GS1 Releases Privacy-Assessment Tool for RFID Users
The software application is intended to help companies assess any privacy risks that may result from their use of RFID technology, determine if they meet the European Commission's privacy recommendations and show them how to take corrective actions, if necessary.
Nov 23, 2011—Global standards organization GS1 has released a software application intended to help European companies assess any privacy risks that might result from their use of radio frequency identification, as well as guide them in eliminating those risks. The Microsoft Excel-based tool is designed to help firms comply with European Commission (EC) recommendations for safeguarding the privacy of consumers and others who may be in contact with RFID technology. The GS1 EPC/RFID Privacy Impact Assessment (PIA) Tool can be downloaded free of charge from GS1's Web site.
Elizabeth Board, GS1's global public policy executive director, explains that companies can use the PIA Tool to conduct self-assessments of privacy risks resulting from their use of RFID technology and the data related to that usage. The tool poses a series of questions enabling companies to determine their privacy risks, and thus where they may need to make improvements to address them. The EC RFID privacy recommendations, as well as the PIA Tool, are directed primarily at retailers and suppliers of consumer goods, because in this industry, the technology may directly impact consumers (for example, customers may see RFID tags on products they intend to buy), but the PIA Tool and EC recommendations are applicable to any company that may be employing RFID within their operations.
Wal-Mart, Procter & Gamble, Metro Group, headquartered in Germany, and Carrefour Group, in France.
In 2009, the European Union (EU) issued its RFID privacy recommendations that included informing consumers of the presence of RFID tags (see European Commission Issues RFID Privacy Recommendations). The recommendation is nonbinding, but is intended to provide a framework to protect data that could potentially pose a risk of privacy intrusion for a customer or business employee. The recommendation states that privacy and data-protection impact assessments should be completed at least six weeks before the technology's deployment.
In April of this year, the EC joined forces with GS1 and the European Network and Information Security Agency (ENISA), the EU agency dedicated to improving information and cyber-security, in order to establish guidelines for all companies in Europe to address the protection of data related to RFID technology (see European Commission Issues Framework for Measuring and Mitigating RFID's Privacy Impact). The European Retail Round Table (ERRT), AIM Germany, Bitkom and the A&N Electric Cooperative (ANEC), also contributed in the development of a privacy impact assessment framework. The members of GS1, ENISA and the EC agreed that with the appropriate tool, companies using RFID could answer specific questions, determine whether they had privacy risks as described in the EC recommendation, and subsequently make the necessary adjustments. The result of that effort is the GS1 EPC/RFID Privacy Impact Assessment Tool.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.