Public

Number of pages: 146

Author(s): Annalisa Nordio

Giorgio Afferni

Reinhard Erstling

Andreas Kochs

Marco Boero

Michele Masnata

Alexio Picco

Sebastiano Durante

Status Version Date Change Note ID

First Draft 1.0 20.11.2006 First Internal Release

Second Draft

2.1 19.01.2007 Second Internal Release

Third Draft

3.0 15.02.2007 Third Internal Release

Fourth Draft

3.1 22.02.2007 Fourth Internal Release

Fifth Draft 3.2 27.02.2007 Fifth Internal Release

Sixth Draft 3.3 12.03.2007 Sixth Internal Release

Final Draft 1.0 26.03.2007 Distributed to PCC members

Final 1.0 25.07.2007 Distributed to PCC members



THE INFORMATION IN THIS DOCUMENT IS PROVIDED AS IS AND NO GUARANTEE OR WARRANTY IS GIVEN THAT

THE INFORMATION IS FIT FOR ANY PURPOSE. THE USER THEREOF USES THE INFORMATION AT ITS SOLE RISK

AND LIABILITY. FURTHERMORE, DATA, CONCLUSIONS OR RECOMMENDATIONS IN THIS DOCUMENT ARE PROVIDED

ON THE BASIS THAT SUCH INFORMATION IS SUBSEQUENTLY, AND PRIOR TO USE, VERIFIED BY THE

PARTY WISHING TO USE THAT INFORMATION.



List of Abbreviations

ACCs Area Control Centres

AIS Aeronautical Information System

Alert-C Advice and Problem Location for European Road Traffic, version C

AMPS Advanced Mobile Phone System

ANSP Air Navigation Service Provider

AOs Airport, Aircraft Operators

ATC Air Traffic Control

ATCU Air Traffic Control Unit

ATFCM Air Traffic Flow and Capacity Management

ATS Air Traffic Services

CFMU Central Flow Management Unit

CIBER Cellular Intercarrier Billing Exchange Roamer

CSS Content Scrambling System

D Deliverable

DoS Denial of Service

DRM Digital Rights Management

EC European Commission

EU European Union

FMPs Flow Management Positions

FPL Flight Plan

GPS Global Positioning System

GSM Global System for Mobile Communications

ID Identifier

IOT Inter Operator Tariff

IP Internet Protocol

IPR Intellectual Property Rights

ITS Intelligent Transport Systems

LoS Level of Service

MERITS Multiple European Railways Integrated Timetable Storage

MMS Multimedia Messaging Service



MSC Mobile Switching Centre

ODRL Open Digital Rights Language

OGC Open Geospatial Consortium

OTAP Open Travel Data Access Protocol

PAMS Published AIP Management System

PCC Project Coordination Committee

PDA Personal digital assistants

PM Project Manager

PMO Project Management Office

POI Point of Interest

PPP Public Private Partnership

PriFIS Price and Fare Information System

PT Public Transport

R&D Research and Development

RDS Radio Data System

RM-ODP Reference Model of Open Distributed Processing

RTD Research and Technology Development

RWIS Road Weather Information Service

SAML Security Assertion Markup Language

SDO Static Data Operations

SMS Short Message Service

SOA Service Oriented Architecture

TAP Transferred Account Procedure

TMC Traffic Message Channel

TTI Traffic and Traveller Information

TERN Trans European Road Network

URL Uniform Resource Locator

VAS Value-Added-Services

VASP’s Value Added Services Providers

WAP Wireless Application Protocol

WCS Web Coverage Service

WFS Web Feature Service



WMS Web Map Service

WNS Web Notification Service

WP Work Package

WPL Work Package Leader

WSS Web Services Security

XACML Extensible Access Control Markup Language

XFCD Extended Floating Car Data

XML Extensible Markup Language

XKMS XML Key Management Specification



Table of Content

1. WP2 INTRODUCTION....................................................................................................12

1.1 THE OBJECTIVES OF WP2 ..........................................................................................12

1.2 THE GENERAL POLICY OF EMOTION ..........................................................................13 2. DEFINITIONS .................................................................................................................18

2.1 CONSUMER ...............................................................................................................18

2.2 DATA BASES ..............................................................................................................18

2.3 DATA SECURITY.........................................................................................................18

2.4 DIGITAL RIGHTS MANAGEMENT (DRM).......................................................................18

2.5 DISTANCE CONTRACT ................................................................................................18

2.6 INTELLECTUAL PROPERTY RIGHTS (IPR) .....................................................................19

2.7 LICENCE AGREEMENT ................................................................................................19

2.8 MOBILITY TRAFFIC DATA.............................................................................................19

2.9 PRIVACY....................................................................................................................19 2.9.1 Personal data ................................................................................................................ 19 2.9.2 Processing of personal data.......................................................................................... 19 2.9.3 Electronic traffic data ..................................................................................................... 20 2.9.4 Location data ................................................................................................................. 20

3. REQUIREMENTS AND GENERAL CONDITIONS ........................................................21

3.1 MINIMUM CHARACTERISTICS FOR EMOTION USE CASES.............................................21 3.1.1 Dynamic traffic information ............................................................................................ 23 3.1.2 Dynamic parking information......................................................................................... 24 3.1.3 POI information.............................................................................................................. 25 3.1.4 Dynamic information about event traffic (temporary traffic situation)............................ 27 3.1.5 Dynamic public transport information ............................................................................ 28 3.1.6 Dynamic weather information........................................................................................ 28 3.1.7 Dynamic routing/navigation ........................................................................................... 30 3.1.8 Dynamic public transport journey planning ................................................................... 32 3.1.9 Dynamic multi-modal journey planning ......................................................................... 34 3.1.10 Dynamic freight traffic information................................................................................. 37

3.2 ORGANISATIONAL INFRASTRUCTURE SPECIFICATION ...................................................40 3.2.1 Definition of Enterprise Objects..................................................................................... 41 3.2.2 Objects and objects relationships representation ......................................................... 42 3.2.3 Organisational Infrastructure for Content Providers...................................................... 44



3.2.4 Organisational Infrastructure for Service Operator ....................................................... 47 3.2.5 Organisational Infrastructure for Service Provider ........................................................ 50 3.2.6 Organisational Infrastructure for Network Operators .................................................... 53 3.2.7 End-users ...................................................................................................................... 55

3.3 DATA SECURITY.........................................................................................................55 3.3.1 Introduction.................................................................................................................... 55 3.3.2 The European standard of security set forth by Directive 2002/58 ............................... 57 3.3.3 Specification to eMOTION............................................................................................. 58

4. LEGAL FRAMEWORK...................................................................................................62

4.1 INTELLECTUAL PROPERTY RIGHTS (IPRS) ...................................................................62 4.1.1 The role of IPRs within eMOTION................................................................................. 62 4.1.2 Copyright and ‘sui generis’ right .................................................................................... 63 4.1.3 Directive 96/9/EC on the protection of databases......................................................... 63 4.1.4 The risk of infringing IPR ............................................................................................... 65 4.1.5 The exercise of IPR ....................................................................................................... 65

4.2 PRIVACY PROTECTION ...............................................................................................67 4.2.1 The role of Privacy protection within eMOTION............................................................ 67 4.2.2 Obligations under Directive 95/46/EC on the processing of personal data .................. 72 4.2.3 Obligations under Directive 2002/58/EC on privacy and electronic communications... 77 4.2.4 Obligations under Directive 2006/24/EC on the retention of data................................. 78

4.3 SPECIAL PROVISIONS PROTECTING END USERS AS CONSUMERS ..................................81 4.3.1 Directive 97/7/EC on distance contracts ....................................................................... 81 4.3.2 Directive 93/13/EC on unfair terms ............................................................................... 82

4.4 THE INTERNATIONAL DIMENSION OF EMOTION...........................................................84 5. CONTRACTUAL FRAMEWORK....................................................................................86

5.1 INTRODUCTION ..........................................................................................................86

5.2 CONCEPTUAL MODEL OF RIGHTS AND LICENCES..........................................................86 5.2.1 Geo-enabled DRM Principles........................................................................................ 86 5.2.2 Principals and Roles...................................................................................................... 90 5.2.3 Licence and Rights Model ............................................................................................. 94

RIGHT ..................................................................................................................................96

5.3 LICENCE AGREEMENTS AND GRANT OF LICENSE .......................................................101

5.4 LIABILITY AND WARRANTIES......................................................................................102 6. THE PUBLIC DIMENSION OF EMOTION....................................................................104

6.1 THE ROLE OF PUBLIC ACTORS WITHIN EMOTION......................................................104

6.2 GENERAL CONDITIONS AFFECTING THE PUBLIC SECTOR ............................................104



6.3 SHOULD THE SERVICE BE COMMISSIONED BY A PUBLIC AUTHORITY ............................105

6.4 SHOULD THE SERVICE BE DELIVERED BY THE PRIVATE SECTOR, THE PUBLIC SECTOR, OR

A COMBINATION ..................................................................................................................106

6.5 LEGAL RULES GENERALLY APPLICABLE TO PUBLIC ENTITIES WITHIN EMOTION ..........107

6.6 DIRECTIVE 2003/98/EC ON THE RE-USE OF PUBLIC SECTOR INFORMATION ................107 6.6.1 Introduction.................................................................................................................. 107 6.6.2 Requirements applicable to the processing of requests for re-use............................. 108 6.6.3 Principles governing charging ..................................................................................... 108 6.6.4 Transparency............................................................................................................... 109 6.6.5 Licences....................................................................................................................... 109 6.6.6 Non-discrimination....................................................................................................... 109 6.6.7 Prohibition of exclusive arrangements ........................................................................ 110

6.7 BEST PRACTICES .....................................................................................................110 6.7.1 Best practice example: Logistics ................................................................................. 110 6.7.2 Best practise example: Traffic information service national wide broadcast .............. 114 6.7.3 Best practise example: Timetable exchange between railway operators and Public transport associations ................................................................................................................. 120 6.7.4 Best practise example: Timetable exchange between international railway operators (UIC) 121 6.7.5 Best practise example: Mobile phone provider ........................................................... 122 6.7.6 Best practice example: Roaming................................................................................. 123 6.7.7 Best practice example: Data Exchange AVIATION Industry....................................... 125 6.7.8 Best practise example: “Bavarian Traffic Information Agency” (VIB).......................... 131

7. CONCLUSIONS AND RECOMMENDATIONS ............................................................134 8. RESUME.......................................................................................................................137 9. LEGAL INSTRUMENTS ...............................................................................................144 10. LITERATURE ...............................................................................................................145



List of Tables

Table 1: Directive 2002/58/EC – Article 4 ..............................................................................57

Table 2: Privacy issues sorted by use cases for information requests, with respect to information provided by content providers .............................................................................68

Table 3: Privacy issues sorted by use cases for information requests, with respect to information provided by the end users ...................................................................................70

Table 4: Description of the Roles - OGC GeoDRM RM .........................................................92

Table 5: Description of the Right in the Licensee...................................................................97

Table 6: Description of Conditions in the Licensee ................................................................99

Table 7: Examples of today’s value chain compositions ......................................................104

Table 8: Content provider - Service operator, Red Cross - Ö3ver .......................................116

Table 9: Service operator – Service provider – End user, RDS TMC Location Code – Mc Donalds Restaurant..............................................................................................................119

Table 10: Content provider - Service operator, Public transport associations .....................120

Table 11: Content provider - Service operator, UIC .............................................................122

Table 12: Roaming between mobile phone provider, Mobilkom Austria AG ........................125

Table 13: CFMU ...................................................................................................................128

Table 14: EAD ......................................................................................................................130



List of Figures

Figure 1: Organisational infrastructure specification ..............................................................41

Figure 2: Composition of object A and B................................................................................43

Figure 3: Enterprise objects and relationships for Content Providers ....................................44

Figure 4: Enterprise objects and relationships for Service Operator......................................47

Figure 5: Enterprise objects and relationships for Service Provider.......................................50

Figure 6: Enterprise objects and relationships for Network Operators...................................53

Figure 7: Relationship between Trust - Protection - Remediation (OGC GeoDRM RM)........88

Figure 8: Model of Roles - OGC GeoDRM RM ......................................................................92

Figure 9: Licence Information Entity.......................................................................................95

Figure 10: The separation among the different chains.........................................................112

Figure 11: Service Provisioning............................................................................................113

Figure 12: Scheme of Traffic Information Centre in Austria .................................................114

Figure 13: Focus of described data transfer model..............................................................115

Figure 14: Cost scheme RDS TMC Location Code..............................................................118

Figure 15: Example for the McDonalds Restaurant. Shopping City Süd, Vienna-Vösendorf.............................................................................................................................................118

Figure 16: Example for the Timetable data flow ...................................................................120

Figure 17: International exchange of time tables [UIC] ........................................................121

Figure 18: Exchange of TAP records between the home mobile network and the visited mobile network. ....................................................................................................................124

Figure 19: Exchange and communication between CFMU and the Stakeholders (Source: Eurocontrol)..........................................................................................................................128

Figure 20: Operational Concept of EAD (Source: Eurocontrol)............................................130

Figure 21: Private consortium partner of the VIB project .....................................................131

Figure 22: Project model of VIB ...........................................................................................132

Figure 23: Integration of intermodal systems within VIB project ..........................................133

Figure 24: The VIB project timetable....................................................................................133



1. WP2 Introduction

1.1 The objectives of WP2

The WP2 - Policy issues - deals with all the needs that should be met by the eMOTION system. The definition of the policies is based on the identified requirements of the different actors in the service chain (WP1). The WP2 objectives are:

• to investigate the general policy issues underlying the provision of multi-modal real time information for travellers and moving users from the different standpoints (legal, contractual, accessibility, security, etc.)

• to identify the key policy related aspects and problems for all actors within the service/value chain

• to investigate and set up a reference framework to tackle existing barriers, facilitating the use of contents and information and preparing the deployment and operation of the service chain from the standpoint of policy requirements

The following tasks in the WP2 can be identified:

(1) Specification of general conditions,

(2) Specification of legal and contractual framework,

(3) Development of sample contracts and agreement documents for different issues of the eMOTION system.

Task 2.1: The basic conditions cover all minimum standards that should be achieved by the eMOTION system. These basic conditions could be minimum standards in the field of data access and data quality, minimum standards for data security and minimum standards for the information provision for the end user.

The different actors have different requirements and also pursue a certain policy. All of this different point of views have to be analysed to develop policies for different aspects of the eMOTION system. For the following topics the project partners will specify policies:

• Data access and data access policies,

• Data quality and quantity,

• Warranty/quality of the service,

• IT Implementation policy.

Additional to minimum standards that are defined by the different actors some general legal standards must be taken into account for the specification of eMOTION. Legal regulation regarding to data security are very important for public authorities and administration. The general conditions are the basis for the development for contractual issues.



Task 2.2: Based on the requirements of the different actors and the general conditions the second step is to specify the legal and contractual framework. Important legal aspects are:

• IT and data safety,

• Data supply for private VAR.

Task 2.3: The last step is to develop sample contracts and agreement documents for different issues of the eMOTION system. These contracts should be the fundament for the cooperation of all actors in the eMOTION system in the case of a real implementation of the system. Possible contracts and documents are:

• Contract for the use of mobility traffic data by commercial service provider,

• Re-Seller Agreements.

The work in this work package will specify the policy and organisational aspects of the eMOTION system. The legal and contractual relationship between public and private players will be defined. WP2 is formed by two deliverables. This Deliverable, the D3 - General conditions and legal framework - includes the tasks 2.1 and 2.2; the D4 - Contracts and agreements - includes task 2.3.

In conclusion, WP2 will provide a detailed investigation of legal, regulatory, organisational and operational policies for the provision of multi-modal real time traffic and transport related information services on-trip and pre-trip, and will result in clear definitions of the underlying policies as well as in the provision of a reference contractual framework for the implementation and deployment of the services.

1.2 The general policy of eMOTION

The basic elements of the system architecture of the eMOTION project is a network of mono and/or multimodal data platforms where contents and information are stored on a local, regional, national and international level.

Actually the general idea of eMOTION is to integrate different service providers, service operators and content providers into a network to enable the provision of European wide traffic information services even if there is no partner in the network that can cover the whole spectrum of content providing or service operating. Then the objective is to provide to the end user a multimodal, integrated and real time information service.

Traffic and traveller information (TTI) services are a crucial component of intelligent transport systems (ITS). They are designed to provide relevant information to passengers and freight carriers at different stages of their journey (pre-, on- and post-trip) and via various delivery channels (phone, internet, VMS, RDS-TMC, etc.).



With the strategy paper “White Paper - European transport policy for 2010: time to decide” the European Commission defined the objective for transport development; particularly TTI services are expected to contribute through the generally accepted policy goals for ITS applications, namely to:

• Improve the efficient use of existing infrastructures • Advance transport safety • Promote intermodality and modal shift • Improve traffic management and control

TTI services’ specific functions to obtain these goals are:

• Provide (intermodal) pre-trip planning • Provide (intermodal) on-trip orientation and guidance • More easily facilitate ticketing and billing

An important EU policy document explicitly addressing TTI services is the Commission Recommendation on the development of a legal and business framework for the participation of the private sector in developing TTI services, issued in July 2001. This EC instrument has been devised to enhance TTI service implementation by facilitating private sector involvement and developing an open market for TTI services. It suggests in particular the following key tasks for public authorities:

• Provide and disseminate a regulatory framework for TTI services • Adopt principles for access to public mobility traffic data, the exchange of public and

private data and the interconnection of transport databases (inter-administrative) • Regulate the usage and requirements of proprietary traffic and travel data • Ensure observance of road infrastructure hierarchies and traffic management

strategies • Create an enabling framework for public-private partnership • Facilitate TTI services and reduce constraints

Private sector involvement is expected to facilitate public administration tasks, reduce financial burdens on public budgets, improve the quality of services, allow more and faster realisations, and increase the transparency and acceptance of implementation projects. This can only happen if an adequate policy frame is in place.

The potential usage of this information for traffic and travel information services to end-customers has been widely researched into national and EU R&D Programs and shown to be highly desirable.

Large investments have already been made also by private service providers in this sector, in view of exploiting the above information either through dedicated or bundled value-added-services (VAS) but the reality today is that only a marginal part of the data potentially available is being transferred into these services, generating one of the main delay factors in



the take-up of an expected and desirable large scale mass market. The increased demand for services from one side and the difficulties encountered from the other side, have sometime led private service providers to try a totally private sector method to monitor roads and transportation network: many examples (installation of parallel sensors or collection through private fleets and human observation) have shown the weakness of totally private initiatives; high costs for infrastructures and limited added value of the information due to the difficulties to forecast changes in transportation demand and supply for some basic information that is indeed available with public transport and road authorities who manage the transportation networks. Actually, it has been shown in many R&D projects (i.e. Atlantic Project), that the suitable combination and fusion of information already in the data bases of public administration and operators with further data available from private service providers may be of great value for future services for citizens and for businesses, provided that mechanisms are found and global networks (i.e. Internet) are available to disseminate all this stuff.

Delays in the set up of agreements is rather surprising since both public authorities owners of info-mobility content and the service providers recognise and have proof of the high value of easing the dissemination to end-user of the available information although with different objectives (a safe and efficient management of the transportation networks to the former and a financial benefits of consumer take-up to the latter).

The correlation between the absence of legal frameworks and ITS strategies, and the absence of private VASP’s (Value Added Services Providers) operating is very high: none of the countries without private VASP’s actually have either a legal framework or an ITS strategy. Also, the free availability of public mobility traffic data appears to positively influence the emergence of VASP’s without being a sufficient condition.

Concerning the regulation of data availability, in most countries public mobility traffic data is provided free of charge to service providers, thus fulfilling one of the basic requirements of the Commission Recommendation.

Apparently there are two different approaches to this topic:

1. Private data collection is integral part of a legal framework for private sector participation in TTI delivery

2. The legal frame builds on exclusive (and well-established) public data collection and regulates participation of the private sector only for the later stages of the information chain.

As already described in the project deliverable D2 the information services offered by eMOTION concern the following topics:

• Dynamic traffic information

• Dynamic parking information

• Dynamic public transport information

• Dynamic information about event traffic (temporary traffic situation)



• Dynamic weather information

• POI information (POI search)

• Dynamic routing/navigation

• Dynamic public transport journey planning

• Dynamic multi-modal journey planning (pt journey planning + route planning)

• Dynamic freight traffic information (traffic information with special focus on freight traffic)

Different types of service providers provide end user services existing so far depending on information content. The service providers are either public bodies such as national, regional or local administrations or private companies such as telecommunication providers.

Typically, this kind of information can be broken down into categories: static information, which is known in advance and changes infrequently, and dynamic information, which changes frequently most notably due to unpredicted events.

To better understand the services offered it is opportune to briefly remember the types of service chains that have been identified:

• Service chain to realise an information service that provides information on user request as PULL-Service,

• Service chain to realise a subscription service that provides information periodically based on a subscription profile as PUSH-Service,

• Service chain to realise a monitoring service that provides information automatically when a predefined event happens as PUSH-Service.

The added value for the eMOTION’s information services come from the high level of integration between the aforementioned information services, as documented in the state of the art in deliverable D1, the existing TTI services have a low level of integration; an aim of eMOTION project is to overcome this limit. The effort to reach this objective should to be divided at least on two aspects:

• Technological (interoperability of information systems, communication standards, instance identifications, etc.)

• Contractual (protection of the rights of all the actors of the chain of value: content owners, providers, end users)

The process to obtain useful information starting from different sources and to provide it to the end users is quite complicated because the value chain involves several actors, namely:

• Content Owner/Provider • Service Operator • Service Provider



• Network Provider • End-User

Obviously all data and information services have an owner (Content Owner/Provider); a Service Operator uses this data to generate information with added value (an information service is of high value to a traveller who wants to better plan or adapt her journey depending on the actual situation).

The service provider publishes the service and is responsible for all marketing, quality and contractual issues with the end user. To publish the service, the service provider needs a network provider who supplies the communication network for the service. The end user is the consumer of the information service.

Contracts between public content providers and service providers are still at a premature stage. Recent experiences in Europe have shown that quality and contractual aspects are the main barrier for collaboration between public and private sectors in the TTI domain. The commercialisation aspect could also provoke some conflicts between the common interest (optimal use of the network) and the individual interest (fastest way to reach the destination).

From a study of a group of experts in Traveller Information Services (TEMPO Program) that have analysed a number of existing contracts it appeared that an important task for the coming years could be to define some framework / advise / recommendations in order to address this difficult issue, notably on the following points:

• Sort of (row) data / Traveller Information Services provided • Level playing field for service providers • Liability of information • Specification of quality levels and continuity of the service • Pricing policies • Duration of contract / revision process of contracts • Ownership of data • Reporting and other obligations for service providers

The dissemination of information via third party service providers is becoming an increasingly valid and cost-effective method of improving these kinds of services for the end user.



2. Definitions

2.1 Consumer

‘Consumer' shall mean any natural person who, in contracts concluded within eMOTION, is acting for purposes, which are outside his trade, business or profession.

2.2 Data bases

‘Database` shall mean a collection of independent works, data or other materials arranged in a systematic or methodical way and individually accessible by electronic or other means. A ‘database’ contains not only object data but also information on their representation and on the relationship, which exist between them (often referred to as metadata).

2.3 Data security

‘Data security’ shall mean the ability of a network or an information system to detect and resist, at a given level of confidence, accidental events or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data and the related services offered by or accessible via these networks and systems.

The term ‘data security’ could refer to two situations:

• Data that are keep safe from corruption

• Unauthorized access is blocked with the use of suitably controlled right of use.

Different levels of data security could be reached with the use of many tools such as access control or cryptography.

Data security could also help on protect personal data, and in this case to ensure privacy.

2.4 Digital Rights Management (DRM)

‘Digital Rights Management’ (abbreviated to DRM) refers to several technologies used by publishers or copyright owners to control access to and usage of digital data. It may also refer to restrictions associated with a specific instance of a digital work or device. This term came to primarily mean the use of these measures to control copyrightable artistic content. An early example of a DRM system is the Content Scrambling System (CSS) employed by the DVD Forum on movie DVDs since 1996. Today, most Internet music stores employ DRM to restrict the usage of music purchased and downloaded online.

2.5 Distance contract

'Distance contract` means any contract concerning goods or services concluded between a supplier and a consumer under an organized distance sales or service-provision scheme run by the supplier, who, for the purpose of the contract, makes exclusive use of one or more means of distance communication up to and including the moment at which the contract is



concluded.

2.6 Intellectual property rights (IPR)

‘Intellectual property rights’ shall mean any property rights in information. Property rights in information are rights of parties to use certain information to produce goods or services and to prevent others from doing so. There are several kinds of property rights. Property rights relevant to the eMOTION project are the ‘copyright’ and the ‘sui generis right’ accorded to protect databases.

2.7 Licence Agreement

‘Licence Agreement’ shall mean the contract ruling the legal relation between the owner of the resource covered by IPR (the Licensor) and the user of the resource (the Licensee).

2.8 Mobility traffic data

‘Mobility traffic data’ are data that are produced by physical traffic equipment, such as data on roads, average speed, vehicle classes, etc.

‘Mobility traffic data’ should not be confused with ‘Electronic traffic data’, which refer to issues of privacy and are defined below.

2.9 Privacy

‘Privacy’ shall mean the ability of an individual or group to keep their lives and personal

affairs out of public view, or to control the flow of information about them. The right of privacy

is a human right recognized by the national laws of all Member States of the EU and by the

European Convention on Human Rights (Article 8).

The eMOTION project may raise privacy issues with respect to ‘personal data’, ‘processing

of personal data’, ‘electronic traffic data’ and ‘location data’.

2.9.1 Personal data

‘Personal data' shall mean any information relating to an identified or identifiable natural

person ('data subject'); an identifiable person is one who can be identified, directly or

indirectly, in particular by reference to an identification number or to one or more factors

specific to his physical, physiological, mental, economic, cultural or social identity (as defined

by Dir. 95/46/EC).

2.9.2 Processing of personal data

'Processing of personal data' ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation,



use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (as defined by Dir. 95/46/EC).

2.9.3 Electronic traffic data

‘Electronic traffic data’ shall mean any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof.

2.9.4 Location data

‘Location data’ shall mean any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service.



