Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

European Study Probes RFID's Impact on Privacy

Issued by the European Parliament's Scientific Technology Options Assessment committee, the report finds that the use of RFID to date has not had significant negative impacts on the privacy of individuals, though it does call for transparency.
By Mary Catherine O'Connor
The report also describes how two employers are using RFID to provide access control, while also tracking employees' work hours and maintaining building security. The personnel are aware of the technology and how the companies are using it, the report adds, and none expressed strong concerns that the technology might infringe on their personal privacy. In fact, a labor union at one of the companies believes the system offers a way to track overtime and ensure workers are accurately compensated for time worked, since the system reads tags as they enter and exit the job sites.

At least one case study describes an RFID deployment in which the authors claim it is hard to determine if personal privacy is being infringed. At a zoo in The Netherlands, visitors are issued green bags to cover up their purses or packages so monkeys roaming freely among the guests can't access the goods inside them (which they've shown a tendency to do). The zoo has decided to attach active RFID tags to some of the bag covers they distribute to visitors, to track traffic patterns in the zoo. Administrators indicate this data can help improve exhibit layout and usage. While the zoo tracks only the visitors' movements, rather than their names or any other identifying elements, the guests are not told they may be carrying such a tracking device. The authors suggest that if they knew, some might object.

As implied by its subtitle, "Striking the Balance Between Convenience, Choice and Control," the report suggests RFID should be used when and where it can provide a benefit to both implementers and end users—be they consumers or employees. It further recommends that with the technology being employed for applications ranging from public transit fares to passports, access devices and payment cards, RFID should be deployed in lockstep with what it calls an identity management program.

Under such a program, it says, end users could interact with an information system to learn what specific personal information or tracking data was recorded or not recorded, and what was accessible or inaccessible to either implementers or other users of the technology. Such a system, the report says, goes "beyond the juridical notion of protecting personal data, and emphasizes an active role for users determining their identity in the digital public space."

Although the document notes that a more comprehensive study of RFID usage is required to generate definitive conclusions, it does suggest that general ground rules for using the technology in consumer or employee applications should provide transparency about which parties are collecting personally identifiable data, and what data is being collected and stored. Parties implementing RFID technology for these applications should follow existing privacy laws in Europe, the report maintains, allowing users to determine what identifying information, if any, is tracked. It also recommends governments within the European Union develop a policy determining whether personal data collected by or stored on RFID devices can be used in criminal investigations.

The full STOA report is available for download here.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations