On 21 February 2008, the European Commission launched a consultation on Radio Frequency Identification (RFID).
Advertisement
Few new technologies attract as much attention from industry, consumer organisations and politicians as Radio Frequency Identification Devices. The interest in RFID largely derives from the technology’s rapid movement from the research lab to mass application, mirroring the evolution of GSM mobile phones in the 1990s.
The Commission sees RFID as an emerging technology with great potential for economic operators in Europe and for European citizens.
Research must be pursued in the area of RFID to build and maintain Europes leadership in the next generation of RFID technology and its applications. However, the development of RFID technology should not be considered an end in itself. The Commission expects RFID to be the forerunner of many increasingly intelligent objects that interact with each other and help humans in ever more sophisticated ways.
The RFID market is expected to grow quickly over the coming years. In 2007, the overall market for RFID was estimated at 4.2 billion and 1.7 billion tags. Within ten years the overall RFID market is expected to be 5 times larger with approximately 450 billion tags produced.
The recent actions of the Commission on RFID can be summarised as follows:
- From March to October 2006, the Commission conducted and to build a consensus on key issues associated with the development of RFID technologies.
- The outcome of these activities was summarised in a adopted by the Commission in March 2007, which showed that further action was expected by the public in terms of privacy and data protection.
- In November 2006, the Commission made available for RFID in UHF band 865-868 MHz.
- In June 2007, the Commission established an which would, amongst other things, advise on the elements to be included in an upcoming Commission legal instrument on the implementation of privacy, data protection and information security principles in applications supported by RFID.
From February to 25 April 2008, the Commission is launching a . Consultation website.
The Commission expects to adopt by summer 2008.
While there is broad recognition of the economic benefits of RFID, especially in fields such as transport and logistics, there is at the same time public concern that the large-scale use of RFID technology in daily products could come in conflict with the individual’s right to privacy. Many organisations, data protection experts and consumer protection associations have therefore drawn public attention to this important concern.
The European Commission is very much aware of the importance of civil rights regarding information and communication technologies, and of privacy and data protection rights in particular. EU law addresses these concerns in various legal instruments, including the 1995 Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data. The Directive created the so-called Article 29 Working Party which advises the Commission on Data Protection matters, including implications of new technologies like RFID.
The so-called e-Privacy Directive of 2002 also deals with the processing of personal data and the protection of privacy in the electronics communications sector. It is currently being reviewed and the proposed revision includes some clarifications with regard to RFID technology.
The Commission is currently consulting the public on whether an additional legal instrument (such as a Recommendation, although other legal instruments under Article 249 EC Treaty are an option) could add legal certainty and provide guidance on the interpretation of EU data protection law when RFID technologies are used.
The main elements proposed in the draft Recommendation can be summarised as follows:
- Operators should conduct a prior to deploying an RFID application to ensure privacy risks have been properly evaluated. This assessment, which reflects good business practice, will be useful for the industry which can expect in return a broader acceptance of its RFID applications.
- The industry is encouraged to establish governing the use of RFID. These codes can be sector-specific to reflect the different ways operators use technology.
- Operators should provide a minimum level of to users of tagged products, such as the purpose of the application or the identity of the operator.
- Operators should follow a series of when deploying RFID applications. One of those requirements is to use recent technology when deploying such applications (not superseded technology).
- Specific provisions should apply to the retail sector when a product containing an RFID tag is sold. The Commission is considering a that would inform consumers when RFID tags are used. In addition, to guarantee consumer choice and control, RFID tags that contain personal data should be “, unless the consumer decides otherwise.
- Member States are encouraged to raise awareness among citizens and SMEs through .
- Member States should continue their efforts in to improve the privacy features of RFID.
Full draft Recommendation and more detailed explanation
The , which gathers all national data protection authorities of the EU, has adopted several documents:
- (19 January 2005) provides guidance to RFID users on the application of basic principles in the EC Directives, particularly the Data Protection Directive and the Directive on Privacy and Electronic Communications.
- The results of the (25 September 2005) indicates different views among respondents regarding the definition of personal data, as well as the level of further guidance needed from the EC on privacy and data protection issues arising from RFID.
- An (20 June 2007), which refers to RFID several times provides guidance on the concept of personal data in Directive 95/46/EC and related Community legislation and its application in different situations.
These texts can be obtained here.
In December 2007, the adopted an opinion on the March 2007 Communication of the Commission. EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. The opinion can be obtained here.
On the basis of the outcome of the current public consultation (which runs until 25 April 2008), the Commission intends to finalise by summer 2008.
Furthermore, a separate and broader debate on the so-called “Internet-of-Things” has been initiated since the beginning of 2008. This debate focuses in particular on the issues of privacy, trust and governance and might lead to further actions by the Commission.
The Internet-of-Things is a catch phrase expressing a vision foreseen by experts who share the view that in the future the real world (i.e. day-to-day objects) will come closer to the virtual world (i.e. the internet).
Other words such as ubiquitous networked society, ambient intelligence or ubimedia have been used to describe the “Internet-of-Things”. One can imagine walls that understand people’s presence to adjust room temperature, smart-fridges that detect food no longer fit for consumption or smart-washing machines that select the appropriate programme, amount of water and powder depending on the cloths inserted.
While depending on many other technologies, the “Internet-of-Things” vision relies partially on the development of RFID technologies.
The Commission has integrated the international dimension of the debate on RFID for some time as many important applications, especially in the logistics sector, include the overseas transportation of tagged items, cases, parcels or containers. In this respect, the Commission maintains a close and fruitful dialogue with its counterparts worldwide to address issues such as common standards and rules.
As an illustration of this permanent dialogue, during the Transatlantic Economic Council in April 2007, the EU and the US jointly made the identification and development of best practices for RFID technologies one of their “Lighthouse priority projects”.