3. Requirements and general conditions

3.1 Minimum characteristics for eMOTION use cases

The aim of the definition of policies is to describe directives, guidelines or principles of the eMOTION framework. Dealing with policy issues and general conditions eMOTION has to define some minimum characteristics for the use cases of service provision in the eMOTION framework.

In the following section general minimum characteristics for the quality of service provision within the eMOTION framework for the different eMOTION use cases will be defined. The most important issues to deal with are:

• Geographic service availability • Request parameter for end-user service requests • Results of the service calculation • Visualisation of service results

The following issues will be taken into account in the following sections:

General conditions:

• Service types: Based on the definition of the three service types “information service”, “subscription service” and “monitoring service”, the service type that should be realised within the eMOTION framework will be defined.

• Service availability: Definition of minimum service availability with respect to geographic areas or network types (e.g. European services, national services, services regarding to national freeway network, services available in one conurbation)

• Linkage to other services: This issue is dealing with the possibility to link the service with other services to request additional information (request of real-time traffic messages via traffic information services) or to enable a specific type of visualisation (e.g. request of a map via mapping service)

Request parameters: In this section the parameters are defined that the service requestor should be able to specify. These parameters define the conditions for the service calculation and are the instruments for service personalisation.

Results of service: In this section the results of the service calculation will be described. This description is independent of the types of visualisation that could be realised on different end-user devices.

Presentation of results: In this section the different types of presentation and visualisation of results are described.



Use of standardised solution: In this section the use of a standardised solution is described.

eMOTION has to define some minimum characteristics for the use cases that have to be complied with by the services to be part of the eMOTION framework, and in addition eMOTION should define some advanced characteristics to reach the intended quality and innovation levels in traffic and transport service provision. The minimum and advanced characteristics determine the technical specification of the eMOTION services in WP3. These minimum and advances characteristics affect

• Request parameter

• Results of service

• Presentation of results.

General minimum characteristics follow these technical aspects:













3.1.1 Dynamic traffic information

o Information service: (=minimum characteristics) • Dynamic information about current and future traffic conditions

o Subscription service: (=advanced characteristics) • Inform the user on any untypical events on e.g. a certain stretch

or an certain area

Service types

o Monitoring service: (=advanced characteristics) • Provision of safety critical messages • Disturbance notifications due to e.g. closure of road segments,

unexpected high volume of traffic • Exceeded thresholds of (predicted) travel times of LoS

Service availability

o Traffic message information for the TERN (Trans European Road Network) (=minimum characteristic) and secondary roads (=advanced characteristics)

o (Predicted) Travel times parts for TERN (=advanced characteristics)

o (Predicted) (=advanced characteristics) Level of service (LoS) (=minimum characteristic) information for TERN and main roads in conurbation

o Detour recommendation for TERN (=minimum characteristic) o Traffic camera for single points TERN and main roads in

conurbation (=minimum characteristic)

General conditions

Linkage to other services

o Mapping service o Routing and navigation service (dynamic navigation service) o Dynamic multi-modal planner o Dynamic freight traffic information service

Area of interest

o Bounding box (coordinates) o Administrative unit (e.g. federal state, city) o Part of network (e.g. only freeway network)

Time period o Real-time information o Forecast for specific time horizon o Time period (from … until)

Request parameters

Information type

o Traffic messages o (Predicted) Travel times or average speed per section or route o (Predicted) Level of Service information o Traffic cameras o Detour recommendation

Personalisation of service

User Profile (= advanced characteristic) with • Preferred network type • Preferred route type • Preferred camera positions • Vehicle parameter • Regular Trip Origin Destination • LoS vers. Travel Times

Results of service

Traffic messages

o congestion information o road work information o road closure information



o (predicted) (=advanced characteristics) travel time information or information about average speed

o visualisation of current and/or predicted (=advanced characteristics) LoS

o traffic camera video streams or images text textual list of traffic information map Traffic map

o background map o traffic messages layer o detour recommendation layer o traffic cam layer (location of traffic cams) with link to video streams

or images o LoS layer with coloured road network o Travel or averaged speed layer with colour road network o Layer with predicted values

Presentation of results

animation o Zoom in /out animations

Standar-dised solution

• use of standardised icons to display different types of traffic messages in map • use of standardised level of service definition and colouration

3.1.2 Dynamic parking information

Information service (= minimum characteristic): o Opening hours, prices and current occupancy data, this data allows

the motorist to decide, even while on-route, whether to drive to the destination

o Subscription service: current occupancy data, reservation.

Service types

o Monitoring service: parking not available Service availability

o Location of parking facilities for all cities o Static parking information for all bigger cities o Dynamic parking information for all areas with dynamic parking

guidance system

General conditions


o Mapping service (= advanced characteristic) o Routing and navigation service (= advanced characteristic)

Area of interest

o Bounding box (coordinates) o Administrative unit (e.g. city) o Part of network (e.g. parking area) o Address

Time period o Real-time information (= advanced characteristic) o Forecast for specific time horizon (= advanced characteristic)

Request parameters

Type of parking facility (optional)

o Preferred types (e.g. on-street) o Excluded modes (e.g. parking garage)



Information type

o Location of parking facilities o Static parking information e.g. about tariffs, opening times, add.

services o Dynamic parking information about availability of parking facilities

(occupancy or number of free spaces) Personalisation of service

o User Profile (= advanced characteristic)

Location of parking facilities

o Address of parking facility o Route to get to parking facility -> routing/navigation service o POI near parking facility -> POI service

Static parking information

o Opening times o Tariffs o Max. height

Results of service

Dynamic parking information

o Real time number of free spaces o Real time occupancy in % o Forecast of tendency of occupancy

text o Textual list with static information about filtered parking facilities o Textual list with dynamic parking information about filtered facilities

map Parking information map o background map o parking location layer with icons for the parking facilities (maybe

icon also showing the current occupancy)


animation Road animation


Use of standardised icons

3.1.3 POI information

General conditions

Service types Information service: Each POI has a geographical position and as such for each POI you can search on its position, name, address, type etc. Since the POI has a position one can guide, navigate to the POI and the POI can also be displayed on the map. POI's can provide information on location & opening period. For specific POI's extra information on information on the goods offered at that location. For example the price of fuel. Other POI 's offer information on Safety for example accident hotspots, traffic lights, speed limits traffic signs, pedestrian crossings, ... Summary for information services: For all POI’s: (1) Search& Find (2) Guide & Navigate (3) Display For some: (1) Safety information (2) Information on goods present at the POI: Price, opening period, .... This information is more considered as dynamic information.



Subscription service: Since most of the POI's have the complete address including phone number and internet site and mail address, one can make reservations making use of this information. This is especially the case for hotels and restaurants and all POI's related to food, drink and travel. o Monitoring service: o Traffic web cams locations are also considered as POI’s. There

might be a link to the information captured by the web cam. In these case the POI meta data (link to the content of the traffic web cam) is able to monitor the environment


o Global but focuses, but higher density in cities


o Mapping service o Gazetteer service o Routing or navigation service

Area of interest

o Bounding box (coordinates) o Administrative unit (e.g. city) o Part of network (e.g. parking area) o Address o Coordinate (GPS-coordinate of current position for navigation

service, selection of origin in map for routing services -> gazetteer service)

POI definition o Class (e.g. accommodation, recreation) o Type (e.g. petrol station, station, hotel)

Request parameters

Type of request

o All (e.g. in surrounding of location, in specified area) o Nearest (e.g. from current position)


o User Profile (= advanced characteristic)

Location of POI

o Address of parking facility o Route to get to parking facility -> routing/navigation service o POI near parking facility -> POI service

Results of service

Static POI information

o Information of class, type, content and meta information of requested POI. Such as address, phone number, opening hours, price of goods available at the POI

text o Textual description of POI o Textual description of POI meta information

map POI information map o Background map o POI with symbolised icons


animation -


• Use of standardised icons to display different types of POI’s in map



3.1.4 Dynamic information about event traffic (temporary traffic situation)

Event traffic information services cover different kinds of other services. The most important components of event traffic services are information regarding temporary traffic supply like temporary parking spaces, temporary public transport lines, temporary sign-posting.

Information service (= minimum characteristic): o pre-trip information service in case of route planning o pre-trip information in case of parking information o pre-trip information in case of public transport journey planning or

multi-modal trip planner o pre-trip information in case of POI information o on-trip information service in case of navigation service Subscription service: (= advanced characteristic) o pre-trip information in case of dynamic traffic information for long

time events o pre-trip information in case of dynamic parking information for long

time events

Service types

Monitoring service: (= advanced characteristic) o monitoring of selected route in case of dynamic navigation service,

request of relevant traffic information to calculate detour recommendation (-> traffic messages service)

o monitoring of occupancy of parking facilities in order to recommend another free parking facility


o for major events like international trade fairs or international long running events like FIFA World Cup or Olympic Games

o information about temporary transport offers like parking, public transport or changed sign-posting

General conditions


o Linked to all other services

Request parameters

See all other services


Because of temporary nature not necessary

Results of service








3.1.5 Dynamic public transport information

Information service (= minimum characteristic): o Real time information about next passage, delay, change of route,

etc. o Pre-trip and on-trip information o Subscription service: time of next passage of a selected bus, delay

of selected train, etc

Service types

o Monitoring service: updating of subscripted services Service availability

o Dynamic public transport information are available at national and local level (= minimum characteristic)

o European service for international train traffic

General conditions


o Traffic information service (real-time traffic messages) (=advanced characteristic)

Origin o Stop, station, etc. (code or name) (= minimum characteristic) Destination o Stop, station, etc. (code or name) (= minimum characteristic) Time of trip o Starting time (date, time) (= minimum characteristic)

Request parameters

Railway, bus, etc. line of interest

o Code or name (= minimum characteristic)


User Profile (= advanced characteristic) only if a subscription to the service is available

Next passage o Number of minutes when next bus, train, etc. will be arrive

Delay o Number of minutes between the scheduled passage and the real one

Change of route

o Textual information

Results of service

Other info o Costs of trip, pass, accessibility for disabled people, etc. text o Textual list.

map -


animation -


-

3.1.6 Dynamic weather information

General conditions

Service types o Information service: (= minimum characteristic): • Pre-trip information service about current and future weather

conditions • On-Trip information service about current and future weather

conditions and Surface conditions (RDS-TMC)



o Subscription service: (= advanced characteristic) • Inform the user about foreseen weather in a certain area • On-Trip information about actuel and forecasted critical road

surface and weather conditions (ALERT-C via TMC-Pro or DAB)o Monitoring service: (= minimum characteristic)

• Inform on any untypical events on e.g. extreme intensity events, prevision of floods, slippery road condition, strong wind, heavy rain or snow, hail etc.


o Only Freeway network o About certain cities o Only highways o European coverage (broadcast)


o Mapping service (= minimum characteristic) o Event traffic information service o Dynamic traffic information service o Dynamic routing and navigation service o Dynamic Multi-modal journey planner o Dynamic freight traffic information service

Area of interest

o Coordinates (POI = Points of intrest) (= minimum characteristic) o Part of network, cities o Segments of road or traffic line (permanent link ID’s, TMC locator)

Time period

o Real time information (actual) o Period of interest (= minimum characteristic) (i.e. period of trip) o Forecast for specific time horizon

Request parameters

Information type

o Synoptic weather stations o Road weather information outstation o Precipitation radar composite graphics o MOS prediction models o Weather forecast for a specific time horizon o XFCD (extended floating car data) (=advanced characteristic) o Weather cameras (=advanced characteristic) o Road thermal mapping and aperture measurement (=advanced

characteristic) Personalisation of service

User Profile (= advanced characteristic) with: o Network parameter o Area parameter o Period of interest o Regular trip origin destination

Results of service

General information

o Weather information (= minimum characteristic) • Precipitation intensity, Temperatures, cloudiness • Visibility

o Information on any untypical events (= minimum characteristic) • Traffic Messages (critical road conditions – e.g. ALERT-C)

o Recommendation (= advanced characteristic) o Information about travel time reduction because of actual or

predicted weather situation (= advanced characteristic) o Weather camera images (= advanced characteristic)



text Textual information for screen or voice service: o textual general weather information (= minimum characteristic) o recommendation (only monitoring service in case of extreme

events) (= minimum characteristic) map Whole European, national, local area -> mapping service:

o background map (= minimum characteristic) o geographical layer (= minimum characteristic) o Weather condition with coloured road network (= advanced

characteristic) o real-time recommendation (only for dynamic services) (= advanced

characteristic)


animation o animated map (= advanced characteristic) • e.g. precipitation areas


• use of standardised icons to display different types of weather conditions in maps • use standardised broadcast protocols for mobile devices • use standardised location codes for mobile devices

3.1.7 Dynamic routing/navigation

Information service (= minimum characteristic): o active request of a route or navigation instruction based on the

request parameter defined by the user o pre-trip information service in case of route planning o on-trip information service in case of navigation service Subscription service: -

Service types




o European coverage (= minimum characteristic) o Whole network from local roads up to trans-European network

(freeways) (= minimum characteristic)

General conditions


o Gazetteer service (= advanced characteristic) • Selection of location (start, destination, via-point) from map

o Mapping service(= minimum characteristic) • Visualisation of route on map

o Traffic information service (real-time traffic messages) (=advanced characteristic) • Route recommendation based on current or forecasted traffic

conditions o Parking information service (= advanced characteristic)

• Routing/navigation to next free parking space o Positioning service (= minimum characteristic) (not part of the

eMOTION framework, position service provides real-time position information to up-date the navigation information (only navigation service)



Origin o Address (= minimum characteristic) o Coordinates (GPS-coordinate of current position, selection of origin

in map -> gazetteer service) (= minimum characteristic) o POI

Destination o Address (= minimum characteristic) o Coordinates (selection of destination in map -> gazetteer service)

(= minimum characteristic) o POI (= advanced characteristic) o Free parking space near real destination -> parking information

service (= advanced characteristic) Via-points o Address (=minimum characteristic)

o Coordinates (selection of via-points in map -> gazetteer service) (= advanced characteristic)

o POI (= advanced characteristic) Transport mode

o Car (Default) (=minimum characteristic) o Truck (= advanced characteristic) o Motorbike (= advanced characteristic) o Bicycle (= advanced characteristic) o Pedestrian (= advanced characteristic)

Preferred network type

o Preferred road types / network elements (= advanced characteristic) • Freeways

o Excluded road types / network elements (= advanced characteristic) • Freeways • Tolled roads • Tunnel • Ferry

Preferred route type

o Shortest route (=minimum characteristic) o Fastest route (Default) (=minimum characteristic) o Cheapest route (=minimum characteristic) o Safest route (= advanced characteristic)

Network parameter

o av. speed per road type (= minimum characteristic)

Vehicle parameter

o Max. speed (= advanced characteristic) o Fuel consumption per distance (= advanced characteristic) o cost per distance (= advanced characteristic)

Request parameters

Time of trip o Starting time (date, time) (= advanced characteristic) o Time of destination (date, time) (= advanced characteristic)


User Profile (= advanced characteristic) with o Transport mode o Preferred network type o Preferred route type o Network parameter o Vehicle parameter

Results of service

General route information

o Length of trip (= minimum characteristic) o Estimated time of destination (= minimum characteristic) o Estimated travel time (= minimum characteristic) o Costs of trip (=advanced characteristic)



Route segment list

o Length of segment (only routing service) (= minimum characteristic)

o Travel time per segment (= minimum characteristic) o Road number and/or road name (= minimum characteristic) o Direction (names of destinations shown on the road signs in case of

routing service) (= advanced characteristic) o Manoeuvre instruction at the end of segment (turn left, turn right,

straight on, only general for routing service, details real-time information for navigation service) (= minimum characteristic)

Text Textual information for screen or voice service: o textual general route information (= minimum characteristic) o textual route segment list (only routing service) (= minimum

characteristic) o real-time manoeuvre instruction (only navigation service) (=

minimum characteristic) o detour recommendation (only monitoring service in case of

navigation service) (= minimum characteristic) Map Whole route or single route segments (only routing service) -> mapping

service: o background map (= minimum characteristic) o route layer (= minimum characteristic) o traffic messages layer (only for dynamic navigation services) (=

advances characteristic) o real-time detour recommendation (in route layer) (only for dynamic

navigation services) (= advanced characteristic)


Animation o route flight animation (= advanced characteristic) Standar-dised solution

• Use of standardised icons to display different types of traffic messages in map (e.g. use of International UNECE Convention on Road Signs and Signals, of 8 November 1968)

• Use of standardised manoeuvre instruction (and manoeuvre icons) (e.g. use of code lists NT_JunctionType and NT_TurnDirection from ISO 19133:2005 Geographic information -- Location-based services -- Tracking and navigation)

3.1.8 Dynamic public transport journey planning

o Information service: (= minimum characteristic) o Plan a trip using public transport. Just enter in departure and

destination information, and the system provide trip options including timetables, maps and route diagrams.

o Subscription service: if the service is integrated with dynamic traffic information

Service types

o Monitoring service: for the subscripted service any deviation from the information provided


o European service for international train traffic o National services for all public transport modes

General conditions


o Gazetteer service o Mapping service o Traffic information service (real-time traffic messages) (=advanced

characteristic)



Origin o Address o Coordinates (selection of origin in map -> gazetteer service) o POI o Name of stop point or station o GPS (on mobile device)

Destination o Address o Coordinates (selection of destination in map -> gazetteer service) o POI o Name of stop point or station

Via-points o Address o Coordinates (selection of destination in map -> gazetteer service) o POI o Name of stop point or station

Time of trip o Starting time o Time of destination

Preferred travel mode

o Preferred modes (e.g. fast train) o Excluded modes (e.g. busses)


o Fastest trip o Cheapest trip

Request parameters

Stop point parameter

o Max. number of interchanges o No stairs (suitable for disabled persons) o Max amount of waiting time


User Profile (= advanced characteristic) with network parameter

General trip information

o Travel time o Costs of trip (as far as possible) o Number of interchanges

Results of service

Trip schedule o Type of pt mode (incl. Foot walk) o Number and/or name of line o Starting point (station, stop point) of each interchange / connection o Arrival time of each interchange / connection o Time of destination o Track/bus stop information

text o Textual general trip information o Textual list of connection, trip schedule, details and waiting times for

each point of the route map Map of starting point, connection points and destination

o background map o trip layer Map per part of the route


Animation -


• Use of standardised icons to display different types of traffic messages in map • Use of standardised manoeuvre instruction (and manoeuvre icons)



3.1.9 Dynamic multi-modal journey planning

Information service (= minimum characteristic): o active request of a multimodal journey plan, navigation or

multimodal navigation instruction based on the request parameter defined by the user

o pre-trip information service in case of multimodal journey planning o on-trip information service in case of multimodal navigation service Subscription service: -

Service types





(freeways) (= minimum characteristic) o Whole PT network from local services up to trans-European

services.

General conditions


o Gazetteer service (= minimum characteristic) • Selection of location (start, destination, via-point) from map

o Mapping service(= minimum characteristic) • Visualisation of route on map • Visualisation of journey leg on map • Visualisation of interchange leg/point on map

o Dynamic Routing and navigation service(= minimum characteristic) • Visualisation of route on map

o Dynamic Journey planner service(= minimum characteristic) • Visualisation of journey plan on map • Visualisation of journey plan as a list

o Traffic information service (real-time traffic messages) (=advanced characteristic) • route recommendation based on current or forecasted traffic

conditions o Public transport information service (real-time public transport

message) (=advanced characteristic) • route recommendation based on current or forecast public

transport conditions o Parking information service (= advanced characteristic)

• routing/navigation to next free parking space • routing/navigation to park and ride facility

o Positioning service (= minimum characteristic) (not part of the eMOTION framework, position service provides real-time position information to up-date the navigation information (only navigation service)

Request parameters

Origin o Address / Postcode (= minimum characteristic) o Coordinates (GPS-coordinate of current position, selection of origin

in map -> gazetteer service) (= minimum characteristic) o POI (= advanced characteristic) o Railway Station / Airport (= minimum characteristic) o Town/District/Village/Locality (= minimum characteristic) o Stops in locality -> Reverse Geocoding service (= minimum

characteristic)



Destination o Address / Postcode (= minimum characteristic) o Coordinates (selection of destination in map -> gazetteer service)

(= minimum characteristic) o POI (= advanced characteristic) o Railway Station / Airport (= minimum characteristic) o Town/District/Village/Locality (= minimum characteristic) o Stops in locality -> Reverse Geocoding service (= minimum

characteristic) o Free parking space near real destination -> parking information

service (= advanced characteristic) Via-points o Address (=minimum characteristic)

o Coordinates (selection of via-points in map -> gazetteer service) (= advanced characteristic)

o POI (= advanced characteristic) o Free parking space near real destination -> parking information

service (= advanced characteristic) Preferred Transport mode

o Car (Default) (=minimum characteristic) o Truck (= advanced characteristic) o Powered two wheeler (= advanced characteristic) o Bicycle (= minimum characteristic) o Pedestrian (= minimum characteristic) o Bus (= minimum characteristic) o Train (= minimum characteristic) o Taxi (= minimum characteristic) o Metro (= minimum characteristic) o Coach (= minimum characteristic) o Aeroplane (= advanced characteristic) o Rideshare / DRT (= advanced characteristic)


o Preferred road types / network elements (= advanced characteristic) • Freeways (including specific named routes) • Cycle lanes/paths • Pedestrian zones

o Excluded road types / network elements (= advanced characteristic) • Freeways • Tolled roads • Tunnel • Ferry • Roads without footpaths


o Shortest route (=minimum characteristic) o Fastest route (Default) (=minimum characteristic) o Cheapest route (=advanced characteristic) o Safest route (= advanced characteristic)

Network parameter

o Av. speed per road type (= minimum characteristic)

Interchange parameter

o Number of changes o Maximum wait time o Interchange walk speed / Minimum time for interchange



Vehicle parameter

o Max. speed (= advanced characteristic) o Fuel consumption per distance (= advanced characteristic) o cost per distance (= advanced characteristic)

Walk parameter

o Walk speed o Maximum walk time for journey o Maximum walk time at each interchange

Time of trip o Starting time (date, time) (= advanced characteristic) o Time of destination (date, time) (= advanced characteristic)


User Profile (= advanced characteristic) with: o Preferred Transport mode o Preferred network type o Preferred route type o Network parameter o Interchange parameter o Vehicle parameter o Walk parameter o Regular Trip Origin Destination

General journey information

o Selection of journey options (= minimum characteristic) o length of trips (= minimum characteristic) o estimated arrival times (= minimum characteristic) o estimated travel times (= minimum characteristic) o Number of journey stages/legs (= minimum characteristic) o Financial cost of trip (=advanced characteristic)

Journey leg list

o Public Transport Leg (= minimum characteristic) o Interchange Leg (= minimum characteristic) o Private Transport Leg (Route segment list) (= minimum

characteristic) Private Transport Leg

o Leg Origin (= minimum characteristic) o Leg Destination (= minimum characteristic) o Route Segment List (= minimum characteristic)

Route segment list

o Mode e.g. Walk, Car, Cycle (= minimum characteristic) o Length of segment (only routing service) (= minimum

characteristic) o Travel time per segment (= minimum characteristic) o Road number and/or road name (= minimum characteristic) o Direction (names of destinations shown on the road signs in case of

routing service) (= advanced characteristic) o Manoeuvre instruction at the end of segment (turn left, turn right,


Results of service

Public Transport Leg

o Leg Origin (= minimum characteristic) o Leg Destination (= minimum characteristic) o Type of Service Timing (Timetable, frequency, demand responsive)

(= minimum characteristic) o Transport Mode eg. Bus, Train, etc. (= minimum characteristic) o Service Operator Name (= minimum characteristic) o Service Name (= minimum characteristic) o Service Destination (= minimum characteristic)



Interchange Leg

o Leg Origin (= minimum characteristic) o Leg Destination (= minimum characteristic) o Route Segment List (= advanced characteristic) o Destination Identifier




navigation service) (= minimum characteristic) Map Whole journey, single leg or route segments -> mapping service:

o background map (= minimum characteristic) o private transport legs layer (= minimum characteristic) o interchange legs layer (= advanced characteristic) o public transport legs layer (= minimum characteristic) o traffic messages layer (only for dynamic navigation services) (=

advanced characteristic) o dynamic public transport information layer (= advanced

characteristic) o dynamic detour recommendation (in route layer) (only for dynamic

navigation services) (= advanced characteristic) o dynamic journey plan recommendation (= advanced

characteristic)


Animation o Private transport leg route animation (= advanced characteristic) o Interchange leg route animation (= advanced characteristic)


• Use of standardised as for Dynamic Routing and PT Information

3.1.10 Dynamic freight traffic information

Information service (= minimum characteristic): o active request of a route or navigation instruction based on the

request parameter defined by the user o pre-trip information service in case of route planning o on-trip information service in case of navigation service Subscription service: - o pre-trip information service for regular distribution routes for tour

planning

Service types

Monitoring service: (= advanced characteristic) o monitoring of selected route in case of dynamic navigation

service, request of relevant traffic information to calculate detour recommendation (-> traffic messages service)

General conditions



(freeways) (= minimum characteristic)




o Gazetteer service (= advanced characteristic) • Selection of location (start, destination, via-point) from map

o Mapping service(= minimum characteristic) • Visualisation of route on map

o Traffic information service (real-time traffic messages) (=advanced characteristic) • route recommendation based on current or forecast traffic

conditions • route condition based on relevant operations such as tunnel

queuing operations o Parking information service (= advanced characteristic)

• routing/navigation to appropriate loading space o Positioning service (= minimum characteristic) (not part of the

eMOTION framework, position service provides real-time position information to up-date the navigation information (only navigation service)

o Weather service (= advanced characteristic) • Route avoiding bad weather

o Event service (= advanced characteristic) • Route avoiding special events

Origin o Address (= minimum characteristic) o Coordinates (GPS-coordinate of current position, selection of

origin in map -> gazetteer service) (= minimum characteristic) o POI (= advanced characteristic)

Destination o Address (= minimum characteristic) o Coordinates (selection of destination in map -> gazetteer service)

(= minimum characteristic) o POI (= advanced characteristic)

Via-points o Address (=advanced characteristic) o Coordinates (selection of via-points in map -> gazetteer service)

(= advanced characteristic) o POI (= advanced characteristic)


o Preferred road types / network elements (= minimum characteristic) • Freeways • Specific named roads • Dedicated HGV routes • Ferry

o Excluded road types / network elements (= minimum characteristic) • Freeways • Specific named roads • Roads where HGVs are forbidden • Tolled roads • Tunnels or Tunnels with HGV restrictions • Ferry

Request parameters

Prescribed route

o Alternatively entry of prescribed route by Computerized Vehicle Routing and Scheduling System (=minimum characteristic)




o Shortest route (=minimum characteristic) o Fastest route (Default) (=minimum characteristic) o Cheapest route (=advanced characteristic) o Safest route e.g. quiet roads, avoiding bridges (= advanced

characteristic) Network parameter

o av. speed per road type (= minimum characteristic)

Vehicle parameter

o Max. speed (= minimum characteristic) o Fuel consumption per distance (= advanced characteristic) o Cost per distance (= advanced characteristic) o Vehicle dimensions e.g. height, length, ground clearance (=

advanced characteristic) o Vehicle weight and weight distribution (= advanced

characteristic) o Maximum gradients (= advanced characteristic)

Load parameters

o Load specific journey restrictions (= advanced characteristic) o Requirements for secure parking for stops (= advanced

characteristic) Time of trip o Starting time (date, time) (= minimum characteristic)

o Time of destination (date, time) (= minimum characteristic) o Stop times at intermediary points (= advanced characteristic)

Driver characteristics

o Driver hours restrictions (relating to working hours / tachograph) (= advanced characteristic)


User Profile (= advanced characteristic) with o Preferred network type o Preferred route type o Network parameter o Vehicle parameter o Driver characteristics

General route information

o Length of trip (= minimum characteristic) o Estimated time to final destination (= minimum characteristic) o Estimated travel time (= minimum characteristic) o Estimated time to all time to all via points (= minimum

characteristic) o Costs of trip (=advanced characteristic)

Results of service

Route segment list (where route requested)

o Length of segment (only routing service) (= minimum characteristic)

o Travel time per segment (= minimum characteristic) o Road number and/or road name (= minimum characteristic) o Direction (names of destinations shown on the road signs in case

of routing service) (= advanced characteristic) o Manoeuvre instruction at the end of segment (turn left, turn right,






navigation service) (= minimum characteristic)



Map Whole route or single route segments (only routing service) -> mapping service: o background map (= minimum characteristic) o route layer (= minimum characteristic) o traffic messages layer (only for dynamic navigation services) (=

advances characteristic) o real-time detour recommendation (in route layer) (only for

dynamic navigation services) (= advanced characteristic) o specific hazards layer (low bridges, narrow roads) (= advanced

characteristic) Animation o Route flight animation (= advanced characteristic)


• Use of standardised icons to display different types of traffic messages in map (e.g. use of International UNECE Convention on Road Signs and Signals, of 8 November 1968)

• Use of standardised manoeuvre instruction (and manoeuvre icons) (e.g. use of code lists NT_JunctionType and NT_TurnDirection from ISO 19133:2005 Geographic information -- Location-based services -- Tracking and navigation)

3.2 Organisational infrastructure specification

The Organisational infrastructure specification for the eMOTION framework can be described using the concept of viewpoints and viewpoint specifications of the Reference Model of Open Distributed Processing (RM-ODP) as put forth by ISO/IEC 10746, 1998. RM-ODP defines the following five viewpoints:

• Enterprise viewpoint • Information viewpoint • Computational viewpoint • Engineering viewpoint • Technology viewpoint

The enterprise viewpoint is adopted to expose the actor model of eMOTION, the requirements of every single actor on the eMOTION infrastructure and organisational aspects.

