RFID Law Blog

By Martyn Warwick

As she promised, the redoubtable Viviane Reding, the European Union's Commissioner of the Information Society and the Media, has acted swiftly to publish a list of recommendations designed to protect EU citizens from possible, indeed probable, breaches of their right to privacy that may be occasioned by the use of RFID chips, writes Martyn Warwick.

As Radio Frequency Identification microprocessors become increasingly commonplace the European Commission is asking EU member states to ensure that privacy issues are fully considered in relation to the proliferation of the devices. Ms. Reding is particularly concerned to ensure that the chips are deactivated when a consumer leaves a shop or venue wearing or carrying (usually all unwittingly) one or more of the devices. This is to stop organisations and companies from tracking individuals and compromising their privacy.

In a statement the Commissioner says, "European consumers must be confident that if and when their personal data is involved, their privacy will be impregnable in a changing technological environment. The Commission wants RFID technology to empower consumers to control their data security."

She also wants binding rules to be imposed on companies initiating RFID projects and to ensure that consumers are provided with "clear and simple information" on how, when, where and for what purposes the chips are used and the provision of copper-bottomed guarantees on the safety and confidentiality of personal data gleaned trough the use of the tags.

She also proposed that retail organisations be required to foot the bill for consumer awareness campaigns on RFIDs and wants to make it mandatory that any group running an RFID project should carry out a privacy and data protection impact assessment beforehand.

Viviane Reding says, "A promising technology for the future, smart chips can make life simpler in all sorts of ways. We are talking about everyday objects suddenly becoming smart by connecting to a network and exchanging information. Think of smart-fridges that inform you your milk is past its use-by date or smart-food packaging warning parents about possible allergies. There is clear economic potential in using small, smart chips to allow communication between objects. But Europeans must never be taken unawares by the new technology. This is why the Commission issued strong recommendations to the industry today. European consumers must be confident that if and when their personal data is involved, their privacy will be impregnable also in a changing technological environment.

The Commission therefore wants RFID technology to empower consumers to control their data security, which is the best way to make sure it is an economic success. After all, the European share of the global smart chips market will reach 35 per cent in the next eight years."

At the moment RFIDs are used  to a much greater extent in North America than they are in Europe (currently by a ratio of 3:1) but the latest figures forecast that their usage will quintruple by 2015. The devices can be integrated into a huge variety of objects and products from transport tickets to household fridges and from packets of razor blades to items of clothing.

There are already in excess of six billion of the chips out there and retailers particularly love them because they process data automatically when in proximity to the 'readers' that activate them, access their radio signal and exchange data with them.

Details of the EC's principles for protecting privacy and data protection in the use of RFIDs include provisions requiring that consumers must be able to determine whether products they buy in shops are fited with radio tags or not. Furthermore, when consumers buy products with embedded RFIDs,the radio tags must deactivated automatically, immediately and free-of-charge at the point of sale, unless the consumer explicitly opts-in by asking to keep the chip operational.

Other provisions are that commercial companies and public authorities using smart chips should give people clear and simple information so that they understand if their personal data will be used, the type of collected data that is being and for what purpose. They should also provide clear labelling to identify the devices that 'read' the information stored in smart chips, and provide a contact point for citizens to obtain more information.

All the above provisions are designed to bolster and secure the individual's fundamental right to privacy and data protection as defined and enshrined in the Charter of Fundamental Rights of the European Union proclaimed on 14 December 2007.

 

 

Doug Farry quoted in RFID Journal: "All Eyes on FDA for Drug E-Pedigree," April 10, 2008

Doug Farry quoted and this blog referenced in RFID Update: "Washington RFID Law Could Pave Way For More," April 10, 2008

David Bicknell of Computer Weekly references RFID Law Blog's discussion of government regulation in his post "Opening Up Pandora's Box of RFID Legislation" March 27, 2008

McKenna Long & Aldridge's Ray Biagini has article published in RFID Journal: "Is Your Company At Risk?" July 16, 2007

RFIDLawBlog sourced in RFID Update: "How the SAFETY Act Could Protect RFID Vendors," July 6, 2007

McKenna Long & Aldridge's Ray Biagini gives Podcast interview for RFID Connections: "RFID: The U.S. SAFETY Act - What You Need to Know," June 28, 2007

Doug Farry's latest column in RFID Journal, "It's Not That Simple," May 20, 2007

Doug Farry quoted and this blog referenced in RFID Update: "New Law Serves as Warning to RFID Industry," May 16, 2007

RFID Law Blog referenced in RFID Update: "US Hints at Major Passenger Tracking System," April 25, 2007

RFID Law Blog referenced in RFID Gazette: "RFID: To Regulate or Not To Regulate?" March 23, 2007

McKenna Long & Aldridge and MLA's Preconference mentioned in RFID Journal: "Seminar to Address Legal and Public Policy Issues," April 9, 2007

McKenna Long & Aldridge and this blog referenced in RFID Update: "EU's Decision Not to Legislate RFID is Conditional," April 4, 2007

Doug Farry quoted in this article from ComputerWorld: "Second State Expected to Nix Forced RFID Chipping," March 22, 2007

Doug Farry quoted and this blog mentioned in RFID Journal: "Two U.S. Bills Might Lead to RFID Mandates," March 7, 2007

Our own Doug Farry quoted in RFID Journal: "DHS Privacy Committee Finalizes Report on RFID IDs", December 12, 2006

Doug Farry quoted in RFID Journal: "U.S. Judge Issues Injunction Against Drug-Pedigree Rules", December 8, 2006

Doug Farry quoted in RFID Update: "California RFID Restrictions get Governor's Veto", October 5, 2006

Doug Farry mentioned in RFID Journal: "RFID Reaches the Legal Limit", October 2, 2006

Doug Farry quoted in RFID Journal: "RFID Legal Education Should be Job One, Say Policy Experts", September 29, 2006

Doug Farry quoted in RFID Watch Weekly: "Privacy Concerns may limit RFID Use in California", September 20, 2006

RFID Law Blog referenced in "RFID Update for September 7, 2006"

Doug Farry's article printed in RFID Journal Magazine: "Pay attention!", July/August 2006 also found here.

RFID Law Blog referenced in The RFID Weblog: "RFID Senate Caucus - What Does it Mean?", July 14, 2006

Doug Farry quoted and RFID Law Blog referenced in RFID Journal: "Congress Holds Hearing on Ways to Stop Counterfeit Drugs", July 14, 2006

RFID Law Blog referenced in "RFID Update for Friday, July 14"

Doug Farry quoted in FrontPageMagazine.com: "Microchips for Illegals?", July 13, 2006

Farry quoted in Doug Government Executive magazine: "Experts cautiously embrace adoption of wireless ID tags", June 27, 2006

Doug Farry quoted in RFID Journal: "US Senators Initiate RFID Caucus", June 23, 2006

Doug Farry quoted in ComputerWorld: "Wisconsin Law Bars Forces RFID Implants", June 12, 2006

Wireless-Watch: "Law Firm Launches RFID Law Blog"

RFID Times: "McKenna, Long & Aldridge launch a RFID-Law blog"

RFID Journal: "Law Firm Launches RFID Blog"

RFID Gazette: "Law Firm opens RFID law Blog"

The RFID Weblog: "Law Firm Launches RFID Law Blog"