Radio frequency identification applications must respect consumer...
Radio frequency identification applications must respect consumer privacy and data protection standards, the European Commission said Tuesday. It strongly recommended that governments require users of RFID technologies to assess the privacy implications of their applications, including whether they could…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
be used to monitor people, and to take technical and organizational steps to ensure that personal data are kept safe. The nonbinding statement also asked governments to: (1) Help identify applications that might create information-security threats. (2) Ensure that RFID operators publish accurate and easily understood privacy policies. (3) Disclose the presence of RFID readers using the same sign throughout Europe. Retailers using RFID should tell consumers when tags are placed on or embedded in goods and deactivate or remove the tags at no charge during a purchase unless buyers consent to keeping them working, the EC said. The EC wants more research on how “security and privacy by design” can be built into RFID applications, it said. GS1 EPCGlobal, which promotes RFID standards and helps companies adopt the Electronic Product Code standard used in many RFID applications, said the recommendation gives manufacturers and retailers clarity and a framework to begin or expand RFID deployments. Some companies, knowing the EC recommendation was in the works, delayed development of RFID applications, said GS1 CEO Miguel Lopera. GS1 would have preferred more EC encouragement for RFID, but the recommendation recognizes the benefits of the technology and correctly acknowledges it “as a societal good that should be embraced,” he said. The European Consumers’ Organization, which believes that RFID and the Internet of Things aren’t possible without consumer buy-in (WID May 11 p1), said late last month that the recommendation is the first step toward dealing with core consumer concerns about RFID. The organization’s wish list included an EU-wide symbol notifying consumers when RFID is in use, deactivation or removal of tags likely to affect privacy, and privacy assessments of proposed RFID applications, subject to review by data protection authorities. But the organization also said the EC should deal with matters such as RFID’s possible effect on health and the environment, which the EC recommendation doesn’t do.