The potential actors of eMOTION have been defined in Deliverable D1: Requirements and services analysis, chapter 4.2. Here, interactions between these subjects are considered accordingly to the specifications of the RM-ODP standard from an Enterprise Viewpoint in terms of:

Enterprise objects

Objects interfaces

Relationships of objects.



Network Provider

Service Operator

Content provider

Defines an interface

End-user

Service Provider

Figure 1: Organisational infrastructure specification

Note that accordingly to the definition of Network provider given in chapter 4.2.3 of Deliverable No. D1: Requirements and Service Analysis, the Network Provider can be viewed as the actor in charge of providing the communication channels needed to deliver the information to the end user and to suitably interconnect the actors involved.

In this context, interfaces and relationships for Network providers are described acting considering this actor as the “ring” of the eMOTION value chain between the Service Provider and the end-user.

3.2.1 Definition of Enterprise Objects

From the enterprise viewpoint we have to consider the following objects of the enterprise level (enterprise objects) in order to manage the technical eMOTION infrastructure. A definition of requirements is also outlined for every object.

For User/accessibility-related service objects the goal is to:

• Extract user profiling from the analysis of user requirements and typology in order to have an object to which apply different policies, actions, and management strategies. It’s possible to found several user needs and characteristics in relation to the service of the enterprise and to its characteristics in relation to the eMOTION infrastructure

• Specify access rules for users or processes. Access rules consist of entities that define the possibility of access to services and contents by users with the appropriate rights. Here the term ‘user’ has to be intended in an extended way (not only a person who access to the service). For example a user can be a process, an automated system, a machine etc.



Service management/execution objects are related to:

• Data qualification characterisation like reference network, geographic coverage, geo-reference system. This is dependant to the format of data used for each context and system.

• Quality assurance of services (for example reliability or level of service)

This parameter is strictly dependant on the product and its measure can be therefore established by processes and parameters different for every case (product, content or service).

• Notification service and support

Notification is the operation of communication of information between two parties in the eMOTION infrastructure. This is different from the exchange of data or information. It can refer to the communication of the availability of the data or information itself for example.

• Service execution and content publishing and update.

The process of publishing data or information or the provision of a service i.e. by Service Providers.

Business objects are related to:

• Subscriptions: that can be referred to by eMOTION actors for the delivery of contents or notifications. Subscription policies can be of various types in relation to the type of content, user or service.

• Payment/billing applies when subscription policies are applied and/or services are offered under payment.

3.2.2 Objects and objects relationships representation

Enterprise objects and relationships are represented using the notation of the RM-ODP standard.

As shown before the “T” symbol represents an interface and a “disc” or “filled circle” an object. Relationships and requirements are defined with tables that refer to objects and interfaces. A composition of objects is often necessary. This is represented with the illustration below. The interface between A and B may be a single interaction and the right interface represents an interface of the composite object.

A B



Figure 2: Composition of object A and B

In the following sections, for the four types of actors described in the eMOTION infrastructure (Content Providers, Service Operator, Network Provider and Service Provider) the RM-ODP enterprise object representation is described in terms of:

Information needs for enterprise objects

Interactions between enterprise objects



3.2.3 Organisational Infrastructure for Content Providers

Enterprise objects and relationships

The following diagram describes the Enterprise objects and relationships for Content Providers.

Accessibility management

User profiling

User access

Service Provider

End-user

Content Publishing management

Data Qualification

check Quality

ensurance

Content Notification/

support

Content Production

Business management

Payments / billing

Subscriptions

Network Provider

Service Operator

Content supply

Figure 3: Enterprise objects and relationships for Content Providers




Enterprise Object Information needs

User profiling manager End-User requirements End-User typology (single users, companies,

organization) Subscriptions / Payment typology Aggregations of users made on the basis of user

requirements/typology/ Subscriptions / Payment typology

Characterization of users in terms of user information (address, e-mail contact etc.)

User access manager User profiles User rights Status of payment / subscription

Data qualification check Geographic coverage Reference road network Geo-reference system

Content Production Feedbacks from quality assurance system Data qualification information

Quality assurance Quality parameters / values / thresholds defined for each product line

Content notification/support Content availability Intervals of time defined for notifications User subscriptions for notifications

Subscriptions Management User characterization Applicable Subscriptions methods

Payments / billing management Subscriptions status

Content supply User profile Access rules Content availability / conformity / quality check

status


Enterprise object / Composite object Interactions (→ object of interest)

User profiling manager User Profiles information is used by the user access manager (→User access manager)

User profiles data is updated/modified by the appropriate user/interfaces managed by the user access manager (→User access manager)

User profile has information about the subscriptions / payment typology (→Business management)

User access manager User access is handled on the basis of user profile (→User profiling manager)

User Access acknowledgement is notified and propagated to other enterprise objects by the access manager (→User profiling manager)

Status of payment / subscription influences the behaviour of user access (→Business management)

Data qualification check Imposes constraints on the content production and receive indications on these constraints (→Content production)



Content Production Gives directives on Constraints, content features, data needs etc. (→Data qualification check)

Needs information about features to be notified and gives them. (→Content notification)

Send directives about quality parameters and takes feedbacks from quality ensurance system (→Quality ensurance)

Quality ensurance Get directives about quality parameters and gives feedbacks to Content production (→Content production)

Content notification Get information about features to be notified and delivers them. (→Content production)

Subscriptions Management Get information about user payments status and gives information about user’s subscription status (→Payments / billing management)

Payments / billing management Send information about user payments status and receive information about user’s subscription status (→Subscriptions management)

Accessibility management Send user access information (→Business management, content supply)

Get indications about a possible content-based user profiling (user profiling based on i.e. content features, content support services etc.) (→Content supply)

Content publishing management Get contents, content features, quality parameters, data qualification parameters used to produce contents (→Content publishing management)

Get indications about, content features, quality parameters, data qualification parameters used to produce contents (→Content supply)

Business management Send information on subscriptions and payments (→Content supply)

Get indications on product/contents costs (→Content supply)

Content Supply Get user access information (→Accessibility management)

Get contents, content features, quality parameters, data qualification parameters used to produce contents (→Content publishing management)

Get information on subscriptions and payments (→Business management)

Send indications about a content-based user profiling (user profiling based on i.e. content features, content support services etc.) (→Accessibility management)

Send indications about, content features, quality parameters, data qualification parameters used to produce contents (→Content publishing management)

Send indications on product/contents costs (→Business management)

Send content to the Service Operator Receive feedbacks and parameters from Service

Operator



3.2.4 Organisational Infrastructure for Service Operator


The following diagram describes the Enterprise objects and relationships for Service Operator.

Content integrator Accessibility management

Service Provider

End-user

Content integration engine

Information generation

Business management

Network Operator

Information (integrated content) Supply

External Content Handler

Content Provider

Quality ensurance

Figure 4: Enterprise objects and relationships for Service Operator





Accessibility management Service provider requirements Service provider account information Service provider subscription/payment status Specifications on Service providers accessible

subset of information (Service provider rights) Characterization of Service providers in terms of

user information (address, e-mail contact etc.) Business Management Service provider status of payment/subscription

Service provider profiles information Content integration engine

Reference road network specifications Geo-reference system specifications Specifications for the production of integrated

content Information Generation Information specifications

Quality ensurance feedbacks Quality ensurance Quality requirements based on Specifications

External Content Handler Data from external content provider Content integrator specifications

Integrated Content Supply Service provider requirements Service provider status of payments/subscriptions Service provider rights Contents availability



Accessibility management Get Service provider requirements (→integrated content supply)

Get Service provider subscription/payment status (→business management)

Send information on user rights (→integrated content supply)

Send information on user profile (→business management)

Business Management Get Service provider profiles information (→accessibility management)

Send information on status of payment/subscription (→accessibility management)

Content integration engine Calculates and send data to Information Generation (→Information generation)

Information generation Get data from Content Integration (→Content integration engine)

Quality ensurance Get Quality requirements based on Information Specifications (→Information generation)

Send feedbacks to Information generation system to adjust quality (→Information generation)

Content integrator Send feedbacks to External content handler (→External content handler)

Get data from External content handler (→External content handler)

External Content Handler Get Data from external content providers (→Content provider)



Send data to Content integrator (→Content integrator)

Send feedbacks to external content providers (→Content provider)

Get feedbacks from Content Integrator (→Content integrator)

Integrated Content Supply Get Service provider requirements (→Service provider)

Get Service provider status of payments/subscriptions (→Business management)

Get Service provider rights (→Accessibility management)

Send integrated contents and contents availability (→Information generation)



3.2.5 Organisational Infrastructure for Service Provider


The following diagram describes the Enterprise objects and relationships for Service Providers.


User

profiling User access

Content Provider

Service management

Quality ensurance

Service Production

Business management

Payments / billing

Subscriptions

Network Provider

Service Operator

External data management

Value Added Service Provision

End-user

Figure 5: Enterprise objects and relationships for Service Provider





User profiling manager End-User requirements End-User typology (single users, companies,

organization) Subscriptions / Payment typology Aggregations of users made on the basis of user

requirements/typology/ Subscriptions / Payment typology

Characterization of users in terms of user information (address, e-mail contact etc.)

User Access Manager User profiles User rights Status of payment / subscription

Subscriptions management User characterization Applicable Subscriptions methods

Payments/billing management Subscriptions status

Quality ensurance Quality parameters / values / thresholds defined for each service

Service production Service specifications External Contents data and availability of contents Service quality feedbacks

External data management Integrated Contents Service production requirements

Value added service provision Service data User subscriptions/payment status User accessibility information Network status / interfaces



User profiling manager User Profiles information is used by the user access manager (→User access manager)

User profiles data is updated/modified by the appropriate user/interfaces managed by the user access manager (→User access manager)

User access manager User access is handled on the basis of user profile (→User profiling manager)

User Access acknowledgement is notified and propagated to other enterprise objects by the access manager (→User profiling manager)

Accessibility management User profile has information about the subscriptions / payment typology (→Business management)

Status of payment / subscription influences the behaviour of user access (→Business management)

Send information about user profiles/rights/accessibility (→Value added service provider)

Subscriptions Management Receive information about user payments status and gives information about user’s subscription status (→Payments / billing management)

Payments / billing management Gives information about user payments status and receive information about user’s subscription



status (→Subscriptions management) Business management Send information about user status of subscription

/ payments (→Value added service provider) Send information about user status of subscription

/ payments (→Accessibility management) Quality ensurance Get directives about quality parameters and gives

feedbacks to Content production (→Service production)

Service production Get feedbacks from and Send directives to Quality system about QoS (→Quality ensurance)

Service management Produces data for service (→Value Added Service Provision)

Get feedbacks from VAS provision (→Value Added Service Provision)

Get External contents (→External data management)

Send requirements for external contents (→External data management)

External data management Send External contents (→Service management) Get requirements for external contents (→Service

management) Exchange data with Service Operator using

Content Integrator Services (→Service Operator) Value added service provision Get Service data (→Service management)

Send Service data feedbacks (→Service management)

Get User accessibility information (→Accessibility management)

Send information about user needs/features (→Accessibility management)

Get User status of subscription/payments (→Business Management)

Get status of Network (→Network Operator) Uses Network Services/facilities (→Network

Operator)



3.2.6 Organisational Infrastructure for Network Operators


The following diagram describes the Enterprise objects and relationships for Network Operators.

Network Services management


Content Provider

End-user

Quality ensurance

Business management

Service Provider

Service operator

Service Provision

Network Services supply

Figure 6: Enterprise objects and relationships for Network Operators





Accessibility management Service Provider /end-user requirements Service Provider /end-user account information Service Provider /end-user subscription/payment

status Business Management Service Provider /end-user subscription/payment

status Service Provider profiles information

Service provision Service specifications Quality feedbacks

Quality ensurance Quality parameters for service

Network Services supply End-User / Service Provider requirements Network status / QoS




Get Service Provider /end-user requirements (→Network Services Supply)

Send Accessibility information on users / Service Provider (→Business management)

Send Accessibility information on users / Service Provider (→Network Services Supply)

Get Service Provider /end-user subscription/payment status (→Business management)

Business management Get Accessibility information on users / Service Provider (→Accessibility Management)

Send Service Provider /end-user subscription/payment status (→Accessibility management)

Send Service Provider /end-user subscription/payment status (→Network Services Supply)

Service provision

Get Quality parameters for QoS (such as transmission Speed, continuity of service in terms of connectivity, interruptions etc.) (→Quality Ensurance)

Quality ensurance Send Quality parameters for QoS (such as transmission Speed, continuity of service in terms of connectivity, interruptions etc.) (→Service provision)

Network Services supply Uses network Services (→Network Services Management)

Send data on network Status / QoS (→Network Services Management)

Get Accessibility (rights) status of users (→Accessibility management)

Get status about user subscription / payments (→Business management)

Provide connectivity services to users (→Service Provider / End-users)

Network Services Management Get user needs / feedbacks (→Network Services Supply)

Provide network Services (→Network Services



Supply) Get data on network Status / QoS (→Network

Services supply)

3.2.7 End-users

The RM-ODP enterprise viewpoint representation and analysis for end-user is appropriate only when an end user can be identified as a content provider or a VAS provider. When this happen the related viewpoints and object/interfaces/relationship analysis applies.

3.3 Data security

3.3.1 Introduction

Service providers and network operator within eMOTION will also have to consider data security. Data security may be defined as the ability of a network or an information system to resist, at a given level of confidence, accidental events or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data and the related services offered by or accessible via these networks and systems.

To explain the issue of security, it is helpful to consider what constitutes a state of security. Manunta [2000] expresses security in the following way:

"S = f (A, P, T) Si

“Security (S) is a function of the interaction of its components: Asset (A), Protector (P) and Threat (T) in a given Situation (Si). This logic formula summarises the concepts inspiring this work: Security is the contrived condition of an Asset. It is created and maintained by a Protector in antagonism with a reacting counterpart (Threat), in a given Situation (Si). It aims to protect the Asset from unacceptable damage."

By becoming part of eMOTION, the Situation in which the Content Provider, Service Operator or Service Provider's Assets are positioned will be changed. By additionally providing their services through the eMOTION framework, they will potentially be providing additional means for the Threat to access the Asset, or exposing the Asset to additional threats. The provider will therefore seek to protect their Asset from harm. The eMOTION framework may provide a Protector; the Content Provider, Service Operator or Service Provider may choose to provide their own Protector; though most likely there will be some combination of both.

It should be considered that legitimately accessed information might only of value to the person accessing the information at that point in time. For example, a service providing a map annotated with real time traffic information for specific area is only likely to be of value at that point in time to another traveller in that particular area. Therefore providing encrypted access to such data would be inappropriate, especially given the likely processing overhead involved with the encryption/decryption process, leading to reduced service satisfaction on the part of the end user.



The approach to data security should fit within the context of current security systems within the enterprise, as well as with technology systems within the enterprise. If current infrastructure for web services exists, any provisions will need to be made within this context.

Such issues raise the need to conduct some risk assessment to determine impact of any potential threat being realised. Risk is presented by a combination of threats and vulnerability. Need to balance loss resulting from risk being realised, and the probability of this risk being realised, with the cost of protecting against this risk. Cost could be one-off financial costs experienced by the party providing access or gaining access to the data, but might also include increased processing time due to operations for authentication, encryption and decryption, which may make the service unusable in practice.

Specific security issues associated with eMOTION are those arising as a result of being connected to the eMOTION framework. These issues include those at: legal, financial, organisational and technical levels. Data security is not simply a technological issue, which may be addressed by technological solutions. However, within the context of eMOTION, the Situation in which the Asset is placed may be significantly changed by it being placed in an information systems technology framework, and technological solutions may be addressed in greater isolation and with greater relevance within this document.

Failures in the security system might lead to:

• Loss of service, leading to reduced perception of quality, reduced revenues or wider benefits obtained from information access, and possible loss of future traffic;

• Failure to meet response times or quality of service agreements, leading to financial compensation;

• Unauthorized access to data leading to loss or corruption, damaging the quality of service provided to the customers in the value chain; and

• Unauthorized access to client data and personal information, potentially leading to claims for financial compensation or criminal charges.

Typical security vulnerabilities experienced interconnected systems include:

• Denial of Service attacks;

• Unauthorized access to stored data;

• Unauthorized read access to data in transmission;

• Unauthorized alteration of data in transmission; or

• Unintentional access to resources

Particular security vulnerabilities specifically related to Web Services include:



• Potential corruption of service registries;

• Bogus certificates;

• URL spoofing;

• IP spoofing;

• Denial of Service attacks sending large streams of apparently legitimate XML;

• Buffer overflow attacks on flawed processing libraries; and

• Flawed application exception handling leading to exposure of confidential information

It should be remembered, because of the interconnected nature of Web Services, vulnerabilities exploited in any party in the value chain could have a direct impact on all connected players in the value chain. Techniques and technologies, which might be appropriate, such concerns, depending on the results of a security risk assessment, are presented in the next section. However, for the remainder of this section, we return to legal requirements relevant to the eMOTION framework.

3.3.2 The European standard of security set forth by Directive 2002/58

Community law provides for a minimum legal standard that has to be implemented as far as data security is concerned. All actors of eMOTION will have to comply with this standard. The general European standard of security of a given information system can be found in Art. 4 of Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector.

Table 1: Directive 2002/58/EC – Article 4

Article 4

Security

1. The provider of a publicly available electronic communications service must take appropriate technical and organisational measures to safeguard security of its services, if necessary in conjunction with the provider of the public communications network with respect to network security. Having regard to the state of the art and the cost of their implementation, these measures shall ensure a level of security appropriate to the risk presented.

2. In case of a particular risk of a breach of the security of the network, the provider of a publicly available electronic communications service must inform the subscribers concerning such risk and, where the risk lies outside the scope of the measures to be taken by the service provider, of any possible remedies, including an indication of the likely costs involved.



Community law merely specifies that the standard has to be appropriate and that the appropriateness of the measures adopted will be evaluated with reference to the risk presented by the activity and the cost of their implementation, against the background of the technical and organisational state of the art. In other words the law merely provides that a cost-benefit analysis should be made taking into account, on the one side the costs of adopting a certain technical or organisational measure, and on the other side the benefits of that measure, as far as reduction of a certain risk is concerned.

The cost benefit analysis provided for by Community law will have to be made by each actor of eMOTION potentially interested by issues of data security, most notably, as specified by Community law, the service provider and the network operator.

3.3.3 Specification to eMOTION

Before discussing particular issues associated with eMOTION, it is important to set security measures in the context of a wider security assessment. Guidance will vary for those companies who already provide access to their data through similar systems, compared with those who might only currently present data directly to end users through their own information services or through other proprietary interfaces. General guidance in terms of information security may be found in ISO/IEC standard 17799:2005 and the technical report TR 18044:2004.

[ISO/IEC 17799:2005] establishes guidelines and general principles for information security management in an organization, and contains best practices in the following areas of information security management:

• Security policy;

• Organization of information security (which is relevant since it provides specific guidance where third parties access company information systems);

• Asset management;

• Human resources security;

• Physical and environmental security;

• Communications and operations management (which includes issues in network management and exchange of information);

• Access control (which provides specific relevant advice on access policies);

• Information systems acquisition, development and maintenance (which includes guidance on use of cryptography);

• Business continuity management;

• Compliance.



[ISO/IEC TR 18044:2004] provides advice and guidance on information security incident management, including examples of planning and documentation required, and the incident management process.

The most common approach with security is to examine the technology available to the Protector. While responses that look in more detail at the relationship between Asset and Threat (for example making the information Asset less valuable to the Threat), the role of the Protector, as a technology solution, is that most likely to be addressed within the eMOTION context.

Web Services raise their own particular security concerns, as discussed in the previous section, and existing security measures in place within data providers maybe unsuitable to address these concerns. As an example, the presence of a firewall will not be sufficient to protect web services from unauthorized access, since such requests are normally made over HTTP port 80. Parties would not normally provide direct access to their data, but instead would receive requests through a public Proxy server, which would receive information request from other parties, and forward requests to the server containing the information service or content.

Although traditional point-to-point network security mechanisms such as TLS are used in Web Services, they are not sufficient to provide end-to-end security across connected intermediary Web Services before reaching the intended destination. Web Services may therefore rely on a message based approach, where intermediaries may require access to certain parts of the message, but must not access other parts.

Typical threats at message level, as described in [WSA, 2004] include:

• Message alteration, where a threat modifies or deletes message content or headers;

• Confidentiality, where unauthorized entities gain access to message content or headers;

• Man-in-the-middle, where a third party poses as an intermediary between original service requester and final receiver, enabling message alteration or loss of confidentiality;

• Spoofing, where an attacker assumes the identity of a trusted entity to sabotage security of a target entity;

• Denial-of-Service, where a service is flooded with traffic to the point of denying legitimate users access;

• Replay Attacks, where a legitimate message between parties is intercepted and replayed to the target server. The document recommends the use of timestamp and sequence numbering to defend against such attacks.

Typical security concerns may be addressed in Web Services by the use of some of the following techniques:

Authentication is used to verify the identities of parties involved in the requester and provider. Traditional methods of authentication include certificates, LDAP, RADIUS, Kerberos and PKI.



An additional complication with Web Services is presented because participants may not be connected directly, but instead through intermediaries. Specific technologies of interest include SAML Security Assertion Markup Language, which provides a method for exchanging authentication and authorization data between domains, and XML Signature, which is a W3C standard, which defines XML syntax for digital signatures. XML Signature provides authentication, data integrity and supports non-repudiation. It allows only specific portions of a document tree to be signed, which allows documents to signed multiple times by single or multiple parties, while allowing other parts of the same document to be modified. Mutual authentication helps prevent against spoofing and man-in-the-middle attacks.

Authorization is used to control access to resources, and takes place after authentication. Such controls are normally described in policies, which are machine-readable documents describing constraints or obligations on resources. XACML Extensible Access Control Markup Language provides a method of expressing access control policies as XML documents.

Data Integrity and Data Confidentiality during transmission are handled by data encryption and digital signature techniques. XML Encryption specifies the encryption process and representation in XML of arbitrary data, XML elements or XML element content. XML Key Management Specification (XKMS) provides an XML-based method for managing (registration and distribution) of Public Key Infrastructure, PKI, the system used for public key cryptography used for encryption, signing, authorising and verifying authenticity of information. Web Services Security (WSS), developed by OASIS, defines a SOAP extension for message integrity, confidentiality and authentication, but supports a wide variety of security models and encryption technology, such as X.509 PKI certificates and Kerberos.

Non-repudiation as a security service seeks to protect parties in a transaction from denial by a party that the transaction ever took place, and may be used by a third party to resolve such disputes. Non-repudiation relies on the use of digital signatures and digital certificates, and therefore relies on the same technologies as integrity and confidentiality such as XML Signature and XML Encryption.

It would also be appropriate to employ some form of security auditing, to ensure that policies are being enforced, and to detect unusual patterns of behaviour or other signs of abuse, which may otherwise remain undetected.

Discussions in the section so far have concentrated on unauthorized access to services or data in transmission for the purposes of gaining information or damaging modification of data, however other attacks may prevent bona fide clients from accessing services. Denial of Services attacks is a potential source of such problems, where a server is flooded with so many requests that they effectively become unusable. Responses to Denial of Service attacks will depend on the risk assessment of such an attack, and potential responses are beyond the scope of this document. A discussion on DoS attacks maybe found in [RFC4732]

Service Operators and Service Providers, within the design of services, will need to consider that services and data may not be available, possibly due to an intentional Denial-of-Service attack. In this case, they will need to consider what their response will be, both in terms of



their response to the client requesting their service (perhaps falling back to historic data from another provider after a certain delay), and as to what action may need to be taken with the service provider to prevent such occurrences in future.

Issue for service providers and service operators concern the fact that they will be accessing data belonging to other content providers and service operators. Therefore they will also need to ensure that their systems are secure and do not compromise the assets of these other parties, especially where only point-to-point encryption is employed between clients and servers in the value chain.

Further information on security basic security terms used can be found in [RFC 2828], while information on specific XML and Web Services Security standards may be found on the websites of the W3C, http://www.w3.org, and on the pages of the OASIS Web Services Security (WSS) Technical Committee, http://www.oasis-open.org/committees/tc_home.php ?wg_abbrev=wss .



4. Legal framework

All actors of eMOTION while engaging in their activities will have to fully comply will all relevant rules and regulation of the different Member States affected by eMOTION. This set of legal rules will form the legal framework of eMOTION, which will be discussed in this chapter. The contractual framework of eMOTION (including issues such as warranties and liabilities) will be discussed in the following chapter.

The rules and regulations that eMOTION actors will have to comply with may change depending on the Member State affected their activities. However, in this chapter all relevant legal issues will only be discussed against the background of Community law.

Most of the legal issues affecting eMOTION have been harmonized through Community law. It should be noted though that the simple fact of harmonisation does not imply that all national rules will be the same. This complication will be discussed at the conclusion of this chapter.

The main legal issues that will be faced by eMOTION actors are Intellectual Property Rights, Privacy and the protection of End users as Consumers.

4.1 Intellectual property rights (IPRs)

4.1.1 The role of IPRs within eMOTION

The eMOTION framework is about the exchange of data on mobility within the European Community. Within this framework some actors will make their data available to other parties. More specifically content owners, directly or through content providers, will make their data available to service operators, to service providers and ultimately to end users.

Moreover, service operators will develop new information (such as maps) on the basis of the data collected from content owners or content providers. This new information will then be transferred through some technological means to service providers and ultimately to end users.

The eMOTION framework will only offer value to all actors in the value chain if content providers’ and service providers’ needs are met sufficiently for them to participate in the eMOTION framework. One of these needs, particularly in the case of a commercial enterprise, will be to protect the value, or potential value, of the information and services that they offer. Content providers and service providers will want to ensure that providing their data and services will not be in conflict with their wishes to maintain their intellectual property rights over them. If providing their information via the eMOTION framework presented increased opportunity for their IPR to be infringed, or compromised their rights to seek redress for any infringement, these potential partners will be dissuaded from participating in the eMOTION value chain.

On the other hand, actors of the eMOTION chain will have to make sure that they are not



infringing the Intellectual Property Rights of some third parties, which could be an actor of eMOTION or an external subject.

4.1.2 Copyright and ‘sui generis’ right

There are two kinds of IPR that could play a role within the eMOTION chain. The ordinary copyright and the so-called ‘sui generis’ right.

The ordinary copyright protects works that constitute the author’s own intellectual creation. The ‘sui generis’ right, where accorded, protects works that does not constitute the author’s own intellectual creation, but that required a substantial investment in order to be made.

The distinction between these two different kinds of intellectual property rights is very important in a context such as eMOTION.

Data provided by the content owner, directly or through a content provider, typically should not be sophisticated enough to enjoy the protection accorded by a copyright. As apparent from D2 (Service definitions) such data mostly deal with traffic or weather conditions.

However, to the extent that such data required a substantial investment in order to be collected and organized, the ‘sui generis’ right will protect them.

Information created by the service operator, on the other hand, may occasionally enjoy the protection accorded by copyright, where sufficiently sophisticated to be considered an intellectual creation (for example a very elaborated and ‘artistic’ map).

Protection accorded by copyright is very long, since it lasts until 70 years after the death of the author. Protection accorded by the ‘sui generis’ right, on the other hand, is shorter, since it last for only 15 years after the completion of the making of the database.

It should be noted that the service operator needs an authorisation by the content owner in order to use and combine data which are covered by a property right of the content owner. Such an authorisation will be provided through a Licence Agreement, as will be discussed below. On the other hand, once the service operator has created the new information, he may enjoy an independent property right protection for it.

Intellectual property protection has been harmonized partly by community law. Harmonisation has been achieved through the use of directives, which implies that national laws implementing directives will be the legal instruments directly applicable.

4.1.3 Directive 96/9/EC on the protection of databases

Very significant to the context of eMOTION is Directive 96/9/EC. Directive 96/9/EC provides for two different kinds of protection for databases. The first kind of protection is the ordinary copyright (Article 1 ff. Directive 96/9/EC). The second kind of protection accorded to databases is the so-called sui generis right (Article 7 ff. Directive 96/9/EC).

Scope and conditions of protection

Protection is made available for any collection of independent works, data or other materials



arranged in a systematic or methodical way and individually accessible by electronic or other means (Article 1 Directive 96/9/EC). The scope of this protection applies both to the copyright and to the ‘sui generis’ right.

As far as the conditions of protection is concerned, copyright protection is accorded to “databases which, by reason of the selection or arrangement of their contents, constitute the author's own intellectual creation”. “No other criteria shall be applied to determine their eligibility for that protection” (Article 3.1 Directive 96/9/EC).

‘Sui generis’ protection on the other hand requires only that “there has been qualitatively and/or quantitatively a substantial investment in either the obtaining, verification or presentation of the contents” on the part of the maker of the database.

Generally both kinds of IPRs come to existence as a consequence of its creation. No registration is required. This is the case for example in Italian law. However the conditions for emergence of such IPRs may vary with respect to the single national law implementing the directive. Therefore each actor of the eMOTION chain interested in the protection of its own IPR should acquire specific information on the applicable national law.

Exclusive rights awarded to the maker of the database

In respect of the expression of the database, which is protected by copyright, the author of a database shall have the exclusive right to carry out or to authorize:

• Temporary or permanent reproduction by any means and in any form, in whole or in part

• Translation, adaptation, arrangement and any other alteration

• Any form of distribution to the public of the database or of copies thereof

• Any communication, display or performance to the public

• Any reproduction, distribution, communication, display or performance to the public of the results of the acts referred to in (b) (Article 5 - Restricted acts - Directive 96/9/EC)

Recital 44 of Directive 96/9/EC specifies that when on-screen display of the contents of a database necessitates the permanent or temporary transfer of all or a substantial part of such contents to another medium, that act should be subject to authorization by the right-holder.

The holder of the ‘sui generis’ right, on the other hand, shall have the right to prevent extraction and/or re-utilization of the whole or of a substantial part, evaluated qualitatively and/or quantitatively, of the contents of that database.

For these purposes:

• 'Extraction` shall mean the permanent or temporary transfer of all or a substantial part of the contents of a database to another medium by any means or in any form

• 'Re-utilization` shall mean any form of making available to the public all or a substantial part of the contents of a database by the distribution of copies, by renting,



by on-line or other forms of transmission

The repeated and systematic extraction and/or re-utilization of insubstantial parts of the contents of the database implying acts which conflict with a normal exploitation of that database or which unreasonably prejudice the legitimate interests of the maker of the database are generally not permitted by national laws. In Italy for example they represent a case of unfair competition.

4.1.4 The risk of infringing IPR

Should an infringement of IPR arise, the infringing subject will face liability for damage caused. Moreover the holder of the IPR that has been infringed may enjoy (i.e. prevent from continuing) the activity that caused the infringement within eMOTION.

The risk of facing liability or injunction may also be incurred by the subject that did not assemble the data or created the information in the first place, but acquired a right of use of such data or information through a Licence Agreement, as will usually be the case in eMOTION.

For this reason the party (the Licensor) granting the use of a certain database or information to another party (the Licensee) will usually warrant that the right of use granted under the agreement is not infringing the IPR of a third party. This warranty has the effect that the Licensor will assume the risk that her counterparty (the Licensee) will incur into liability because the use of such data or information infringes against the IPR of a third party.

Such warranty and covenant on the risk of liability is not mandatory, in the sense that the parties to a Licence Agreement may also agree that the Licensor does not warrant that the use of the data or information subject to licence does not infringe against the IPR of a third party and therefore does not assume any liability whatsoever should such an infringement occur. This could be the case for example when the Licensor is providing the content for free.

4.1.5 The exercise of IPR

Each actor of eMOTION will also benefit from the protection of its own IPR. As has been discussed already, IPR may consist of ‘copyright’ and ‘sui generis’ right. While what is needed to acquire each of these rights may the different (‘intellectual creation’ and ‘substantial investment’ respectively), as their expiration periods (70 years and 15 years, respectively1), the terms and conditions of protection are substantially the same. Therefore both IPRs will be jointly discussed in the following.

The possibility to license the IPR

The holder of IPR may benefit from its right both directly or indirectly through the licence of

1 Starting from different dates. This issue will not be discussed, since it is not relevant to our needs.



such right to a third party. Art. 7.3 of Dir. 96/9/EC expressly provides that the ‘sui generis’ right of the maker of a database may be transferred, assigned, or granted under contractual licence. This possibility is admitted also for ‘copyright’ and is an expression of a general principle governing economic rights.

The autonomy of each right of use with respect to the others

As will be specified in the paragraph on Digital Rights Management IPR is made out of several rights of use. In other words the holder of the IPR is entitled to use its own right in many different ways. From a legal point of view each of these rights is independent from the others. This means that the Licence Agreement will have to specify which right of use has been granted to the Licensee from the Licensor. The simple granting of one or several uses does not imply the granting of all possible uses of the licensed resource.

The right of sublicensing

The Licence Agreement may also specify whether a certain right of use may be sublicensed to third parties. Where it has not been differently specified it will be assumed that the Licensee does not have the right to sublicense the right of use to a third party.

The right to sublicensing is delimited by the grant of licence. This means that the Licensee can only sublicense the rights it was licensed in the first place. Therefore if the Licensee, for example, was not granted the right to ‘extract resource’ it will not be able to sublicense this specific right.

The right to transfer and assign the IPR

The right to transfer or assign the IPR means the right to transfer or assign to a third party the entire nexus of economic rights (rights of use or meta-rights as defined in chapter 5.2) that form the IPR. In other words, IPR may be transferred or assigned as such or may be licensed with respect to specific rights of use.

It can be noted on passing that intellectual property moral rights, such as the right to be acknowledged as the author of a certain creation, may not be transferred, assigned, or licensed.



4.2 Privacy protection

4.2.1 The role of Privacy protection within eMOTION

The eMOTION chain may give rise to several issues of privacy. The right to privacy may be understood as the right to be let alone. It enjoys very wide protection both at the Community level and at the level of the national laws of each Member State. The right to privacy applies to individuals with respect to their personal data, as defined as under Chapter 2 - Definitions.

The eMOTION chain deals with the exchange of data of different kinds relating to facilitating the mobility of individuals at a European level. To this respect several kinds of data are exchanged. Within the services defined in D2, we may distinguish between data provided by content owners (e.g. data on traffic or weather conditions), data provided directly by end users while using these services (e.g. data on the departure and arrival points), and data collected by service providers from end users while administrating the service (e.g. data on the profession of the end user).

Data provided by content providers within the eMOTION chain normally do not raise any issue of privacy. They typically relate to traffic conditions or weather conditions. Therefore they will rarely if ever deal with personal data. There could be some extreme cases where data provided by content providers contains some personal data (such as for example the number plate of a car involved in an accident or personal images taken by a camera and delivered through eMOTION). However such cases seem to be unlikely. Yet, should such cases arise in the operation of eMOTION the content provider should take some steps, as described in the following paragraphs.

For this reason the following paragraphs, describing the steps that should be taken by the actors of eMOTION in order to fulfil the obligations aimed to protect privacy, are directed mainly to data provided by end users while using eMOTION services and to data collected by service providers from end users while administrating eMOTION services.

Moreover, it should be noted that the regulation on privacy would apply to any actor of eMOTION to whom personal data of end users will be passed on. Therefore, where the service providers will pass on personal data of end users to service operators interested in developing Value Added Services based on such personal data, the regulation on privacy will apply also to these service operators.

The following tables show for each use case for information request as defined in D2 - Service definitions -, which raise issues of privacy. The first table deals with information provided by content owners/providers, while the second table deals with information provided by end users.



Table 2: Privacy issues sorted by use cases for information requests, with respect to information provided by content providers

Description of the use cases for information requests

Description of the information provided by the content provider

Does this information raise issues of privacy?

Request of dynamic traffic information on freeways and urban roads:

a) Level of Service (LoS)

Up to date traffic information and historical data

No

b) Travel Times Up to date traffic information No

c) Detour Recommendations

All information which might influence the capacity of the network and actual traffic information

No

d) Disturbance Notification

Road Construction Information, Traffic Jam Notification, Local Events, Road Network Information (e.g. data about planned extension work or tunnel security measures)

No

e) Traffic Cameras Video streams, pictures (e.g. animated gif and static pictures)

Yes

Request of dynamic parking information

Static contents (regulations, tariffs, location, timetables, etc.), Dynamic contents (availability, non availability/occupancy)

No

Request of dynamic information about POI

Importance of POI, Name and alternative name of POI, Address information of POI, Contact information of POI, POI relationships

No

Request of dynamic information about event traffic

Static data about the traffic network, parking facilities, PT lines and timetables; current and forecast data about traffic conditions (in a simple form such as traffic messages), parking occupancies and PT operations (e.g. expected departure times, delays, diversion or addition of lines, cancellation of services); data about weather conditions; map data

No

Request of dynamic information about

Static content (rules, timetable, fares, etc.)

Dynamic content (qualitative conditions of No



public transport transport service, waiting times, regularity of service, news, transport services changed/cancelled, etc.)

Request of dynamic information about weather

Weather data. Historic and current climate data.

No

Request of dynamic car traffic routing/navigation

Traffic Information, Historical or statistical traffic data patterns maintained by traffic and road authorities, Dynamic traffic messages and traffic data, Roadside sensors (e.g. inductive loops), Moving probes (e.g. floating car data).

No

Request of dynamic public transport journey planning

Timetables of several public transport services (trains, buses, ferries, planes, etc.), Information about the current conditions of service (delays, cancellations, etc.)

No

Request of dynamic multimodal journey planning

Network-Information for calculating the routing information, Accommodation, Car rental possibilities, Time schedules of public transport services (trains, buses, ferries, planes), Road information (routable street network as basis for routing engine), Map data displaying routing results in a map, Points of interests

No

Request of dynamic information for freight traffic

Road network data (e.g. Road weight limits, Bridge weight limits, Restricted vehicle class lanes), Traffic flow data (e.g. Trunk road data, Information about historic link journey time, Dynamic link journey times), Traffic messages (e.g. Specific messages to drivers for relevant vehicle classes, Detailed street work data with specific information on lane closures leading to narrow lanes likely to affect HGV operations), Weather data (e.g. Warnings on high winds likely to affect high sided vehicles), Parking data, POI and other additional data, Map data

No

Table 3: Privacy issues sorted by use cases for information requests, with respect to information provided by the end users

Description of the use cases for

Description of the information provided by end users

Does this information raise issues of



information requests privacy?

Request of dynamic traffic information on freeways and urban roads:

a) Level of Service (LoS)

Segment and/or route of the user Yes

b) Travel Times Segment and/or route of the user Yes

c) Detour Recommendations

Actual position and/or route of the user Yes

d) Disturbance Notification

Actual position and/or route of the user Yes

e) Traffic Cameras Segment and/or route of the user Yes

Request of dynamic parking information

Area/location where to make the search; Kind of parking place required; At what time the information should be delivered

Yes

Request of dynamic information about POI

Which type of POI the user is looking for (e.g. Lodging, Eating & Drinking, Healthcare, Entertainment); the address or the environment of the POI (e.g. a specified extent around the user’s position)

Yes

Request of dynamic information about event traffic

Address location of the event or event name; Start time of the event or latest possible arrival time at event location, Origin of journey (GPS-positioning is a possible alternative to explicit user input); Intended or current mode of travel (and in addition preferred route type/road class or PT type(s)

Yes

Request of dynamic information about public transport

Start location (departure); End location (destination)

Yes

Request of dynamic information about weather

Area or route information; Time period information; Relevant types of weather conditions

Yes

Request of dynamic car traffic routing/navigation

Origin of the route; Destination of the route; Possible stopover locations; Preferred or excluded road types; Type of route (e.g. fastest, shortest, most economic); Vehicle

Yes



characteristics (e.g. fast or slow car)

Request of dynamic public transport journey planning

Start location (departure); End location (destination); Possible stopover locations; Excluded or preferred transport means; Necessary equipment of station, stop or vehicle (e.g. lift or bike entrainment); Maximum number of changes; Date and time of the trip (time: departure vs. arrival time)

Yes

Request of dynamic multimodal journey planning

Possible choices of means of transport, max. number of changes, possible over night stays; Start location (departure); End location (destination); Possible stopover locations; Preferred transport means; Preferences for fastest/shortest/cheapest route; Date and time of the trip (time: departure vs. arrival time); Display of points of interest along the route or at the start/end location

Yes

Request of dynamic information for freight traffic

Origin, destination/destinations, estimated unload/load times for multi-leg trips; Current vehicle location and intended destination; Vehicle dimensions, axle weights, typical speeds on typical roads, turning circles; Constraints w.r.t. tachometers for reconciliation with necessary stops; Driver related parameters might be required, including legal driving limits, break and rest periods, shift lengths; Carriage of dangerous or valuable goods; Roads and sections not to be used by reason of personal experience.

Yes

As is apparent from these tables, privacy issues are mostly raised by information provided by end users while using eMOTION services. This is not surprising, since eMOTION will be based to a certain extent on personal data provided by end users in order to provide more valuable services.

On the other hand, it could noted that among the information typically provided by eMOTION content owner/provider (such as highway or public transportation operators) the only kind of information that at least prima facie raise privacy issues is the information generated by traffic camera.



During the following discussion we will refer mostly to the rules set forth in the European Directive 95/46/EC regarding the processing of personal data2, in the European Directive on privacy in electronic communications3, and in the European Directive on the retention of traffic and location data4.

All actors of eMOTION faced with issues of privacy will have to develop a detailed privacy policy, reflected in a privacy statement made available to end users.

Article 4 of Directive 95/46/EC specifies that the national law implementing the Directive that will apply to each controller is the national law of the Member State were the controller is established. This provision is very important for services such as eMOTION services (which are typically provided to end users of different European nationalities) because it enables each eMOTION actor to rely on its own national law for the processing of all personal data in his possession, irrespective of the nationality of the data subjects. If the applicable law was the national law of the data subject (which is not the case) the controller should apply the national law of each data subject when processing the correspondent personal data. Such a regime would make processing more complicated and costly.

4.2.2 Obligations under Directive 95/46/EC on the processing of personal data

Directive 95/46/EC applies to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system (Article 3 Directive 95/46/EC) 5.

Collecting, recording, storing, consulting or disseminating personal data all qualify as processing. So whenever an eMOTION service provider collects personal data from its end users, such as names, invoicing details, phone numbers, etc, the rules of the directive will have to be complied with if the processing is done by automatic means.

This will be the case for all eMOTION service applications, as the personal data will be transferred and/or will be stored in server or computer databases.

Notification

Before carrying out any - wholly or partly - automatic processing operation the eMOTION

2 Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23 November 1995, 31. 3 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, OJ L 201, 31 July 2002, 37. 4 Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC, OJ L 105, 14 April 2006, 54. 5 Chapters 4.2.2 and 4.2.3. reproduce the scheme and some of the content of BRIDGE-IT BRinging Innovative Developments for geographic Information Technology - D2.8.2 Legal guidelines and contract models.



actor needs to notify the national supervisory authority. In some cases national laws may provide for a simplification or exemption from notification (Article 18.2 Directive 95/46/EC).

National authorities competent to receive such notification are, for example, the Italian Garante per la protezione dei dati personali, the French Commission Nationale de l’Informatique et de Libertés, the Belgian Commissie voor de Bescherming van de Persoonlijke Levenssfeer, the German Bundesbeauftrage für den Datenschutz.

Person responsible for the notification

The directive specifies that the notification to the national supervisory authority must be given by the controller or his representative (Article 18.1 Directive 95/46/EC).

The Directive defines the ‘controller’ as the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of the personal data (Article 2 (d) Directive 95/46/EC).

In other words, the person who decides whether and for what reasons the data will be kept and processed, and in what form and with which resources this will be done has the responsibility of filing the notification. In many cases, the controller will be the undertaking, which, as a legal person, cannot act in person, but through the means of a natural person.

For a private sector undertaking, the ultimate responsibility will lie with the Chief Executive Officer, or the manager or director who he has delegated authority to, or who can act on his behalf. For a public sector body, a senior public official, such as the director or the secretary-general of the department, should file the notification.

Content of the notification

The following information has to be given in the notification to the supervisory authority (Article 19 Directive 95/46/EC):

• The name and address of the controller and of his representative, if any

• The purpose or purposes of the processing (customer management, billing, etc)

• A description of the category or categories of data subjects and a description of the data or categories of data relating to them (the category of data subjects will be the eMOTION end users; the categories of data will include data such as name, address, phone number, electronic identification information, etc)

• The recipients or categories of recipient to whom the data might be disclosed (personal data may be disclosed for example by eMOTION service providers to eMOTION service operators interested in developing Value Added Services using such personal data)

• Proposed transfers of data to third countries (should eMOTION actors consider to transfer personal data acquired from end users to third countries - countries outside the EU - they will need to inform the national supervisory authority. Transfers to third countries pose the risk that in such countries the regulation protecting privacy is less effective than the European regulation. Generally eMOTION actors will not be able to



transfer personal data to third countries in order to circumvent the application of the European regulation concerning privacy)

• A general description allowing a preliminary assessment to be made of the appropriateness of the measures taken pursuant to ensure security of processing

• Depending on the national legislation, additional information may be required in some countries.

The processing of personal data

Criteria for making the data processing legitimate

The directive on the processing of personal data provides a fix number of conditions under which personal data can be processed (Article 7 Directive 95/46/EC). This can only be the case if:

• The data subject has unambiguously given his consent; or

• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or

• Processing is necessary for compliance with a legal obligation to which the controller is subject; or

• Processing is necessary in order to protect the vital interests of the data subject; or

• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed; or

• Processing is necessary for the purposes of legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject, which require protection.

eMOTION actors need only to show that one of these conditions is present in order to be entitled to process personal data acquired while operating an eMOTION activity.

It can be noted that processing of personal data is allowed when it is necessary for the purpose of legitimate interests pursued by the controller (e.g. the eMOTION service provider), third parties, or parties to whom data are disclosed (e.g. the eMOTION service operator). This last condition is very broad, since it includes any legitimate commercial interest to use personal data in order to provide Value Added Services. However, it should also be noted that the ability to use personal data in order to provide such services is not without limits. The interests for fundamental rights and freedoms of the data subject, which require protection, may override commercial interests.

In order to minimise the risk of facing liability for illegitimate data processing, eMOTION actors should acquire the previous consent of the data subject (e.g. the eMOTION end user).



Principles relating to data quality

According to the directive on the processing of personal data, personal data must be:

Processed fairly and lawfully

Collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes

Adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed

Accurate and, where necessary, kept up to date: every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified

Kept in a form, which permits identification of data subjects for, no longer than is necessary for the purposes for which the data were collected or for which they are further processed. To this respect special provisions apply to traffic and location data as provided by Directive 2006/24, which will be discussed later on

Information to be given to eMOTION end users as data subjects

When the eMOTION service provider processes the data of his end users, he has to provide the end user with certain information about the processing. A distinction is made between the situation where the eMOTION service provider obtains the data from the end user itself, and the situation where the data have not been obtained from the end user, but from a third party.

Information in cases of collection of data from end users

When the data are obtained from end users, either before, during or after the conclusion of the contract, the following information must be provided to end users:

The identity of the controller and of his representative, if any

The purposes of the processing for which the data are intended

Moreover, the following further information must be provided to end users in so far as such information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject:

The recipients or categories of recipients of the data (this will be the case for example when the eMOTION service provider is planning to transfer end users’ personal data to a third party such as an eMOTION service operator)

Whether replies to the questions are obligatory or voluntary, as well as the possible consequences of the failure to reply (this provision applies for example for questioners posted on the internet where several fields have to filled)

The existence of the data subject’s right of access to and the right to rectify the data concerning him



To this last respect it should be noted that the data subject (e.g. the eMOTION end user) has a right to access his personal information held by the controller (e.g. the eMOTION service provider) and a right to rectify such information (Article 12 Directive 95/46/EC).

Information when the data have not been obtained from end users

The same information as described in the previous paragraph (identity of the controller, purposes of the processing, etc) must be provided to the data subject (e.g. the eMOTION End user) when the personal data have been acquired by a third party (Article 11 Directive 95/46/EC).

However, the Directive specifies that the controller (e.g. the eMOTION service provider or operator) does not need to provide such information when the data subject already has it. If the third party has collected such personal data legitimately from the end user, it may be assumed that the data subject already has this information. Therefore, the eMOTION actor acquiring such data from a third party will not need to provide such information t0o the data subject a second time.

The contract between the third party and the eMOTION actor interested in acquiring personal data in order to provide Value Added Services using these personal data will specify whether the third party (licensing the use of such data) warrants that the regulation concerning privacy has been fully respected (i.e. that the data have been collected legitimately from end users and that they have been informed among other things of the purposes of the processing, the possibility that they will be transferred to a third party, and the identity or the category of such third party).

Security measures

eMOTION service providers or service operators processing personal data must implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Having regard to the state of the art and the costs of their implementation, these measures have to ensure a level of security that is appropriate to the risks involved in the processing and to the nature of the personal data.

The Directive foresees the possibility that subjects responsible for the processing of the personal data such as eMOTION service providers or operators delegate the processing of personal data collected within their activities to third parties, which not fall under their authority or responsibility, for example other undertakings processing personal data on the basis of a contract with the controller (the processor).

In such cases eMOTION service providers or operators are obliged to choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out. Moreover, eMOTION



service providers or operators must make sure that the measures are complied with by the processor.

4.2.3 Obligations under Directive 2002/58/EC on privacy and electronic communications

eMOTION services will be delivered through electronic communications systems such as the Internet, mobile phones, GPS. Therefore, the regulation set forth by Directive 2002/58/EC will apply. This regulation is mainly concerned with electronic traffic data (i.e. data processed for the purpose of the conveyance of a communication on an electronic communication network) or location data (i.e. data indicating the geographic position of the terminal equipment of the end user).

Obligations concerning electronic traffic data

Electronic traffic data are any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof (see the complete definition under chapter 2). For instance, electronic traffic data may consist of data referring to the routing, duration, time or volume of a communication, to the protocol used, to the location of the terminal equipment of the sender or recipient, to the network on which the communication originates or terminates, to the beginning, end or duration of a connection, etc (Recital 15 Directive 2002/58/EC).

These data have to be erased or made anonymous when they are no longer needed for the transmission of the communication. An exception to this rule is made for data that are needed for the billing and interconnection payments of the users, such as the name and address of the user, the phone number, the duration of the connection, the country where the communication originates from or is destined to, etc. These data can be kept up to the end of the period during which the bill may lawfully be challenged or payment pursued.

eMOTION Service providers have to inform end users of which types of electronic traffic data are being processed and how long they will be kept. When eMOTION service providers want to process the data for marketing purposes (e.g. processing the time of the user’s communications, in order to offer him varied rates depending on the moment of the day he uses the communication network), they have to obtain consent from end users prior to the processing.

Obligations concerning location data other than electronic traffic data

Location data are data indicating the geographic position of the terminal equipment of an end user. Processing of such data raise intuitive privacy concerns. Therefore they are subject to a very restrictive regulation set forth by Directive 2002/58/EC6.

6 For the description of value added services that can be provided using location data see Working Party 29, Opinion on the use



These location data can only be processed when they are made anonymous, or with the consent of the user and only to the extent and for the duration necessary for the provision of the value added service. Again, the user has to be informed which data are being processed, and of the purpose and duration of the processing. The user must always have the possibility of temporarily refusing the processing for each connection to the network for each transmission of a communication.

This information should be given in the contract with the user or in the privacy statement that is made available to the user. If the privacy statement is placed on the website, it is advisable that the user will have to agree with the statement before he can access the service.

On the other hand, location data (as also traffic data) have to be retained by eMOTION actors to the extent required by national law implementing Directive 2006/24/EC.

Obligations concerning “cookies”

The use of cookies is bound to the same conditions as any other processing of personal data. Therefore, eMOTION service providers should inform end users in the privacy statement about the possible use of cookies on the website and of their purpose. The user should also have the opportunity to refuse to have a cookie or similar device stored onto their terminal equipment. Access to specific website content can still be made conditional on the well-informed acceptance of a cookie or similar device, if it is used for a legitimate purpose, such as the facilitating of the provision of the service (Recital 25 Directive 2002/58).

4.2.4 Obligations under Directive 2006/24/EC on the retention of data

Directive 2006/24/EC deals with the retention of traffic and location data generated or processed in connection with the provision of publicly available electronic communications services. It will therefore apply also to eMOTION services.

This regulation is aimed at making traffic and location data available to public authorities in order to enable them to investigate, detect, and prosecute serious criminal offences. The exact definition of what represent an offence serious enough to justify retention of such personal data is left to national laws implementing the Directive.

At the outset it should be noted that the obligations set forth by Directive 2006/24/EC does not apply to the content of electronic communications, including information consulted using an electronic communications network. Therefore, eMOTION Service providers will not need to retain information on the requests of end users, such as the destination of a navigation request. Such information will be subject to the ordinary regulation on privacy.

of location data with a view to providing value-added services, November 2005. This opinion provides also a brief discussion of the legal framework of such services.



Categories of data to be retained

The following categories of data must be retained under Directive 2006/24/EC:

Data necessary to trace and identify the source of a communication

• Concerning fixed network telephony and mobile telephony

o The calling telephone number

o The name and address of the subscriber or registered user

• Concerning Internet access, Internet e-mail and Internet telephony

o The user ID(s) allocated

o The user ID and telephone number allocated to any communication entering the public telephone network

o The name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication

Data necessary to identify the destination of a communication


o The number(s) dialled (the telephone number(s) called), and, in cases involving supplementary services such as call forwarding or call transfer, the number or numbers to which the call is routed

o The name(s) and address(es) of the subscriber(s) or registered user(s)

• Concerning Internet e-mail and Internet telephony

o The user ID or telephone number of the intended recipient(s) of an Internet telephony call

o The name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication

Data necessary to identify the date, time and duration of a communication


o The date and time of the start and end of the communication


o The date and time of the log-in and log-off of the Internet access service, based on a certain time zone, together with the IP address, whether dynamic or static, allocated by the Internet access service provider to a communication, and the user ID of the subscriber or registered user

o The date and time of the log-in and log-off of the Internet e-mail service or



Internet telephony service, based on a certain time zone

Data necessary to identify the type of communication


o The telephone service used

• Concerning Internet e-mail and Internet telephony

o The Internet service used

Data necessary to identify users’ communication equipment or what purports to be their equipment

• Concerning fixed network telephony,

o The calling and called telephone numbers

• Concerning mobile telephony

o The calling and called telephone numbers

o The International Mobile Subscriber Identity (IMSI) of the calling party

o The International Mobile Equipment Identity (IMEI) of the calling party

o The IMSI of the called party

o The IMEI of the called party

o In the case of pre-paid anonymous services, the date and time of the initial activation of the service and the location label (Cell ID) from which the service was activated


o The calling telephone number for dial-up access

o The digital subscriber line (DSL) or other end point of the originator of the communication

Data necessary to identify the location of mobile communication equipment

• The location label (Cell ID) at the start of the communication

• Data identifying the geographic location of cells by reference to their location labels (Cell ID) during the period for which communications data are retained.

Period of retention

Each national law transposing Directive 2006/24/EC will specify for how long the relevant data will need to be retained. However Article 6 of the Directive provides that such period must be not less than six months and not more than two years from the date of the communication.



Data protection and data security

eMOTION service providers and service operators will also have to adhere to certain principles on data security with respect to data retained in accordance with the Directive. These principles will be specified by the national law transposing the Directive and applicable to the specific service provider.

The Directive set forth a minimum level of data security below which the applicable national law may not fall.

The minimum principles provided for by the Directive are the following:

• The retained data shall be of the same quality and subject to the same security and protection as those data on the network

• The data shall be subject to appropriate technical and organisational measures to protect the data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful storage, processing, access or disclosure

• The data shall be subject to appropriate technical and organisational measures to ensure that they can be accessed by specially authorised personnel only

• The data, except those that have been accessed and preserved, shall be destroyed at the end of the period of retention

4.3 Special provisions protecting end users as consumers

Service providers within eMOTION will also face issues relating to consumer protection, to the extent that end users they contract with are consumers.

The two relevant legal instruments to this respect are the Directive 97/7/EC on the protection of consumers in respect of distance contracts and the Directive 93/13/EC on unfair terms in consumer contracts.

Both Directives define ‘consumer` as any natural person who is acting for purposes, which are outside his trade, business or profession.

Both Directives set forth a set of rules that are mandatory in the sense that the contract between the Service provider and the consumers may not opt out of this regulation.

4.3.1 Directive 97/7/EC on distance contracts

'Distance contracts` are any contract concerning goods or services concluded between a supplier and a consumer under an organized distance sales or service-provision scheme run by the supplier, who, for the purpose of the contract, makes exclusive use of one or more means of distance communication up to and including the moment at which the contract is concluded.

Contracts concluded between Service providers and End users acting as consumers will fall under this definition. Therefore Service providers of eMOTION will have to take care of the provisions set forth by Directive 97/7/EC.



Briefly stated Service providers will need to make certain information available to consumers prior to the conclusion of the contract. Moreover consumers will have a right of withdrawal from the contract after the contract has been concluded for a period of at least 7 days (national laws may provide for a longer period). Service providers will have to inform consumers about the existence of this right of withdrawal. If they don’t fulfil this obligation the right of withdrawal may be exercised within three months from the conclusion of the contract.

The Service provider is obliged to provide to the End user/consumer the following information “in good time” prior to the conclusion of the distance contract:

• His identity and, in the case of contracts requiring payment in advance, his address;

• The main characteristics of the services provided;

• The price of the services including all taxes;

• Delivery costs, where appropriate;

• The arrangements for payment, delivery or performance;

• The existence of a right of withdrawal;

• The cost of using the means of distance communication, where it is calculated other than at the basic rate;

• The period for which the offer or the price remains valid;

• The minimum duration of the contract in the case of contracts for the supply of services to be performed permanently or recurrently.

The Directive specifies that the above mentioned information, the commercial purpose of which must be made clear, must be provided in a clear and comprehensible manner in any way appropriate to the means of distance communication used, with due regard, in particular, to the principles of good faith in commercial transactions.

4.3.2 Directive 93/13/EC on unfair terms

Service providers in contracts with End users/consumers must also take care that these contracts do not contemplate unfair terms as defined by Directive 93/13. Such terms will not be binding for consumers. The Directive contains a list of terms that is presumed to be unfair. The Service provider may try to prove that given some specific circumstances such terms are not unfair.

The following terms are presumed to be unfair. Terms that have the object or effect of:

• Excluding or limiting the legal liability of the Service provider in the event of the death of a consumer or personal injury to the latter resulting from an act or omission of that Service provider;

• Inappropriately excluding or limiting the legal rights of the consumer vis-à-vis the Service provider in the event of total or partial non-performance or inadequate performance by the Service provider of any of the contractual obligations;



• Making an agreement binding on the consumer whereas provision of services by the Service provider is subject to a condition whose realization depends on his own will alone;

• Permitting the Service provider to retain sums paid by the consumer where the latter decides not to conclude or perform the contract, without providing for the consumer to receive compensation of an equivalent amount from the Service provider where the latter is the party cancelling the contract;

• Requiring any consumer who fails to fulfil his obligation to pay a disproportionately high sum in compensation;

• Authorizing the Service provider to dissolve the contract on a discretionary basis where the same facility is not granted to the consumer, or permitting the Service provider to retain the sums paid for services not yet supplied by him where it is the Service provider himself who dissolves the contract;

• Enabling the Service provider to terminate a contract of indeterminate duration without reasonable notice except where there are serious grounds for doing so;

• Automatically extending a contract of fixed duration where the consumer does not indicate otherwise, when the deadline fixed for the consumer to express this desire not to extend the contract is unreasonably early;

• Irrevocably binding the consumer to terms with which he had no real opportunity of becoming acquainted before the conclusion of the contract;

• Enabling the Service provider to alter the terms of the contract unilaterally without a valid reason which is specified in the contract;

• Enabling the Service provider to alter unilaterally without a valid reason any characteristics of the service to be provided;

• Providing for the price of services to be determined at the time of delivery or allowing the Service provider to increase its price without in both cases giving the consumer the corresponding right to cancel the contract if the final price is too high in relation to the price agreed when the contract was concluded;

• Giving the Service provider the right to determine whether the services supplied are in conformity with the contract, or giving him the exclusive right to interpret any term of the contract;

• Limiting the Service provider’s obligation to respect commitments undertaken by his agents or making his commitments subject to compliance with a particular formality;

• Obliging the consumer to fulfil all his obligations where the Service provider does not perform his;

• Giving the Service provider the possibility of transferring his rights and obligations under the contract, where this may serve to reduce the guarantees for the consumer, without the latter's agreement;



• Excluding or hindering the consumer's right to take legal action or exercise any other legal remedy, particularly by requiring the consumer to take disputes exclusively to arbitration not covered by legal provisions, unduly restricting the evidence available to him or imposing on him a burden of proof which, according to the applicable law, should lie with another party to the contract.

The regulation on unfair terms set forth by Directive 93/13/EC applies only to standard form contract, i.e. to contract that has been unilaterally formed by the Service provider and that have been adhered to by the consumer. It does not apply to contracts or specific clauses that have been negotiated between the parties. However it is clear that End users within eMOTION, particularly when consumers, will never be able to negotiate the contracts they conclude with the Service provider. Therefore Service providers within eMOTION will have to take care that the standard form contracts they use with consumers do not contain any of the terms that are presumed to be unfair by Directive 93/13/EC.

4.4 The international dimension of eMOTION

All legal issues that have been discussed so far (IPR, Privacy and Consumer Protection) have been - wholly or partly - harmonized by Community law through the use of Directives. Harmonization of national laws is extremely useful to services such as eMOTION because it enables the different actors of the chain to operate within a much simpler legal framework.

It should be noted however that harmonization through Directives does not imply that each actor of eMOTION with deal with one and the same law with respect to the different legal issues of relevance.

There are in fact two different kinds of harmonisation of laws: full harmonization and minimum harmonization. Full harmonization implies that old national laws are substituted with a new legal instrument of European source, such as a Regulation. Minimum harmonization implies that each national law is obliged to provide a certain minimum standard of protection to a certain right (such as Privacy or IPR) but it remains free to provide for a higher standard of protection for that same right. It is clear then that minimum harmonization does not guaranty that the legal framework will be the same across Europe. In other words the legal obstacles between the different Member States are not eliminated completely.

IPR, Privacy and Consumer Protection have all been subject to minimum harmonization. Therefore each actor of eMOTION may not simply rely on the content of the Directive, but will need to discover which national law applies to its activity and then conform to the national law implementing the Directive.



5. Contractual framework

5.1 Introduction

In this chapter the contractual framework of eMOTION will be described. First a conceptual model will be developed. Then the most relevant contractual issues will be discussed from a legal point of view against the background of this model.

5.2 Conceptual model of rights and licences

The actors of the eMOTION value chain have the need to establish contractual relationships between each other, which govern the use of resources like eMOTION content and services. These contractual relationships are comparable to the licensing of digital media content and services, such as music, text, or film. Essentially, and very much simplified, a licence gives a permit to make use of a copy of some content or to make use of a certain service.

In the realm of multimedia, adequate standards for digitally describing and enforcing licensing contracts already exist and are in use. The name Digital Rights Management (DRM) has been dubbed for this approach. The eMOTION specification should make use of these developments and exploit them as much as possible. eMOTION, however, needs extension to multimedia DRM, which are due to its distributed Service Oriented Architecture (SOA) and the fact that most content in eMOTION is geospatial. Standards, accommodating for the needs of Spatial Data Infrastructures are beginning to emerge, and the eMOTION specification will employ them.

This chapter makes use of one prominent (and suited) emerging standard to establish an abstract model of rights and licensing, including the various actors, their roles and the possible constraints in acting on licensed resources.

In this place we are restricting ourselves to a “Model of Rights and Licences”, and are not elaborating this towards a possible architecture of a geo-enabled DRM system. The purpose of this section is solely to set up a Reference Model for the analysis and documentation of inter-actor policies in eMOTION. The abstract model will make it possible to more clearly arrange the actors of eMOTION’s value chain, identify their licensing needs, and to relate these to expected geospatial standards.

An assembly of requirements and analysis regarding the necessary security infrastructure has been conducted for eMOTION deliverable D2, and a precisely specified architecture of the necessary services will be given in the eMOTION Technical Specification (WP3).

5.2.1 Geo-enabled DRM Principles

This section shall give a short overview over the vocabulary of concepts regarding DRM and geo-enabled DRM. Particularly, the special requirements of a distributed SOA shall be pointed out, and it shall be made clear, where a DRM system might be helpful.



DRM, GeoDRM, Licences

In a distributed SOA, like eMOTION, it is necessary to take measures that the owner of a resource (some valuable digital content or a service) can be confident that he will be able to obtain a fair value for committing that resource for use by others. Due to the nature of digital content and services and their distribution via widespread networks, this is not at all equivalent to selling some physical good, where possession is usually the same thing as ownership.

When a user acquires a digital resource, he or she will usually receive a copy of that resource together with a right to make a certain use of it. In the digital world contracts based on licences have been established as the standard for controlling the legal relation between the owner of a resource and a user of that resource.

In the realm of multimedia the name Digital Rights Management (DRM) has been dubbed for the approach of describing and enforcing licences by appropriate software components. The eMOTION specification should make use of these developments and exploit them as much as possible.

DRM, stands for a system of digital resource licensing which takes care of the following requirements:

• A user may legitimately act upon a resource if he or she has a corresponding licence for that act.

• The owner assures a guaranteed level functionality of the resource and maintains the resource.

• The user pays the owner according to agreed criteria, as stated in the licence. Of course, acting on the resource may also be free.

• The user agrees to protect the owner’s rights by not acting in a way different on the resource as stated in the licence.

The business relationships expected to be prevalent between the actors of eMOTION’s value chain are, however, much more complex than in the case of multimedia, which is essentially constrained to the B2C case. In eMOTION we have to consider A2B, B2B and B2C relationships and complex business models. Also, the content or services (the resources) in eMOTION are much more refined and diverse than in the multimedia case. eMOTION will not only have to deal with static content (which is comparable to a piece of music or text), but also with dynamically created content which is only produced and delivered on request of a single user (i.e. personalised information, like routing information). A model of rights (licences) in eMOTION will therefore not only need to enumerate allowable acts on the resources permitted to the Licensee, but will also need to contain a sophisticated model of constraints on resource properties and other context to acquire the resource in the first place.

Last but not least, it has to be recognised that the resources of eMOTION are geospatial by their nature – they are based on geometry. It is to be expected that licensing will impose



constraints, which refer to geometric properties. For example, only content belonging to a certain region on the surface of the earth may be given permit to use, or an end-user may only use some data if she or he is currently located at a certain position. We therefore speaking of geo-enabled DRM, or short GeoDRM.

Trust, Protection, Remediation

If the world were ideal, it would be sufficient to establish contracts (through licences) between the owner of a resource and the users of the resource. All partners would fulfil their obligations (as stated above), because they would trust each other in the limits the contract prescribes.

Indeed, any form of business (including the eMOTION value chain) cannot be done without a certain level of mutual trust. The user, who acquires a licence has to trust the owner that he would deliver the resource with the described properties and the assured level of service, and the owner has to trust the user that he would not use the resource for purposes other than specified in the licence.

Trust is coupled to the risk a party takes when the other party breaches the trust, i.e. infringes the licence or a right. If there is little risk, for example, in case using a service is free, trust can be high. If there are big risks involved, may-be that a user steals a resource and licenses it to others on his own, then trust may be equivalently low.

There two ways to deal with the problem of low or even negative trust (distrust):

• Protection

• Remediation

See also the diagram below, which has been copied from OGC GeoDRM RM.

Remediation(Enforcement)

Protection (Security)

Trust

Figure 7: Relationship between Trust - Protection - Remediation (OGC GeoDRM RM)

Protection works before an infringement of contractual rights has occurred (ex ante facto). Protection lets the user unhamperedly act on the resource in ways as stated in the licence,



however, protection makes it at least difficult for him to abuse the resource in some way. A protection system therefore increases trust by lowering the risk of breach of the contract.

Protection is actually the main approach of any DRM system. In a DRM-enabled system the rights assembled in a machine readable form of the licence document are interpreted and held against requests from the user. Those requests, which are not compatible with the rights are refused or at least reduced to the allowed range.

This includes checking to the metadata associated with the requesting user, the parameters of the request it self, the metadata of the invoked processes, the licence and its granted rights, the metadata of the resources involved. In other words: Protection is done by extensive metadata verification.

Remediation works after a breach of contract has occurred (ex post facto) and aims at correcting the illegal act by actions, which are part of the contract or part of common law (for example by paying compensations).

For remediation to work, the other party has got to know about the breach of contract that has occurred. So, therefore some form of tracking the actions of the user has to take place. Remediation lowers the risk of breach of the contract (and therefore increases trust) by making the infringement risky for the infringer.

The diagram above shall demonstrate that it is necessary in any contractual relationship to find a “sweet point” in the triangle of Trust, Protection and Remediation, where the business model is best working. Today only little protection measures are implemented in Spatial Data Infrastructures, because the service definitions employed to not support this. This means that a point somewhere on the line between Trust and Remediation (near to Trust) is adopted. With geo-enabled DRM in effect, Protection will be available and more valuable (risky) resources can be made available.

Metadata

DRM is about metadata. Resources and actors (called principals) are associated to descriptions, which have to be tracked and matched. DRM-controlled actions can proceed if the matching process has a positive outcome.

Metadata for Users, Resources, Licences including Rights, and Processes is required.

The metadata concerning Users is required when a service request is to be DRM-checked and the most important metadata item attached to a User is his identity. The process of finding out, whether a User in the system is the one he claims to be, is called “authentication”. Authentication of Users is one of the most important operations. Users usually bear more metadata items than just identity (name, sex, address, etc.)

Resources have their identity, however they can also be identified by a pattern, which stands for a class of resources. Besides they can bear metadata, which describes their content and their service interface.

Licences and Rights will be extensively treated in the next sections.



Processes can have an identity, but will also be identifiable by means of a pattern. The metadata includes for example a proof of its compliance to some standard, the implementer’s identification.

Available Standards

In the realm of multimedia, adequate standards for digitally describing and enforcing licensing contracts already exist, for example ISO 21000-5 (ISO-REL). As has become clear, eMOTION will need an extension to this approach.

The Open Geospatial Consortium (OGC) currently develops an abstract standards proposal, which is aligned with the model underlying ISO 21000-5, but also accommodates for the increased complexity of the business relationships in Spatial Data Infrastructures (compared to the multimedia case). The specification at the time being is rather advanced and is close to being adapted as an open standard:

Geospatial Digital Rights Management Reference Model (GeoDRM RM) Version 1.0.0 as of 2006-02-28

The Model of Licences and Rights at hand is derived from this document, containing only few adoptions to its use in eMOTION.

OGC’s GeoDRM RM is just a Reference Model, which means that concrete implementation specifications still have to be developed. Such a specification might of course be built on top of ISO 21000-5, however, this standard is patented by Microsoft Corp., Redmond WA, and IBM Corp., Armonk NY.

There are also other standards and developments, which aim at nearly the same direction as ISO 21000-5, and which can be expected to have the qualification to be usable as the basis for an implementation specification of OGC GeoDRM RM.

1. ODRL (Open Digital Rights Language) is a Right Expression Language standard, originally stemming from W3C, but now being promoted by the “ODRL Initiative”, which is an organisation open for public participation.

2. XACML (eXtensible Access Control Markup Language) concentrates on the Access Control aspect, which is, however, the main aspect in DRM. If supplemented by appropriate authentication, XACML, and particularly GeoXACML, which is also a current development at OGC, may cover a good deal of the GeoDRM requirements.

5.2.2 Principals and Roles

This section deals with the actors in a DRM-enabled business environment (which we call Principals) and the various Roles they have to play in order to set up a working business model.

Actually, as it turns out these roles are not really different from the roles, which would have to be taken on by people in a business model without DRM-enabling. Of course, because, for example, people are not good at checking on-line requests, the balance would tend towards



trust and remediation. Checking and managing licences is a typical job for a software system.

Principals

While we are concentrating on contractual relationships, we will use the term Principal for all active entities in the eMOTION value chain, i.e. those who initiate requests to view traffic jams or parking information, those how collect the data and provide them, those who provide services, and those who collect the fees.

Most Principals are persons or organisations.

In an IT-oriented view, however, the term Principals may also extend to automated entities expressed by software, which are under control of persons or organisations. The software then stands for the presence of these people in the system or on the network.

Roles

The principals in the eMOTION value chain of services take on various “roles”. While in a technical sense of a Service Oriented Architecture these roles might seem to be constrained to just “provide service” and to “use service”, there are quite a few more roles, if viewed regarding the requirements of a business model.

The following model of Roles7 is from the OGC GeoDRM RM.

7 The terms “Service Provider” and “End-User” from the OGC GeoDRM RM were changed to “Resource Provider” and “User”, because the former would conflict too confusingly with the “Service Provider” and “End User” of the eMOTION value chain. For example, any member of the eMOTION value chain, except may-be the Content Provider, takes on a User Role, but is certainly not an End-User..



PaymentProvider

Owner,Licensor Licensee

LicensingAgent

LicenceManager

Sub-licensee

UserResourceProvider

Licence feepayment

delegate licensing

register licencedelegate hosting

Give valid licence

request

contract

assign licence

delegate work

establish credentials

response

assign sublicence

Figure 8: Model of Roles - OGC GeoDRM RM

Principals carry out all the Roles illustrated above.

All Roles determine certain responsibilities, and entail particular properties and specific behaviour. Of course, one and the same Principal can play more than one of these Roles, and certainly will, according to the specific needs of a business model.

When we say a User is acting in some way, we always mean a Principal, acting in the Role of a User. This means, we are naming Principals according to the Role they take on.

This is a detailed description of the Roles outlined above:

Table 4: Description of the Roles - OGC GeoDRM RM

Role Description Responsibility

Owner, Licensor

This is the owner of the Intellectual Property. It is the person or organisation, which created the content, or otherwise obtained comprehensive legal rights over how the Intellectual

Original Licensor of Intellectual Property.

Defines the extent of licensing in terms of rights and spatial and temporal amounts. He also defines terms and conditions to be applied, which typically include a pricing model.

Delegates all or part of these licensing




Property is used. extents to Licensing Agent.

He is contracting party to the Licensee.

He accepts payments from the Licensee via a Payment Provider.

He delegates hosting of the resource servicing to a Resource Provider.

Licensing Agent

Manages the Licence creation according to the constrains specified by the Owner.

Creates Licences based on the Owner-defined constraints. This includes the checking of necessary pre-conditions.

Ensures that the licence Manager has knowledge of any licence in force.

Resource Provider

Hosts the Resource on behalf of the Owner.

Services requests form the User sending appropriate responses.

Ensures that access is only allowed when a valid Licence is presented and all conditions imposed in the Licence are fulfilled.

May request Licences from the Licence Manager based on User’s credentials.

Licensee Owns an assigned set of rights as defined in a licence.

Acquires rights to access a resource. These rights, including terms and conditions, are defined in a licence.

Possibly owes fees to the Owner, which he passes to him by means of a Payment Provider.

Rights granted by the Licence may include the rights to sublicense resource.

Sub-licensee Owns an assigned subset of the rights assigned by the Licensee.

Is assigned a subset of rights, including terms and conditions.

Delegates work (accessing the resource) to User.

User Uses/accesses the resource. Accesses the resource to maximally the extent defined in the licence.

Licence Manager

Manages licences on behalf of the Owner, and doing this acts as a trusted third party between

Registers new and updated licenses.

Provides licence validation for the




the Owner and the Licensee. Resource Provider.

Payment Provider

Manages payment transactions on behalf of the Owner.

Receives Licence fee payment details from Licensing Agent.8

Collects and forwards fees.

5.2.3 Licence and Rights Model

A Licence is a representation of a legal contract between one Principal, the Issuer of the Licence, and another one or more Principals, the Licensees. The Issuer of the Licence, the Licensor, is usually the Owner of the Resources addressed in the Licence. A Licence permits the Licensees to perform Rights upon the Resources.

A Licence can be expressed in different forms:

• Legal expression: A legally binding expression of the terms and conditions of the Licence, which may be legally enforced.

• Simplified expression: An easily readable version of the Licence, expressing only key terms and conditions, which may be read and understood by a general (non-jurist) audience.

• Formal expression: A formal, computer encoding of the key terms and conditions, which may be automatically enforced by a DRM system9.

Licence semantics, acting

When the Rights specified in the Licence are performed, we will speak of acting on the licensed Resources. Acting on the Resources is performed by Users, who are Licensees or Principals acting in proxy of Licensees. The Acts Users perform on Resources are usually executed by Processes, which by themselves are identifiable entities, like specific software programs or services provably adhering to specified standards. When Processes are applied to Resources (input resources), they derive new Resources (output resources).

Executing a Right by a User can therefore be symbolised by a directed graph, whose directed edges are as follows:

8 Relation not shown in diagram.



For the case that a licensable processing resource is to be applied on a licensable data resource, we will use the convention that the data resource as well as the process resource belongs to the input resources and the act is to “execute” the process against the data.

Licence Information Entity

A Licence can be depicted as an information entity as follows:

Licence

Grant Issuer

Principal Right Resource Condition

Has

Has

Figure 9: Licence Information Entity

Description in short:

A Licence contains one or more Grants and an Issuer. The Issuer identifies the Principal who issues the Licence. Each Grant conveys to identified Principals (Licensees) Rights to use Resources subject to certain Conditions.

Licences are frozen information entities containing metadata concerning the involved Principles, Rights and Resources. They may not be changed – changes always lead to a new Licence entity. Licences either have a fixed validity period and expire, or they have to be explicitly revoked according to the conditions of the contract.

9 This may also include execution and control of the payment of fees as a side effect.

Set of input Resources

Set of output Resources Act



Issuer Information

The Issuer unambiguously identifies the Principal, who issues the Licence. It may be the owner of the Resource or a Licensing Agent acting for the owner. The ownership on the Resource can be traced by a documented chain of licence validation.

The Issuer is described by appropriate metadata.

Grants Information: Principals, Rights, Resources and Conditions

Grant

Grants convey one or more Rights to use Resources to Principals. They do this under specified Conditions, which apply to the related Principals or Rights or Resources.

A Grant contains the following components:

• The Principals/Licensees to whom Rights are given.

• One or more Rights

• Resources upon which the Rights may be exercised

• Any Conditions that modify any of above

The components of a Grant may contain specific properties, which make additional information available in the context of authorisation. These properties can be accessed by Conditions.

Grants in a Licence are logically combined in the sense that the Licensee has allowance for all the Grants in parallel. So, if at least one of Grants allows a requested act, that act is permitted.

Principal

This identifies the Licensee, which can be done by addressing an individual Principal or by reference to a conditioned pattern, which would include a particular Principal in an implied set of Principals. Example for the latter: “Licensee is any Austrian citizen.”

The Licensee is described by an appropriate set of metadata.

Right

A Right stands for a permitted act on the Resource. The Rights conveyed to Licensees in Licences comprise, but are not restricted to the following:



Table 5: Description of the Right in the Licensee

Right Definition

Perform any of the rights below except Modify. The Licensee has the Right to obtain the resource and access the information contained therein.

View The Licensee has the Right to View the resource (e.g. as a map), which is displayed on a viewing device related to the viewing act, i.e. a browser.

Print The Licensee additionally has the Right to Print information (e.g. the maps) he or she is viewing.

Combine This allows the Licensee to integrate the Resource with other Resources (e.g. in a map using the same coordinate reference system). All input has to provide the same information type.

Extract Resource

Allows making a local duplicate of all or part of the resource. The Licensee can do this in support of identified licensed users.

Copy Extract Resource of the whole resource. This is a special case of Extract Resource.

Spatial Transform

This allows making a local copy of the resource in a new coordinate system. The Licensee can do this in support of identified licensed users. This Right is especially defined for geospatial data that are referenced to a specific coordinate system (e.g. weather data)

Spatial Fit This moreover allows a Licensee to make minor adjustments in coordinates to fit an external source.

Derive Resource

This Right allows a licensee to derive (create) resources, which use the licensed resource as an identifiable part. Associated conditions may modify the Rights to be licensed on the derived resource.

Edit

The licensee may derive a new resource by modifying a copy of the input Resource through edits.

Adapt The Resource may be used to create and derive a new Resource, which incorporates the input Resource in whole or in part.

Use

Modify This is the Right to edit the original input Resource. In essence this is an Edit Right with the additional Right to replace the input Resource by the output Resource.

Whether the original Resource identity can be kept or not depends on the nature of the Resource, for example whether the changes in the Resource are identifiable.



Right Definition

Derive Graphic

This is for deriving a new resource as a map representation. (Special Right for geospatial data that have to be presented in a specific kind of map)

Encode This allows creating a copy of the input Resource in a new encoding. Which formats are allowable is specified in related Conditions.

Execute This either gives permission to use a processing Resource or allows a data Resource to be processed. The Licensee needs Execute Rights on all processes and data of a processing step.

Meta-rights are Rights associated to the granting or lending of licences to others.

Create Licence

The Create Licence Right permits the Licensee to grant others Licences against the Resource. The type of Licences which may be granted and their constraints are subject to Conditions of the Create Licence Right.

Meta Right

Sublicense This allows the Licensee to loan his own Right in whole or in part to others. The loaned Licence will have no more Rights than the original one and is subject to Conditions.

Note: In the transportation world of eMOTION there may be the need for other, more specific and technically related Rights than listed above.

Resource

Resources are either identified individually (for example by an URL) or by reference to of a conditioned pattern, which includes the particular Resource in an implied set of Resources.

Examples:

“Resource is a GML 3.1.1 file” or “Resource is a OGC WFS transactional 1.1.0”

Individual resources shall be identified by location transparent identifiers, if possible, to allow the use of copies.

The Resource is described by an appropriate set of metadata.

Information resources:

If the resource is a derived one, metadata is required which describes out of which resources it has been created, processes carried out and parameter values used.

Processing resources:

Registered process types are required, by trusted public registry (OGC or other or ANY)



Conditions

Conditions specify limitations on the components of Grants. Principals, Rights and Resources may be limited and otherwise modified in various ways.

Table 6: Description of Conditions in the Licensee

Name Description

Property Conditions This type of Condition allows posing Conditions on properties of the components of a Grant. Properties can be related to Principals, Rights and Resources.

Example: Citizenship of the Licensee.

The Conditions can refer to such properties, constants, and operational context like time and date, requesting user, its location, etc.

Temporal and Spatial Conditions

Such a Condition may limit the temporal or spatial extent of actions on a Resource. Depending on the parameter that is restricted, a Condition can have different meaning. For example:

Temporal:

Restrict to content representing features existing at specified time.

Restrict to content of given collection time.

Restrict to content of given time, when entered into resource (transaction time).

Restrict access to resource to specified time interval.

Spatial:

Restrict to content representing features situated at given position.

Restrict to content collected at given position.

Restrict access to users located at a given position.

Example:

A certain collection of features may be allowed to View without restrictions, but the features may only be Modified within a given geographical region.

Layer Conditions Access to layer structured Resources may be restricted by this kind of Condition. The Condition can be attached to Rights, restricting the Right to the given Layers regardless of the underlying Resource or to Resources, where it restricts that specific Resource.

Example: A Licensor may only Execute a navigation service on



Name Description

bicycle paths on any collection of features.

Parameter Range Conditions

These Conditions refer to the parameters, which have to be passed along with functional Rights. The values of such parameters may be limited by such Conditions.

If for example SCALE were a parameter of a View Right, the Right might be constrained to SCALEs < 1:2000.

Implementation Conditions

By this type of Condition Rights, in particular Execute Rights, may be restricted to

Certain identified implementations

A class of implementations compliant to some identified standard

Other process metadata

Encoding Conditions This special type of Condition controls the allowed output encoding of Extract, Copy, or Derive Rights.

Derived Right Conditions10

This type of Condition attaches constraints to output Resources of acts. It may attach “meta-rights”, and prescribe “meta-data” to be associated with the output resource.

For example, an Extract Right might be constrained to generate an output resource, which may be only Viewed with a prescribed disclaimer and a copyright notice.

Transfer Right Conditions

Create Licence or Sublicense Rights may be constrained regarding the types of Rights, which may be conveyed, properties of the Licensees, and properties of the Resources.

For example: A Sublicensor may only convey View Rights to Principals in his or her own company.

Side Effect Conditions This type of Condition is attached to Rights. When these Rights are made use of, Side Effect Conditions can effect additional actions, like checking conditions of a billing system, charging an account11, or performing extra checks on a resource that is being delivered.

Side Effect Conditions of Rights may be executed before the action (pre-condition) or after the action (post-condition).

10 OGC GeoDRM RM distinguishes between “output conditions” and “derived right” conditions. The semantic difference does not abound. 11 This might be used to model diverse payment procedures and their parameters, like “flat fee”, “metered fee”, “fee per interval”,



Conditions are logically combined such that all Conditions attached to a group of Principles, Resources and Acts have to be fulfilled in parallel. I.e. they are combined by a logical “and”.

Note: In the transportation world of eMOTION there may be the need for other, more specific and technically related Conditions than listed above.

5.3 Licence Agreements and Grant of license

The conceptual model described in the previous chapter in based on the use of Licence Agreements between the different actors of eMOTION. In this chapter we will briefly describe the most relevant legal issues that the parties of these Licence Agreements will need to deal with.

The first contractual issue that the parties to the Licence Agreement will need to deal with is whether the Owner of the Resource intends to grant to the Licensee an exclusive or a non-exclusive license.

An exclusive licence implies that the Licensee will be the only subject entitled to use that Resource in a given market. Therefore the Licensee will have a monopoly on that Resource on that market.

A non-exclusive licence on the other hand implies that the Licensor will be free to license the use of the same Resource to a different subject (e.g. a different actor of eMOTION). Therefore each Licensee will be competing with the other Licensees of the same Resource - or with the Licensor itself - and therefore will not have a monopoly in that given market.

From a legal point of view exclusive licences are problematic because they give rise to antitrust concerns. Antitrust laws are directed to prevent the formation of market power in a given market or to prevent the abuse of market power. Briefly stated antitrust laws are concerned with abuse of dominant positions, anticompetitive agreements or concerted practices (such as cartels), and mergers and acquisitions determining an excessive concentration of market power in a given market.

Within eMOTION it will be likely that some Content owner will have a monopoly on certain Resources that are needed to provide a valuable service to the End users. Such Content owners will face the risk of infringing against antitrust laws should they refuse to grant Licenses to other actors of eMOTION or should they grant an exclusive licence on that specific resource to only one actor of eMOTION.

On the other hand exclusive licences may be economically interesting for contractual parties for certain reasons. For example an exclusive licence could be used in order to protect certain investments made by the Licensee with respect to a certain resource owned by the Licensor. If the Licensor is free to license the same resource to different Licensees, some Licensees will be able to free ride on the investments made by other Licensees, therefore

“fee per use”, “fee per use per day”, etc., as is specified in ISO 25000-5 (ISO-REL).



preventing them to recover their investment.

Given the risk of infringing against antitrust laws the parties to a Licence Agreement within eMOTION should normally avoid recurring to exclusive licences. It should be noted that where the Content owner having a monopoly on certain data is a public entity a specific regulation provided for by Directive 2003/98 on the use of public sector information would apply. This regulation will be discussed in a specific chapter of this Deliverable.

5.4 Liability and warranties

The parties of the Licence Agreement will also deal with the issues of liability and warranties. These issues arise with respect to all risks of harm or losses of any kind that may materialize in the operation of any activity within eMOTION.

Typically such harm or losses may arise because of defects of the Resource that has been licensed. Such defects may cause harm to the organization or the infrastructures of the Licensee (actual loss) or may cause the Licensee to provide a poor service and therefore to loose clients (loss of profits). Moreover the Licensee is also exposed to the risk of being held liable for harm suffered by the End user while using the defective Resource or an application based on the defective Resource. In this case the Licensee will be willing to shift liability onto the Licensor of the defective Resource.

The solution to such issues will depend on the terms and conditions of the contract, on the law ruling the contract (e.g. English law, Italian law, etc.), and on the circumstances of the case. However it is possible to make some remarks that will be generally valid.

If the Licence Agreement does not specify whether the Licensor warrants a given level of quality or availability of the Resource, it will be often the case that the Licensee will be able to collect damages only if he proves that the Licensor was negligent in providing data with a level of quality and availability lower than the level that could have been reasonably expected (this would be the ‘default rule’, i.e. the rule applying where no other rule has been specified by the contractual parties).

Given this default rule, the parties of the Licence Agreement may agree that should an issue of liability arise it should be solved on the base of a different rule specified by the same contract.

The Licensor may assume the risk that the availability or the quality of the data/resource will fall below a certain level, by providing a specific contractual warranty to that respect. Should this be the case the Licensor will ask for an extra fee for the use of the Resource (in fact he will be providing a sort of insurance coverage to the Licensee). Under this scenario the Licensee will be able to collect from the Licensor damages caused by the defective Resource without having to prove that he acted negligently.

The Licensor may on the other hand specifically exclude the assumption of the risk should quality or availability of the data fall below a certain level. Moreover the Licensor may also want to specify that he will be not held liable for any harm caused by the use of the licensed Resource even where he acted negligently. Such a disclaimer will typically be used where



the Licensor provided the Resource free of charge.

Even where the Licensor is willing to assume the risk that the quality or availability of the Resource will fall below a certain level he may want to limit its liability (i.e. the level of risk), by specifying until which level he will compensate damages or by specifying in advance how much he will pay should harm occur (so-called ‘liquidated damages’). For example the Licence Agreement may state that should the quality or availability of the Resource fall underneath a certain level and should harm follow the Licensor will compensate up to Euro 10,000 for any given event. Under such a provision the Licensee will need to prove that he effectively suffered damage as a consequence of this event. If no prove of damage is given the Licensor will not have to pay anything.

The parties may also specify some kind of ‘penalty clause’ where the Licensee will be able to collect a certain amount of money (specified in the contract) should a certain contingency arise, without need to prove that he actually suffered damages. Such a provision may be useful where proof of real damages may be very difficult or impossible.

It should be noted that in some national contractual law (for example in Italian law) the parties are subject to some limitations in their ability to limit or excluding liability for harm caused by defective Resources and to specify ‘penalty clauses’. Typically liability may not be limited or excluded when the contractual party caused harm intentionally or was grossly negligent. Moreover ‘penalty clauses’ may not provide for penalties that are excessively high given the interest of the party that a certain obligation (e.g. that the Resource has the level of quality and availability that was promised or that could be reasonably expected given the circumstances) is regularly performed.



6. The public dimension of eMOTION

In this chapter the public dimension of eMOTION will be discussed. We will start by describing the possible roles of public entities within eMOTION and the general conditions they will be subject to. We will then turn to the discussion of the legal rules public entities are subject to with respect to re-use of public data for commercial purposes. Finally we will provide some examples of best practices that were implemented by public entities in Europe with respect to eMOTION like services.

6.1 The role of public actors within eMOTION

Taking into consideration the value chain for traffic information services, public actors, or public equivalent bodies, may cover all partner roles – most likely the Content Provider, Service Operator and/or Service Provider part.

Thus, potential relationships between public and private actors are manifold and range from pure private to pure public value chains, including a variety of different combinations. Three examples of today’s value chain compositions in the Austrian market are mentioned in the following table.

Table 7: Examples of today’s value chain compositions

Service Private actors Associations Public actors

A1 FleetManager http://www.a1.net/business/fleetmanager

mobilkom austria WIGeoGIS Tele Atlas

A1 Navi http://www.a1.net/privat/a1navi

mobilkom austria Wayfinder Tele Atlas

ÖAMTC ARBÖ

Ö3

Dynamic timetable information for Austrian train routes http://www.oebb.at/vip8/pv/en/Servicebox/Train_schedule_inquiries/index.jsp

HaCon ÖBB

6.2 General conditions affecting the public sector

While operating within eMOTION public bodies will be subject to the following general conditions.

Policies: All activities need to be fully in line with the role, policies and duties of the



respective public entity. For instance, there may be regulations e.g. in terms of data provision schemes (exclusive vs. public distribution) and limitations in gaining commercial incomes (user charges or advertisings vs. free of charge). Public equivalent bodies, which are owned and supervised by public authorities but have a private organisational structure, might be entitled by public bodies with a certain role and duty.

Quality standards: In comparison to private companies, public entities may face higher requirements in terms of service quality. Potentially this results from the fact that information service offerings are combined with safety and security related systems. A work around could be that a clear distinction between Information Services (giving information everybody can use without any obligations) or providing safety and security related services where a certain obligation can be requested from the provider by the end-user because of consequences when acting based on the provided services.

Long-term focus: Decisions and processes in public entities also tend to be of a long-term nature, because they need to be well integrated in regional development strategies and are based on public money. Public equivalent bodies can act, in some respect, on short and medium term basis.

Organisational barriers: The willingness to cooperate with other public or private entities may vary amongst different organisations. Here, cooperation roadmaps need to be formulated, once more reducing flexibility and impeding quick results.

Budget capabilities: A major influencing factor on activities undertaken by public entities is the availability of respective budgets. Due to their dependency on political influences, the focus in budget distributions can change significantly.

Similarly, the following disadvantages are mentioned by the eSafety Working Group on RTTI, Document 0611-01, Draft Final Report 10/02/2007:

1 Limited investment in infrastructure and advertising.

3 Dependent on Government support/strategy and funding.

5 Suffer from bureaucratic process? Therefore may be less nimble.

7 Focus on only safety and public benefit, not market driven needs, when meeting these needs is a driver for widespread introduction by industry.

6.3 Should the service be commissioned by a public authority

There is no doubt that eMOTION will serve a very important public goal both at the national and at the Community level. Facilitating the mobility of end users across the European Community provides several benefits, both from an economic and a social point of view. Moreover, a desirable modal shift triggered by new information offerings for travellers may generate significant advantages particularly resulting in positive impacts on travel efficiency and our environment.

On the other hand the provision of a service of such social and economic importance does not necessarily require some kind of intervention of the public sector by means of financing



or otherwise. If the demand is sufficiently high to cover the costs of the service and to guaranty a reasonable return on investment the eMOTION market will work on its own.

Considering this situation and given the social and economic benefits of eMOTION (that will not be fully captured by the eMOTION actors, but will spill over to other subjects) a financial incentive from the Community could be stimulate service implementation on a broad level.

Such an incentive could be particularly useful during the start up phase of eMOTION where the uncertainties over the profitability of the venture may discourage many actors from entering into this market.

However, given the positive effects on social and economic side, financial support during the operation of the service might also be of importance. During the WP 4 of the eMOTION project a business plan model will be developed which will show the phases in which support from the public authority is of importance.

Moreover, after entering a more mature phase of eMOTION operation, basic services allowing for a minimum level of supra-regional mobility and multimodal information may be supported by public regional and/or international authorities to foster service usage on a broad basis. However, in addition to this basic service level, commercial “premium” services are likely to be offered by private actors of the value chain to generate revenues by means of direct user charges, advertising, etc. These revenues may be re-invested and could cover at least parts of the provision of minimum eMOTION offerings.

Finally, it should be noted that formerly public bodies like railway or highway operators have become private companies. This is a European wide trend and offers new possibilities for running additional services. The statement of the railway operator was very clear that the public authority should not commission the eMOTION service. Due to the fact that the strategy of the operators is close to the public agenda they act in public and a very close feedback loop to the government exists. Other kinds of companies – private owned companies and PPP (Public Private Partnership) models as well – with a wide coverage for mobility needs have to think public and can act as a private entity. This seems to be an advantage that has no need to be commissioned by public authority because the market and the requirements may change faster than a commission can react.

6.4 Should the service be delivered by the private sector, the public sector, or a combination

It is likely that eMOTION will be delivered by a combination of the private sector and the public sector. From today’s perspective, private as well as public organisations are needed to build up a comprehensive value chain, reaching from various content providers to regional and international service providers. Furthermore, this approach is the only one coherent with the idea that eMOTION should work as an open market for information.

From a legal perspective, the public sector will operate at the same level as the private sector. The activities of both kinds of actors will be governed by private law.

A competition between private and public can stimulate new services but it is important to



reach a critical mass for economic reasons. Too many services make the end user insecure and can block the launch of services. It seems that a mix of public – to trust in the quality of the service – and private – to meet the requirements of the market with innovative services – can optimise the start period. An established service can vary from this model according to the surrounding conditions. There is no need to introduce the mentioned model in an identical manner in every country. It is surely better to take care of the regional needs than impose a European-wide model is not successful.

6.5 Legal rules generally applicable to public entities within eMOTION

Since eMOTION will be organized as an open market and since services offered through eMOTION are not public tasks, public bodies operating within eMOTION will generally be subject to the same rules that are applied to private parties (as far as directly operating the services is concerned).

However, public entities will be subject to special regulation as far as specific issues are concerned. For example, in terms of awarding contracts, public entities act in a stricter framework, as they have to obey certain laws, which might not be applicable to private entities. Moreover, since public entities are likely to have a monopoly on certain data, they will be subject to special regulation against the risk of abuses of monopolistic positions.

6.6 Directive 2003/98/EC on the re-use of public sector information

6.6.1 Introduction

Directive 2003/98/EC on the re-use of public sector information set forth the general legal framework that will apply to public bodies seeking or permitting within eMOTION re-use of data relating to mobility, such as traffic or meteorological conditions, in so far as the public body holds such data and has the right to re-use them or to license re-use to a third party.

The Directive specifies that public entities may not be forced on the basis of the Directive itself to allow re-use of the data they hold. Therefore actors of eMOTION interested in the re-use of data on mobility held by public bodies may not rely on this Directive for the purpose of forcing a public body to provide such data.

However, the Directive leaves open the possibility for each Member State to force the local public bodies to make the data available for re-use. Where this will be the case, the rules set forth by the Directive will apply.

The Directive applies both to re-use for commercial and non-commercial purposes. In principle therefore both uses of public sector data are allowed. However as will be discussed in greater detail in one of the next paragraphs re-use for non-commercial purposes may be subject to different conditions and charges (price) than re-use for commercial purposes.



6.6.2 Requirements applicable to the processing of requests for re-use

The first issue of concern for actors of eMOTION interested in acquiring data from public bodies is that the process of establishing a licence for re-use of public sector data and for starting delivery of data is concluded within a reasonable time.

Directive 2003/98/EC provides that public sector bodies shall, through electronic means, process requests for re-use and shall make the data available for re-use to the applicant or, if a licence is needed, finalise the licence offer to the applicant within a reasonable time that is consistent with the timeframes laid down for the processing of requests for access to such data.

Where no time limits or other rules regulating the timely provision of such data have been established, public sector bodies shall process the request and shall deliver the data for re-use to the applicant or, if a licence is needed, finalise the licence offer to the applicant within a timeframe of not more than 20 working days after its receipt. This timeframe may be extended by another 20 working days for extensive or complex requests. In such cases the applicant shall be notified within three weeks after the initial request that more time is needed to process it.

It should be noted however that the Directive does not imply an obligation for public sector bodies to create or adapt data in order to comply with the request, nor does it imply an obligation to provide extracts from data where this would involve disproportionate effort, going beyond a simple operation.

6.6.3 Principles governing charging

Since public bodies are likely to have a monopoly over certain data, there is a risk of abuse of a dominant position. Such an abuse could take the form of excessive prices on certain data that are necessary in order for eMOTION to provide a complete service. Such excessive prices would be ultimately bared by end users, therefore reducing the use of the eMOTION services. Moreover, charging excessive prices on the part of public bodies may in some cases prevent the conclusion of an agreement between the public body and the other actors of eMOTION, not willing to be exploited. In such cases the damage to eMOTION would be even greater.

Directive 2003/98/EC deals with the issue of pricing taking care that public bodies are not able to abuse of their dominant position over certain data, by rising prices over a reasonable level.

The Directive provides that where charges are made, the total income from supplying and allowing re-use of data shall not exceed the cost of collection, production, reproduction and dissemination, together with a reasonable return on investment. Charges should be cost-oriented over the appropriate accounting period and calculated in line with the accounting principles applicable to the public sector bodies involved.

It should be noted then that as far as charging is concerned public entities subject to Directive 2003/98/EC are not required to provide their data free of charge (but they may do



so). Moreover they are entitled to make a profit out of the activity of re-use of data they collected while operating their public tasks. However this profit is limited to a reasonable return on the investment.

6.6.4 Transparency

Service operator and providers operating within eMOTION and interested in the use of public sector data on mobility also require that conditions on the use of such data and charges applied by public entities are known in advance and with simplicity.

A high level of transparency on conditions and charges is also a requirement in order to avoid that public bodies abuse their dominant position on certain data, for example by applying discriminatory conditions and charges.

Directive 2003/98/EC specifies therefore that any applicable conditions and standard charges for the re-use of data held by public sector bodies shall be pre-established and published, through electronic means.

On request, the public sector body shall indicate the calculation basis for the published charge. The public sector body in question shall also indicate which factors will be taken into account in the calculation of charges for atypical cases.

Public sector bodies shall also ensure that applicants for reuse of data relating to mobility are informed of available means of redress relating to decisions or practices affecting them.

6.6.5 Licences

Directive 2003/98/EC provides also some specific rules on the use of licences. Licences are the usual contracts that will be used by the actors of eMOTION to allow the use of data covered by IPRs, such as copyright and sui generis right.

These specific rules on licenses are also directed to reduce the risk of abuses on the part of the public body of its dominant position with respect to certain data.

Public sector bodies will usually allow for re-use of data subject to certain conditions, through a licence, dealing with relevant issues. These conditions shall not unnecessarily restrict possibilities for re-use and shall not be used to restrict competition.

The Directive specifies that Member States shall ensure that standard licences for the re-use of public sector data, which can be adapted to meet particular licence applications, are available in digital format and can be processed electronically. Moreover, Member States shall encourage all public sector bodies to use the standard licences.

6.6.6 Non-discrimination

Directive 2003/98/EC provides that any applicable conditions for the re-use of public sector data shall be non-discriminatory for comparable categories of re-use.

Here again the risk is that the public body will abuse of its dominant position by charging different prices or by applying different conditions for comparable categories of re-use.



It should be noted on the other hand that public bodies are entitled to charge different prices and to apply different conditions for different categories of re-use of the same data. For example public bodies may provide data on mobility free of charge to actors of eMOTION providing their service for free (e.g. other public bodies), while on the other hand charging a fee for the re-use of the same data from commercial actors of eMOTION.

Moreover, the Directive specifies that if mobility data are re-used by a public sector body as input for its commercial activities which fall outside the scope of its public tasks, the same charges and other conditions shall apply to the supply of the data for those activities as apply to other users.

6.6.7 Prohibition of exclusive arrangements

Directive 2003/98/EC provides also that the re-use of public sector data on mobility shall be open to all potential actors in the market, even if one or more market players already exploit added-value products based on these data.

Therefore, contracts or other arrangements between the public sector bodies holding the data on mobility and third parties shall not grant exclusive rights.

However, the Directive acknowledges that in some cases an exclusive right may be necessary for the provision of a service in the public interest. In these cases, it is provided that the validity of the reason for granting such an exclusive right shall be subject to regular review, and shall, in any event, be reviewed every three years.

Therefore, public entities interested in granting exclusive rights for the use of certain data on mobility will be subject to administrative burdens and scrutiny on the part of the regulators.

Finally, the Directive specifies that these exclusive arrangements must be transparent and made public.

6.7 Best practices

6.7.1 Best practice example: Logistics

One of the industrial sectors that may actually benefit from the service framework studied by the eMOTION project is certainly the logistics. The Italian industrial situation is segmented and disseminated over a territory very articulated. In this situation, a number of difficulties exist in establishing a suitable organizational model able to support the development of a real integrated value chain. The small and medium enterprises, in particular, consider the “transformation enterprise” the heart of the productive system. Around these central companies, a lot of enterprises are established to provide specific goods and services, but without directly participating to the transformation process.

The recent trend shows a growing awareness of the enterprises about the positive impact a good organization of the logistic services may have on the reduction of the overall costs, the increase of the quality of the product and the reduced environmental impact.

As a matter of fact, the logistic services and all additional infomobility services being



developed to support them are becoming increasingly important among the actors of the sector as the timing needed to make the products available on the market and to the final customer may be one of the key factor to maintain or increase the market share.

The Transportation system has a strong impact in terms of environmental sustainability. In Italy, the transportation system utilizes about the 30% of the domestic energy need and is responsible of the 28,2% (2003) of the polluting emissions. Such emissions have increased of about 22,7% between 1990 and 2001 even if the Kyoto protocol demands a decrease of 8,5% by 2012.

Traffic congestions, according to the EC green book are causing for Europe a yearly loss of 2% for the GIP. The main objective to pursue is the sustainable mobility and not the support of any specific transportation mode and the availability of modern, reliable infomobility services may really provide a useful support.

The use of innovative telematic technologies is the key factor in order to implement a digital framework (at district or regional level) needed for the deployment of the specific Service Centres. As an example, the Logistic Service Centre may represent the link among all the actors involved in the related value chain. The adoption of such a framework, on top of providing access to a large amount of data and information useful for the Administrations in charge of planning and developing the territory, would allows a better interactions between the enterprises and the Public Administration.

The interoperability with the e-Government functions already managed by the Public Administration would also improve the public-private relationship, in terms of sustainability.

The described scenario implies a paradigm shift with respect to the current way of providing infomobility services to the enterprises or to the final users.

Today, the business interaction model among the actors of the telematic infomobility service chain is very separated and the public administration has just a very marginal role. Typically there are two separate chains:

- On-Board Platform marketing - The first one involves the vehicle makers and the telematic industry and is focused on the objective of making available AOM or “after market” vehicle platform that can be used by the final user for accessing many different infomobility services. The end user is normally who pays for the purchase of the on-board platform;

- Service Provisioning – This second one involves the typical service provision chain consisting of the actual service provider (usually a private enterprise owning or buying the data to be distributed as information to the final user: when the infomobility service is branded it may usually be a vehicle maker, but in recent years more and more private companies are starting offering this kind of services), a telco operator (mainly mobile but also fixed whenever applicable, in charge of providing the reliable, pervasive, secure communication channels needed for data delivery and service provision), the end user (being either a single citizen paying for the service or an enterprise buying the service for its employees).

The separation among the different chains as existing today is represented in the following



figure.

Figure 10: The separation among the different chains

In the future scenario a much more integrated relationship among the different actors is likely to occur and the Public Administration has to play a much more active role.

The following figure provides an example of the possible links among the actors of the value chain and highlights the presence of the single actor in many different roles.

The roles of raw data collector, data aggregator and content assembler have been separated as these roles can be fulfilled by different entities belonging both to the public and to the private sector. The Public Administration, based on national regulations on public utility services or political reasons may be actually present in any of these roles.

On-Board Platform Marketing

Vehicle

Makers

End

User

Specifies Develops Buys the OBU

End

User

Specifies & Develops Buys the OBU

AOM Market

After Market

Telematic Industry

Telematic Industry

Service Provisioning

Content Provider

Final

User

Provides Raw Data

Provides Networking

Pays for the service

Telco Operator

Service Provider

Manages Service



Service Provisioning

Data Collection

Data Aggregation

Content Assembling

Service Provision

Networking & Communications

Service Purchase

Service Use

Public Administration

Private Sector

Taxes

Private Sector

Private Sector

Private Sector

Telco Operator

Telco Operator

Sells

Invests Sells Sells

Sells Licenses

Public Administr

Pays & Uses

Pays & Uses

Uses

Uses

Public Administr

Private Enterpr

Private User

Buys

Buys Connectivity

Delivers

Delivers

Delivers

Private End User

Enterpr. End User

P.A. End User

Uses

Uses

Uses

Licenses

Licenses

Figure 11: Service Provisioning

Once the content is available and properly licensed, the service provider (being either the Public Administration itself, any private company or a telco operator) decides the proper communication channels to be used for service delivery and, if applicable, pays a network provider for the needed connectivity and bandwidth.

The User is expected to pay the Service provider for the specific service unless a particular service is to be provided free of charge as a public utility (likely by the Public Administration) and once the contract is finalized the service can be delivered to the end user.

6.7.2 Best practise example: Traffic information service national wide broadcast

The Austrian Public Broadcasting Company (ORF) – Traffic Information Department is an independent public media enterprise. The ORF Traffic Department is integrated in the



infrastructure of the radio broadcasting station „Hitradio Ö3“ but is responsible for distributing traffic information for the whole country, which includes the regional radio stations and its traffic departments. The ORF Traffic department is contributor at national and international telematic-projects with the target to generate high quality Traffic Information-Content and to provide this content to the traffic participants in all possible infrastructures (road, train, public transports and so on…)

In its function the TIC ORF is comparable with a Data-warehouse. The journalists cope with the tasks of inquest, evaluation and presentation the traffic information from different sources. That information is managed with the Traffic Information Centre-Solution, implemented by GEWI, which permits several channels of distribution.

In the following paragraphs the supply chain of 2 information sources will be described as well as 2 distribution channels.

Figure 12: Scheme of Traffic Information Centre in Austria

Examples Input (Content provider - Service operator)

Traffic information is only as good as the sum of information that reaches the traffic department. The ORF developed a comprehensive and versatile network (see Figure 12) of traffic registration, which ensures quick and exact information exchange.

The traffic department is constantly connected to the police guidance centres and also receives information about traffic obstructions – e.g. accidents - from fire departments, the Austrian road operator ASFINAG, emergency medical services and federal warning centres. Taxi and public transport companies complete the information network at urban areas while



close cooperation with traffic registration offices at neighbouring states allows transnational information.

In this document some Best Practise Examples should point out how the system works. The figure below shows the focus of the description, the broadcasted information is part of the duty of the radio station and therefore not an explicit Best Practise Example.

Figure 13: Focus of described data transfer model

Red Cross Since four years the Red Cross is an important partner of the ORF traffic department. Traffic observations are submitted from the Red Cross over a secret phone-number directly to the department. The Red Cross control centre additionally collects the data to allow efficient coordination in the case of a crisis.

Recently the information system has been expanded by e-mail communication and, since early 2007, automatic reports from the Red Cross Mission Control System (LEBIG).

Ö3 editors have access to the data generated by the control system lebig (www.lebig.at) over the Internet. Whenever an ambulance (or helicopter) is called to a mission it’s reported to the system. The editor can see the target destination of the vehicle and initiate a directed information search. Due the fact that Red Cross is a non profit organisation and the radio station acts like a public body the access is free of charge and no further agreements about the data reliability or quality are written down. The editor can trust that the helicopter mission is valid and can therefore create a traffic message with the estimated closure of the road due the helicopter landing. Authentication during the login to the system prevents misuse or security problems.

The Ö3ver



A primary source of information is the motorist himself – the Ö3ver (pronounced “Ö Driver”). Ö3vers are registered, voluntary traffic observers, which report traffic obstructions to the cost-free Ö3ver-Hotline 0800 600 601. All reports are documented and traceable by a unique code given to every Ö3ver during registration. In a short interview the Ö3 editor clarifies the important facts and forwards the report, if required, to governmental organisations (e.g. police).

Since the Ö3ver membership is free and non-binding, and the number of mobile phones has multiplied over the last five years, the number of Ö3vers has increased significantly. While at the introduction of the Ö3ver-system (1994) just a hand full of drivers were active, today we count 16.000 registered Ö3vers providing more than 50% of the traffic information. They represent a very important factor for initial information and improve the efficiency of the traffic information system – as an addition to the established communication channels on the part of governmental agencies.

In 2005 the ORF Traffic Department launched its own Internet presence on http://oe3.orf.at/verkehr

The sub-area “Ö3ver” offers several special attractions and exclusive information for the closed user group.

Key facts: Content provider - Service operator

Table 8: Content provider - Service operator, Red Cross - Ö3ver

Red Cross Ö3ver

Contract Agreement registration

Costs Free free, special services for members

Evaluation Trusted partner with other information sources, misuse will be fined

IPR Use of data only for information services

information (after evaluation) for public purposes

Data flow Unidirectional, only content provider

÷3ver acts as content provider and End user. (but: different distribution channels)

Examples Output (Service operator – Service provider – End user)

Beside the customized services the broadcast of traffic information covers the whole country. Every owner of a radio device with a residence in Austria has to pay tax for using the broadcast service. The Information service is part of the radio broadcast and free of extra charge. This includes voice messages every 30 minutes on air and free RDS-TMC service.

On Air Broadcasting

The traffic-information services provide an indispensable contribution for the optimal use of all traffic structures. It is the core business, to inform and advise against risks and to provide a potential alternative in a timely manner. All traffic information is provided with the objective



of steering the flow of traffic. In case of acute situations of danger, e.g. Ghost Riders, every second counts. Each member of the traffic-network must rely itself to an efficient service. The ORF traffic department, new structured in 1991, bundles all traffic information in Austria and in the surrounding neighbourhood. The information is evaluated around the clock from a professional team of journalists and is distributed selective over radio and digital services without delay in time. In normal case there are traffic information-news every 30 minutes on air at all public radio stations in Austria, except fm4 and oe1. In case of acute situations the current programme will be interrupted as soon as the information has been delivered. The Traffic Information is broadcasted in the whole area of Austria via Hitradio Ö3. Regional public radio stations, e.g. Radio Vienna, distribute and broadcast selective Information for their region.

RDS-TMC

In cooperation with partner organisations, the ORF Traffic Department established the digital Service, RDS-TMC in Austria. Within this project a digital Input- and Distribution-Tool was implemented, with focus on providing real time triple media channels (Radio, Internet and Digital Services).

RDS-TMC is a digital service, which is currently free of charge in Austria. The Messages are encoded by the traffic department and distributed by all public radio stations in Austria to be used in navigation systems.

The first pilot trials in Austria of the RDS-TMC service were established in 2001. Since October 2002 the regional pilot project has been extended to a national, area-wide RDS-TMC service. At this stage the Location Code Version 2.0 is in use, which was developed by the CORVETTE project partners ASFINAG, bmvit and the Austrian Broadcasting Corporation ORF. The RDS TMC service is operated by the ORF and its subsidiary MONDOCOM and currently covers the Austrian TERN, federal roads as well as urban areas of major cities, based on the Location Code 2.0.

In the national traffic information centre of the Austrian Broadcasting Corporation ORF traffic announcements are collected, evaluated and selected. Relevant traffic information of other CORVETTE-regions is exchanged via DATEX. To further increase the service quality as well as the usability of the TMC service for travellers in Austria a follow-up version of the Location Code is under development. Unlike the Version 1.0 covered only the Austrian TERN and federal roads the new Version 2.0 also introduces urban areas of major cities to TMC service.



Figure 14: Cost scheme RDS TMC Location Code

As shown in Figure 15 is the use of RDS – TMC location free of charge for the end user. The providers of navigation software have to pay for the update in Austria other countries have other proceedings.

Cooperation with McDonald’s

McDonald’s Austria pointed out as an ideal partner for a new way of traffic announcement distribution – Traffic Information Screens

Right now McDonald’s is installing information portals in its Austrian Restaurants– large scale flat-screens - at more than 120 Austrian stores. Traffic information is submitted to the portals and presented to the customer by text and / or by digital roadmaps. Filters reduce the transmitted information to predefined areas, usually the near environment of the store.

Figure 15: Example for the McDonalds Restaurant. Shopping City Süd, Vienna-Vösendorf



Key facts: Service operator – Service provider – End user

Table 9: Service operator – Service provider – End user, RDS TMC Location Code – Mc Donalds Restaurant

RDS TMC Location Code Mc Donalds

Contract Agreement; licence agreement

Costs End user: free

Service provider: (Navigation - Software provider): Licence (free in some countries (founded by government)) or licence fee (e.g. Austria)

End user: free

Service provider: Traffic information is a part of a content pool, free of charge (but product placement for the broadcaster e.g. event information – in the meaning of a win – win situation)

Evaluation End user feedback, updates, bugfix

None

IPR Managed by e.g. road operators (Austria: Asfinag)

Only for presentation in the restaurant

Data flow Frequently update releases continuously data exchange (1†-†5 minute update rate)

Summary

Policies: To involve all parts of the value chain and close the loop from the end user to the end user is a very successful approach. Through the free use of information and the critical mass of input to the system (see Ö3ver example) a powerful and evaluated system can improve the service quality.

Quality standards: The parts of the system participate from a high quality of data. Through information campaigns the awareness for active contribution is given. Misuse is protected with several mechanism e.g. registration or evaluation with other data sources.

Long-term focus: Harmonisation of proceedings in Europe and data exchange with other regions.

Organisational barriers: The priority of traffic information for emergency departments like Red Cross is sometimes low. The cooperation depends on the willingness of every employee or officer.

Budget capabilities: The traffic information is not the main task for a national wide broadcaster and can not open other distribution channels but has an direct impact on the listeners of the radio programme and therefore indirect on the user acceptance of the radio station. Through the cooperation with private enterprises other kinds of traffic information channels can use the content made by the broadcaster. With a win – win situation can stimulate such agreements.



6.7.3 Best practise example: Timetable exchange between railway operators and Public transport associations

Different operators in Austria are joining an association called “Verbund”. These public transport associations (Verkehrsverbund) are bodies for integrated public transport services that offer a “one stop shop” to public transport users. The advantage is one information design for every operator and one tariff model in the area.

To run such a service the relevant data must be shared in an information system of the association. The Austrian federal railways have their own information service platform, too. But the focus of the association is to give an overview and other possibilities especially for the urban areas where you can use bus, tram underground or trains. The contracts are depending on the spatial needs and are independent from other contracts between public transport providers.

Figure 16: Example for the Timetable data flow

The aim is the timetable information for travellers. Nowadays no real-time information is given from the railway operators to the association. The database is weekly refreshed. The real-time information is presented on their own information platform and on a SMS for customers.


Table 10: Content provider - Service operator, Public transport associations

Public transport associations

Contract Agreement, contract

Costs Free for customer information services

Evaluation Trusted partner




Data flow Unidirectional, only content provider

6.7.4 Best practise example: Timetable exchange between international railway operators (UIC)

To join the timetable data with other railway operators the MERITS system was launched. MERITS (Multiple European Railways Integrated Timetable Storage) is a single database containing the timetable data of 32 railway companies, which is integrated and reproduced on a monthly basis. There are 14 different tools to edit and provide data. MERITS is designed to allow each railway company to have rapid access to all the data it needs to produce timetables, and to operate with one single source of data, thereby doing away with the large number of multilateral exchanges. MERITS is not an application for the general public, but a tool designed for railway companies, which decide themselves on how their information and distribution channels are supplied based on their own commercial policy. All costs are determined from the UIC and they are responsible for running the service. Due to the fact of different protocol types the aim is to bring all operators to use the EDIFACT protocol. EDIFACT is the single format used for the supply and extraction of data. An interface software programme is available for converting proprietary formats to EDIFACT and back.

Figure 17: International exchange of time tables [UIC]

The MERITS system interacts with other information systems like the Price and Fare Information System (PriFIS).




Table 11: Content provider - Service operator, UIC

UIC


Costs Data provider pays fee for system

Evaluation Evaluated data


Data flow Exchange for transnational timetable information, data pooling

Summary

Policies: Timetable information for customer information is free of charge. The costs for running a centralized system have to be paid by the data providers. The advantage for the end user is a one stop shop. Real-time information is only available on the information platform of the data provider.

Quality standards: The data are the outcome of the operational system and represent high quality. Problems may cause the converting to other data protocols or formats.

Long-term focus: Harmonisation of data models (e.g. EDIFACT protocol)

Organisational barriers: The UIC runs a system and former information services are still running with the contribution of some data providers. Only data exchange of timetable information works well, all other services causes high effort for harmonization.

Budget capabilities: Originally the costs were based on the numbers of access; with the raising numbers of hits from the Internet the system was turned to a flat fee.

6.7.5 Best practise example: Mobile phone provider

Traffic monitoring and management in general, traffic congestions in particular have a non-negligible influence on the national and regional economic system.

When talking about traffic monitoring and management, mobile operators have different approaches to deal with it. On the one hand side mobile operators can provide voice and/or SMS/MMS information services. On the other hand side mobility data of mobile operators can be used for traffic estimation and prediction.

Hence, mobility data of mobile operators become more and more important – not only because of the universal technology but also because of the area-wide coverage and high penetration rates.



Approximately approximately 1.5 billion people all over the world use the facilities and services of mobile operators. In Austria about 7.8 million people (95% of the population) use in their every day lives a mobile phone. This circumstance makes mobility data of mobile operators a good choice for traffic monitoring and information.

In conclusion, it should be pointed out that traffic monitoring and information based on mobility data of mobile operators must be conform to privacy and data security restrictions in order to protect against misuse. mobilkom austria AG is about to check the judicial and technical, as well as the organisational barriers to fulfil these requirements. As a result of this process, a policy framework – as used for roaming – will be set up.

Summary

Policies: setup of a framework is in progress

Quality standards: based on the requirements of the mobile phone technology

Long-term focus: use of mobility data for traffic information purposes

Organisational barriers: traffic information as a part of the business case can influence other strategic interests

Budget capabilities: to be clarified

6.7.6 Best practice example: Roaming

Roaming is a general term in mobile networks and it is defined as the ability for a subscriber to make & receive voice calls, send & receive data and maintain other services when using the facilities and services of different mobile operators. Establishing roaming between mobile operators is based on and the judicial & technical terms are contained in roaming agreements.

The process of roaming

In general, the process of roaming consists of the following steps:

1. If a mobile phone is turned on or is transferred via a location update or handover to a different mobile network, the process of roaming begins. The so-called visited mobile network recognizes the mobile phone and identifies the so-called home mobile network. If there is no roaming agreement between the two mobile operators, maintenance of service is denied.

2. The visited mobile network contacts the home mobile network and requests information about the subscriber. This request is based on his/her IMSI (International Mobile Subscriber Identity).

3. The visited mobile network creates a temporary subscriber record for the mobile phone. Likewise, the home mobile network updates its information to indicate that the



subscriber is registered in a different mobile network so that information can be correctly routed.

In order that a subscriber is able to roam between two mobile networks, a roaming agreement needs to be negotiated between the visited mobile operator and the home mobile operator.

Roaming details are typically recorded as either TAP (Transferred Account Procedure) or CIBER (Cellular Intercarrier Billing Exchange Roamer) files. TAP records are used by mobile operators using GSM (Global System for Mobile communication) based technologies (particularly throughout the EMEA region); CIBER records are used by mobile operators using AMPS (Advanced Mobile Phone System) based technologies.

The TAP/CIBER records contain various call details e. g. calling party, called party, start time of call, end time of call and duration, etc. The TAP/CIBER records are charged by the rate of the visited mobile operator. The home mobile operator then bills these calls to its subscribers and adds a roaming fee.

Figure 18: Exchange of TAP records between the home mobile network and the visited mobile network.

The call details made by a subscriber roaming in a visited mobile network are recorded by the MSC (Mobile Switching Centre). Each call and each caller produces one or more call records.



In a first step, the call records are transferred to the billing system. In a second step, the call records are grouped in TAP files. The TAP records – containing rated call information according to the operator's IOT (Inter Operator Tariff) – are transmitted at the latest 36 hours from call start time and/or call end time.

The transmission of TAP records between the visited mobile network and the home mobile network can be performed bilaterally or – more commonly – via a data clearing house.

On reception by the home mobile network, TAP records are processed and grouped together with call records produced by the subscriber whilst within an accounting period.

Key facts: Roaming between mobile phone provider (different service provider)

Table 12: Roaming between mobile phone provider, Mobilkom Austria AG

Mobilkom Austria AG


Costs Included in roaming fees

Evaluation Trusted partner, recorded in billing system

IPR For billing

Data flow Exchange between two provider

Conclusion

Roaming is a proven standard procedure for service delivery worldwide.

6.7.7 Best practice example: Data Exchange AVIATION Industry

Introduction

As with any other commodity, airspace is a valuable resource, particularly when subject to high traffic demand. Since airspace is a fixed volume, its management is a vital activity to satisfy the needs of the aircraft operators in the most efficient and equitable manner. Within the air transport value chain, there are three main stakeholders (Air Navigation Service Provider (ANSP), the Airport, Aircraft Operators (AOs)), which have to exchange data, communicate and secure a smooth and optimised traffic flow.

Due to the fact that the air traffic is since the beginning of the civil aviation mostly international, standardisations and centralised system have been developed over the years. At first, Data and Information exchange were in the hand of the national ASNP and with big hand over problems, when an aircraft arrived in other national Airspaces. The rapid increasing of international air traffic was the enabler to implement very fast common systems and procedures. The following two information systems (CFMU, EAD) are the main systems in the European aviation. Therefore the following description is focused on these two systems.



CFMU

The available Air Traffic Control (ATC) capacity needs a smoothing mechanism to avoid overloads and to maximise the use of the airspace. This 'mechanism' is know as Air Traffic Flow and Capacity Management (ATFCM) and the dual objectives - to avoid overloads and to ensure that capacity is fully exploited, represent the core ATFCM activities. Air Traffic Flow Management is provided within Europe by the Central Flow Management Unit (CFMU), which is operated by EUROCONTROL for the benefit of all airspace users, including of course, the travelling public.

Air Traffic Flow and Capacity Management (ATFCM) is a service provided on behalf of Air Traffic Services (ATS) and Aircraft Operators (AOs) with the following principal objectives:

• The provision of flight plan data, the best utilisation of available capacity, the smoothing of traffic flows and the assurance of protection against overloads.

• The provision of advice on flight planning and the minimising of penalties due to congestion

• The CFMU is responsible for the provision of an efficient ATFM service within the area of responsibility of participating European states.

To meet the objectives of balancing demand and capacity, keeping delays to a minimum and avoiding congestion, bottlenecks and overload, the CFMU undertakes flow management in three phases. Each flight will usually have been subjected to these phases, prior to being handled operationally by ATC.

The three phases are:

• Strategic ATFCM (1 year to 1 week)

• Pre-tactical ATFCM (1 week to real-time)

• Tactical ATFCM (real-time)

Management of Flight Plan data

To manage the flow of European air traffic, the CFMU Flow Managers must be able to access a database containing flight plan information on every aircraft that is planning to fly in the airspace.

The Integrated Initial Flight Plan Processing System (IFPS), which became fully operational in March 1996, is the main source for the CFMU demand database and is also the sole source for the distribution of flight plan and associated messages to all relevant ATC units in more than thirty four European States - collectively known as the IFPS Zone.

For flights within the IFPS airspace, AOs send the Flight Plan (FPL) to the IFPS, which acknowledges receipt, processes the data, stores it in the CFMU database and sends the information to the ATC units, which will be concerned with the flight. FPLs containing errors are referred for manual processing to an IFPS operator. IFPS processes more than 38,000 messages (representing about 25,000 flights) each day. More than 80% are processed



automatically, while 96% of those referred for manual correction are treated within ten minutes of receipt.

Although traffic has increased, delays have been kept under control, demonstrating that the CFMU has made a significant contribution to capacity enhancement and delay management.

The CFMU is a dynamic and indispensable part of the European ATM system, providing both an operational and strategic service 24 hours per day. The Operations Rooms of the CFMU contribute to the daily tactical management of air traffic in collaboration with the Operations Rooms of the Area Control Centres (ACCs) throughout Europe, to which they are directly connected. Flow managers continuously monitor the European air traffic situation to identify sector load and capacity variations, delays, bunching of traffic, unused slots and to ensure equity in flow management measures. Based on the monitoring and tactical analysis activities, the managers allocate and update slots, offer individual re-routings, re-route flows on an ad-hoc basis and continually seek to balance capacity and demand.

The key element in the successful operation of the CFMU and the entire European flow management process is the voice and data communications capability. One of the fundamental reasons for the massive congestion and delay suffered by air travellers in Europe, in the late 1980s, was the lack of a homogeneous and seamless air traffic management communication system linking all the ACCs in the region.

The rapid implementation of a modern voice and data communications network, linking the CFMU to every major Air Traffic Control Unit (ATCU) in Europe was a major breakthrough, demonstrating once again that European co-operation in air transport works when the objectives are clear and achievable.

In addition to ATM providers, AOs can also arrange for a direct connection to the CFMU, using either public Internet or a dedicated CFMU network, providing dynamic information to enable enhanced flight planning operations. The communications network of the CFMU is out-sourced to a commercial provider and provides the CFMU with immediate access to the Flow Management Positions (FMPs) at the ACCs as well as providing them and many other users with direct access to the CFMU.

Flow Management Position (FMP) exists in every Air Traffic Control Centre throughout Europe. The FMP provides a vital flow of information from their operational ATC Unit to the CFMU. The FMPs are the "ears and eyes on the ground". They are aware of the current situation within their ACC concerning such matters as workload, staffing, technical failures, etc.

The FMPs are also aware of the operational situation at the airports within their area of responsibility. A reduced airport capacity due to snow, fog, disabled aircraft on the runway, etc. will have a knock-on effect causing ATC congestion, if not managed correctly.

The FMPs can, via their direct access to the CFMU system, display the up-to-date traffic load situation at any time.

All AOs must notify the CFMU and ATC of their intention to operate a flight, by filing an FPL. FPLs must be filed three hours before departure.



The following graphic shows an overview of the data exchange and communication between CFMU and the three Stakeholders.

Figure 19: Exchange and communication between CFMU and the Stakeholders (Source: Eurocontrol)

Table 13: CFMU

CFMU

Contract agreement, contract

Costs Aircraft Operators: Indirect Costs (with the unit charge)

ASNP: No additional costs because the ASNP have a full cost recovery model (via the unit rate)

EUROCONTROL: The costs are covered with the unit rates (further details will follow)

Evaluation Trusted partner is delivering trusted data. An automatically quality check against a standard form is in place and in case of deviation a manual adjustment by an operator is necessary

IPR The IPRs of the data provided by the stakeholder are belonging to the stakeholder and data which generated by the CFMU are in their rights

Data flow Various exchange between the stakeholders

Summary

Policies: The scope of CFMU within Europe is on managing the balance of Demand and



Capacity in a gate-to-gate perspective by all partners. The costs are covered by the unit rates, which are mainly paid by the aircraft operator’s.

Quality standards: The Data are the outcome of the national Air Navigation Service Provider and Aircraft Operators and are exchanged via a Server Client architecture. To improve they quality, and to exclude errors, the data are automatically checked and errors are adjusted by an operator

Long-term focus: To continue to leverage the ATFCM Network by acting independently and by putting the CFMU’s expertise at the disposal of the world’s aviation community.

Organisational barriers: Conflict with military airspace users and military airspaces. Due to the separation of aircraft regulations the demand and capacity planning is more and more in conflict.

Budget capabilities: The information output is mainly for B2B in the aviation industry. Currently no commercialisation is practise.

EAD

EAD is the world’s largest Aeronautical Information System (AIS), a centralised reference database of quality-assured aeronautical information and, simultaneously, a fully integrated, state-of-the-art AIS solution.

EAD lets aeronautical information providers – including AIS organisations from civil aviation authorities, air navigation service providers and military administrations in the European Civil Aviation Conference (ECAC) area – enter and maintain their data in a central repository.

At the same time, EAD enables data users – such as aircraft operators, private pilots and the general public – to retrieve and download AIS data from the system in real-time.

EAD offers instant access, no matter where you are in the world, to the most up-to-date digital aeronautical information from the ECAC area, NOTAM (Notices to Airmen), Pre-flight Information Bulletins (PIBs) from around the world.

One of the major objectives of the EAD is the improvement of the quality of data. Data quality will continue to increase as all parties use standardised rules and procedures, implemented at system level, and ensure cross-border consistency.

The EAD Database provides following Data:

• International NOTAM Operations (INO): Original NOTAM, SNOWTAM and ASHTAM

• Static Data Operations (SDO): Full set of aeronautical information data published in AIP:

o Aerodrome information, including Procedures and Obstacles;

o Enroute information such as Airspaces, Routes, Navaids and Waypoints;

o General information such as Organization, Authority and Units.



• Published AIP Management System (PAMS): AIP, Amendments, Supplements, AIC and Charts.

In the EAD are no Flight Plan Data or Tactical Data available, only Static Data exist for the flight operations.

The following picture shows you the operational Concept of EAD.

Figure 20: Operational Concept of EAD (Source: Eurocontrol)

Table 14: EAD

EAD


Costs Data Provider: free of charge (only initial costs)

Data User (aviation industry data user, commercial data user): yearly fee and software licenses

Evaluation Automatically quality check with a revision by an operator if necessary

IPR The IPRs of the data provided by the stakeholder are belonging to the stakeholder

Data flow Frequently update of the AIP Data und event triggered update of NOTAMs

Summary

Policies: If a national Air Navigation Service Provider (ANSP) is a full Partner of the EAD



System, it has the responsibility of his Data in the Database. If a national Air Navigation Service Provider is no fully Partner, the EAD Operators will update and will have a quality check of the data but the responsibility belongs to the national ANSP. For Partner the use of the Data is free of charge, the rest has to pay for an access to the EAD.

Quality standards: Data quality is provided by the use of standardised rules and procedures, implemented at system level, and ensure cross-border consistency.

Long-term focus: To include more Services and Data like weather Information and Flight Plan Information into the EAD.

Organisational barriers: Not all European Air Navigation Service Provider are partners of the EAD. Some of the ANSP, which are not partner of EAD, are installing similar Systems and try to block the development of EAD (Supplier driven development)

Budget capabilities: The information output is mainly for B2B in the aviation industry.

6.7.8 Best practise example: “Bavarian Traffic Information Agency” (VIB)

The public road administration of Bavaria / Germany initiated a project called “Mobilität 21 (= mobility 21th century).

As a principal they started a public procurement. After validation of the proposals of two different consortiums they finally at the end of 2005 conclude a contract with the below mentioned (private companies) consortium.

Siemens Aktiengesellschaft, Berlin and Munich

PTV Planung Transport Verkehr AG, Karlsruhe

mdv mentz datenverarbeitung GmbH, Munich

micKS MSR GmbH, Oberstdorf

DDG Gesellschaft für Verkehrsdaten mbH, Bonn

Siemens Aktiengesellschaft, Berlin and Munich

PTV Planung Transport Verkehr AG, Karlsruhe

mdv mentz datenverarbeitung GmbH, Munich

micKS MSR GmbH, Oberstdorf

DDG Gesellschaft für Verkehrsdaten mbH, Bonn Figure 21: Private consortium partner of the VIB project



Free State of Bavaria

Setting up– Finances the control center

infrastructure– Is the owner of this infrastructure

Operation– Provision of data– Quality and availability checks

Industry

Setting up– Control center concept and setting up

Operation– System maintenance and renewal– Manages operation at its own expense

and risk– Data and service marketing

Long-term technical, economic and strategic development– VIB as an integration and networking system– Expansion of the data basis

Free State of Bavaria, municipalities, other users and industry"Municipalcooperation"

The project model

Competence, responsibilities and project goals have been defined for cooperation between the state and industry

Figure 22: Project model of VIB

The business concept of the VIB

o Free provision on the Internet of basic services for the public

o Service provider for public authorities and administrations

o Integration of a large number of municipalities

o Cooperation with other traffic information centres

o Development and marketing of mobility traffic data and added-value services (essential content providing for business customers)

The business services and their data serve as the core for added-value services. This is achieved by a standardized travel time model for all of Bavaria, unified interfaces for all of Bavaria and unified geo-referencing on the basis of INTREST. The traffic information agency system integrates diverse subsystems.



Figure 23: Integration of intermodal systems within VIB project

Complete establishment of the control centerEstablishment of the intermodal information serviceCreation of the operating companyBasis for municipal cooperation projectsPreparation of value-added services

Stage 0Stage 0

Operation of the systemsBusiness developmentEstablishment of basic and added-value servicesCooperation with municipalitiesCooperation with other partners

Stage 1Stage 1Final development of the system and merging of all telematics activities in the Free State of Bavaria Networking with other traffic information centers

Stages 2,and ff

Stages 2,and ff

The project timetable

Figure 24: The VIB project timetable

The contract with the Bavarian Infrastructure Administration (OBB) includes the build up of the complete system and the operation of the system during 10 Years. The partners Siemens and PTV intend to found an operation Company VIB and the consortium partners are subcontractors of the VIB company for the operation and further development of the systems and services.

The benefits of the project:

o All means of transport networked

o Reliable intermodal information offering

o More effective use of the entire traffic infrastructure

o Improved traffic flow and mobility

o Consideration of environmental policy aspects

o Modular expandable overall concept



7. Conclusions and recommendations

As far as the legal and contractual framework of eMOTION is concerned, some conclusions and recommendations may be provided.

On the level of Community law, the legal framework within which eMOTION will operate its services appears to be significantly complete and coherent. We did not find any specific legal issue, which may be particularly relevant to eMOTION, which is completely left to national law, while we think that it should be covered by Community law.

There are however some legal barriers to the future smooth operation of eMOTION. The most significant of such barriers appear to be connected to the fact that Community law typically does not provide for full, but only for minimum harmonization, as explained in the specific chapter of this deliverable on the international dimension of eMOTION. In the following two examples dealing respectively with privacy and consumer protection are provided.

Privacy

As far as the protection of privacy is concerned, we recall that the national law that will apply to specific eMOTION services is the law of the place were the ‘controller’ (i.e. the eMOTION actor interested in processing personal data of end users) is established. More specifically, the national law will be the same irrespective of the fact that the personal data processed by any eMOTION actor may refer to end users of different nationalities. This policy choice is based on the idea that once all European citizens have been granted a minimum level of protection of their right to privacy, each Member State may rely on the national law of any other Member State as providing at least this minimum level.

This provision will clearly favour the development and operation of Value Added Services (and more generally of all eMOTION services) requiring the processing of personal data of end users of different nationalities. A different policy choice (e.g. a rule requiring the controller to apply the national law of each end users whose personal data are subject to processing) would have made the provisions of many eMOTION activities far more costly.

However, it is possible that the mere fact that the Directives on privacy provide only for a minimum level of harmonization and not for full harmonization may still represent an obstacle to the smooth operation of eMOTION services. It could be argued that the possibility that eMOTION actors (e.g. eMOTION service providers) will be subject to different national laws providing for different level of protection to the right of privacy may determine distrust in end users on eMOTION actors established in other Member States. For example, a German or Austrian end user may distrust an Italian or Spanish eMOTION service provider assuming that it will provide an inadequate protection of his own personal data, if compared with a local service provider. After all, end users will generally ignore the fact that Community law provides for a minimum level of protection to their personal data.



In theory, eMOTION service providers operating outside the Member State where they are established may point out to end users of other Member States that the law of the Member State where they are established provides the same protection of privacy as the national law of the end users and that therefore end users can expect from service providers established in other Member States the same protection that they could expect from local service providers. Along the same line it could also be argued that each eMOTION service provider will have an incentive to show to potential end users of other Member States that the law of the Member State where the service provider is established provides for a greater level of protection to privacy then the national law of end users.

Following this path of reasoning, it could be concluded that minimum harmonization will favour competition between different European national laws leading to the provision of the optimal level of protection to the right of privacy, assuming that this level is higher that the minimum level already provided by Community law.

However, we are not fully persuaded by these arguments. We doubt that they rely on realistic assumptions. We think on the opposite that minimum harmonization will not prevent end users from distrusting eMOTION service providers from other Member States. We believe that eMOTION service providers may face difficulties because of this distrust (especially when small of medium firms) to provide their services across different European countries.

For this reason, we argue that in the field of privacy protection a shift from minimum to full harmonization (as currently discussed for other fields of intervention of the EU) may facilitate the provision of eMOTION services that requires to a relevant extent the processing or retention of personal data of end users.

Protection of end users as consumers

As far as the contractual protection of eMOTION end users as consumers is concerned, similar conclusions and recommendations as for the protection of privacy may be formulated.

Currently eMOTION service providers would need to use different contract models or standard forms with respect to end users/consumers of different Member States. All Directives dealing with consumer protection provides only for minimum harmonization. Moreover, it is often reported that European national laws have implemented these Directives very differently, providing for different levels and kinds of consumer protection. Therefore, eMOTION service providers would today not be able to rely on one single body of law concerning the protection of consumers.

Not surprisingly the field of consumer protection in the EU is currently under discussion. One of the possible outcomes of this discussion is to replace the present different Directives on consumer protection with one Regulation that would be directly applicable in all Member States.

We believe that such an outcome would also facilitate the provision of eMOTION services across different European countries and should therefore be encouraged. Should such a regulation be enforced, eMOTION service providers dealing with consumers would be able to



use one single contract model or standard form contract with all their counterparties. eMOTION service providers would therefore face lower legal and administrative costs, enabling them to provide their services at a lower price.



8. Resume

The general aim of eMOTION is to integrate different service providers, service operators and content providers into a network to enable the provision of European wide traffic information services. Moreover, the project wants to provide to the end user a multimodal, integrated and real time information service. To reach these objectives it is very important to analyse the policy issues of eMOTION chain. So, within this field, D3 has specified:

(1) The general conditions, which cover all minimum standards that should be achieved by the eMOTION system

(2) The legal and contractual framework of the system.

In particular, the definition of the policies was based on the minimum characteristics for the quality of service provision within the eMOTION framework for the different eMOTION use cases. Such minimum standards are technical, organizational, and legal. The following issues have been taken into account:

General conditions

• Service types: based on the definition of the three service types “information service”, “subscription service” and “monitoring service” it was defined what kind of service type should be realised within the eMOTION framework.

• Service availability: definition of minimum service availability with respect to geographic areas or network types (e.g. European services, national services, services regarding to national freeway network, services available in one conurbation).

• Linkage to other services: this issue is dealing with the possibility to link the service with other services to request additional information (request of real-time traffic messages via traffic information services) or to enable a specific type of visualisation (e.g. request of a map via mapping service)

Request parameters

In this section the parameters was defined that should be definable by the requestor of a service. These parameters define the conditions for the service calculation and are the instruments for service personalisation.

Results of service

In this section the results of the service calculation was described. This description is independent from the types of visualisation that could be different on different end-user devices.


In this section the different types of presentation and visualisation of results was described.



Use of standardised solution

In this section the use of standardised solution was described.

D3 has defined some minimum characteristics for the use cases that have to be complied by the services to be part of the eMOTION framework and in addition eMOTION have defined some advanced characteristics to reach the intended quality and innovation in traffic and transport service provision. The minimum and advanced characteristics determine the technical specification of the eMOTION services in WP3. These minimum and advances characteristics have affected:

• Request parameter

• Results of service

• Presentation of results.

General minimum characteristics have been defined about these technical aspects:











Furthermore some general legal standards have been taken into account in the specification of eMOTION. Legal regulation regarding to “data security”, in other words, the ability of a network or an information system to resist, at a given level of confidence, accidental events or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data and the related services offered by or accessible via these networks and systems.

Failures in the security system might lead to:

• Loss of service, leading to reduced perception of quality, reduced revenues or wider benefits obtained from information access, and possible loss of future traffic;

• Failure to meet response times or quality of service agreements, leading to financial compensation;

• Unauthorized access to data leading to loss or corruption, damaging the quality of service provided to the customers in the value chain; and



• Unauthorized access to client data and personal information, potentially leading to claims for financial compensation or criminal charges.

Typical security vulnerabilities experienced interconnected systems include:

• Denial of Service attacks;

• Unauthorized access to stored data;

• Unauthorized read access to data in transmission;

• Unauthorized alteration of data in transmission; or

• Unintentional access to resources

Particular security vulnerabilities specifically related to Web Services include:

• Potential corruption of service registries;

• Bogus certificates;

• URL spoofing;

• IP spoofing;

• Denial of Service attacks sending large streams of apparently legitimate XML;

• Buffer overflow attacks on flawed processing libraries; and

• Flawed application exception handling leading to exposure of confidential information

General guidance in terms of information security may be found in ISO/IEC standard 17799:2005 and the technical report TR 18044:2004.

The Organisational infrastructure specification for the eMOTION framework have been described using the concept of viewpoints and viewpoint specifications of the Reference Model of Open Distributed Processing (RM-ODP) as put forth by ISO/IEC 10746, 1998.

RM-ODP defines the following five viewpoints:

• Enterprise viewpoint

• Information viewpoint

• Computational viewpoint

• Engineering viewpoint

• Technology viewpoint

The enterprise viewpoint is adopted to expose the actor model of eMOTION, the requirements of every single actor on the eMOTION infrastructure and organisational aspects.

The potential actors of eMOTION have been defined in Deliverable D1 (Requirements and services analysis, chapter 4.2). In D3, interactions between these subjects have been considered accordingly to the specifications of the RM-ODP standard from an Enterprise



Viewpoint in terms of:

Enterprise objects

Objects interfaces

Relationships of objects.

The second step was to specify the legal and contractual framework.

As far as the minimum legal standards were concerned, the set of legal rules that form the legal framework of eMOTION have been discussed. The main legal issues faced in the eMOTION chain have been the issues of:

- Intellectual Property Rights of content owner and service operators

- Privacy of end users

- Consumer Protection.

Intellectual property rights. IPRs are central to eMOTION. This legal issue has two different dimensions. On the one side eMOTION Content owners will be willing to protect their IPRs. On the other side eMOTION Service operators and Service providers will have to take care of the fact that they are not infringing an IPR of a third party. Should such infringement arise they would face injunction of their activity and liability for damages.

There are two different kinds of IPRs that the eMOTION chain will deal with. They are the traditional copyright and the more recent ‘sui generis’ right:

- Copyright requires that the protected work is an intellectual creation of the author. Therefore it entails a requisite of creativity.

- ‘Sui generis’ right on the other hand does not require ‘creativity’ but merely that the work is the product of a substantial investment on the side of the author.

Some issues about IPR have been discussed:

- Protection of databases. The collections of data (data bases) needed for the operation of eMOTION services typically do not represent an intellectual creation of the author. However they do generally require a substantial investment in order to be assembled. Therefore eMOTION Content providers will typically not be able to invoke the longer protection accorded by copyright, but will be able only to invoke the shorter protection accorded by ‘sui generis’ right.

- Protection of more elaborated applications. It is argued on the other hand that eMOTION Service operators may in same cases enjoy the protection accorded by traditional copyright. This will be case for example when eMOTION Service operators use data licensed by Content owner to develop elaborate applications such as maps.

- IPRs and the relations between the different actors of the chain. While Service operators will need permission (through a Licence Agreement) in order to use the data owned by



Content owners, Service operators will acquire an independent IPR on the applications they developed through the use of these data. However the contractual arrangement between the parties may state differently. For example a Content owner may license the use on its data against the promise by a Service operator that whatever application will be developed using these data its IPR will be shared between the two parties.

Privacy. The eMOTION chain may give rise to several issues of privacy. The right to privacy may be understood as the right to be let alone.

For the purpose of privacy protection it is distinguished between the data that are provided by the Content owner and the data that are collected by the service providers directly from the end users.

Data provided by Content providers with the eMOTION chain typically do not raise any issue of privacy. They relate to traffic conditions or weather conditions. Therefore they will rarely if ever deal with personal data.

Personal data of End users. These data do raise concerns about privacy. Service providers are the actors of eMOTION that mostly will enter in the possession of personal data of end users because of the operation of this system.

The service providers of eMOTION will have to develop an elaborate privacy policy, reflecting in a privacy statement made available to the users.

The following issues relating to privacy are relevant:

• Notification to the national supervisory authority

• The person responsible for the notification

• The content of the notification

• The conditions of the directive for the processing of personal data

• The information that has to be given to the user/data subject: (a) when the data are obtained from the user and (b) when the data is not obtained from the user

• Security measures that service providers will need to adopt: (a) technical measures (physical and logical) and (b) organisational measures

Some further specific requirements on electronic traffic data and location data are provided for by Directive 2002/58 on privacy and electronic communications and by Directive 2006/24 on the retention of data.

Consumer protection. While dealing with End users that are natural persons acting for purposes, which are outside their trade, business or profession, eMOTION Service providers will also have to adhere to Community regulation on the protection of consumers. D3 focuses on Directive 97/7 on distance contracts and on Directive 93/13 on unfair terms.



Directive 97/7 provides for:

• Information that the eMOTION service provider will have to give to the consumer before the conclusion on the contract.

• The right of withdrawal that the consumer may exercise for a certain period after the conclusion of the contract.

Directive 93/13 provides a list of contractual clauses that are presumed to be unfair if included in standard form contracts between professional and consumers. Such unfair terms are null and void and should therefore not be included by Service providers in their contract with End users/consumers.

Within the analysis of the European legal aspects, the discussion on the legal framework of eMOTION has been concluded with a discussion of the legal consequences of the fact that eMOTION services will be delivered across different European countries (the international dimension of eMOTION). The following considerations are made:

• Most regulation analysed provide for a minimum European standard leaving Member States free to adopt a stricter standard.

• Therefore eMOTION actors may not rely on Community law but will have to take into consideration national implementing the Directives.

Since eMOTION will work as a market for data or information, contracts such as License Agreements will be central to its operation. So D3 has introduced some of the most significant contractual issues, even if the contractual relations between the different actors of eMOTION will be specifically analysed in D4.

These issues have been developed against the background of a DRM conceptual model that clarify the different actors, roles, and relations of eMOTION. These issues are:

• Grant of License - Licence Agreements may be exclusive or non-exclusive. Exclusive licenses raise antitrust concerns and are therefore problematic. As such, they should be normally avoided.

• Warranties and Liabilities - The operation of eMOTION will expose all actors of the chain to certain risks. For example the quality or availability of the data may fall below a certain level therefore causing damages, such as actual loss in the form of technical or organizational disruption or loss of profit in the form of loss of clients.

The contractual law chosen by the parties will determine a default rule allocating the risk of these damages between the parties. However the contractual parties will be able to choose a different allocation of the risk by introducing specific clauses in the contract.

Finally D3 deals with the role of public entities within eMOTION. Public entities may play any



role within eMOTION: Content owner, Service operator, Service provider, etc.

Applicable law

While operating the services, public entities will be partly subject to the common rules of private law as any other private subjects. Most specifically they will be subject to the same rules as far as privacy and consumer protection, IPRs, and contract law are concerned.

However public entities will be subject to some specific regulations, such as regulation on public procurement etc. D3 focuses on the regulation that is most specific to the role of public entities within eMOTION: the regulation on re-use of public data.

Re-use of public sector data

This regulation is provided for by Directive 2003/98. This Directive is based on the following principle:

• Each Member State is free to decide weather to make public sector information available for commercial use by third parties

• However if the Member State decides to make such information available for such use the rules and principles provided for by the Directive must be applied.

The rules and principles provided for by Directive 2003/98 are the following:

• After request by the private party data must be made available in a reasonable time

• Standard Licence Agreement should be used. The content of such contract should be made available to the public

• The public entities should avoid exclusive licences

• The public entities should avoid discrimination between different Licensees

• The prices charged by public entities for the use of public sector data should limited to costs + a reasonable return on investments

The entire regulation set forth by Directive 2003/98 is then directed to avoid that public entities abuse of the dominant position (or monopoly) they typically have on certain data.

The role of public entities within eMOTION is also explored through some case studies of best practices already adopted by public entities within certain area of the information mobility.



9. Legal instruments

Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts.

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data on the free movement of such data.

Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases.

Directive 97/7/EC of the European Parliament and of the Council of 20 May 1997 on the protection of consumers in respect of distance contracts.

Brussels, 6.6.2001 COM(2001)298 final: Communication From The Commission To The Council, The European Parliament, The European Economic And Social Committee And The Committee Of The Regions: Network and Information Security: Proposal for A European Policy Approach.

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications).

Directive 2003/98/EC of the European Parliament and of the Council of 17 November 2003 on the re-use of public sector information.

Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC.



10. Literature

DG INTERNAL MARKET AND SERVICES WORKING PAPER, First evaluation of Directive 96/9/EC on the legal protection of databases.

NAUTADUTILH, The Implementation and Application of Directive 96/9/EC on the Legal Protection of Databases, Final Report.

S. Chalton, The effect of the E.C. database directive on United Kingdom copyright law in relation to databases: a comparison of features, in European Intellectual Property Review, 1997, 278-288.

M. Lehmann, European Database Directive and German Law, in International Review of Industrial Property and Copyright Law, vol. 29, n. 7/1998, 776-793.

BRIDGE-IT BRinging Innovative Developments for geographic Information Technology - D2.8.2 Legal guidelines and contract models.

International Organization for Standardization, Information Technology — Open Distributed Processing — Reference Model, ISO/IEC 10746, 1998.

Giovanni Manunta, "Diogenes Paper No. 1, What is Security?" Cranfield Security Centre, March 2000.

[RFC 2828] R. Shirey. RFC 2828 - Internet Security Glossary. May 2000. May be found at http://www.ietf.org/rfc/rfc2828.txt

Atlantic / e-Europe 2002 Practitioners Handbook for TTI Service Implementation in European Cities & Regions, Deliverable D6.4.

TEMPO Program, Deliverable D1.4, Final report on the review of European ITS services, Broeders et al., 2003.

TEMPO Program, Success stories in Traveller Information Services (TIS) Perspectives for the future.



COSTE Project, eContent Program, 2004

[ISO/IEC TR 18044:2004] Technical Report: Information security incident management, International Organization for Standardization

[WSA 2004] W3C Web Services Architecture Working Group Note. February 2004, Available at http://www.w3.org/TR/ws-arch/

[ISO/IEC 17799:2005] Standard: Code of practice for information security management, International Organization for Standardization

[RFC4732] RFC 4732. Internet Denial-of-Service Considerations. November 2006. May be found at http://tools.ietf.org/html/rfc4732

WORKING PARTY 29. Opinion on the use of location data with a view to providing value-added services. November 2005.

Documents

Policies - General conditions and legal framework