|Home||Internet of Things||Aerospace||Apparel||Energy||Defense||Health Care||Logistics||Manufacturing||Retail|
Give Your Views to the EU—Now!
The European Commission is proposing requirements that could dramatically curtail the benefits of RFID technology, so end users and vendors need to submit comments before April 25.
An "RFID application," meanwhile, is defined as "a system to process data through the use of RFID tags and/or readers, a back-end system and/or a networked communication infrastructure." This means most companies' IT systems would be considered an RFID application, if they integrate data with their back end.
"Monitoring" is defined as "any activity carried out for the purpose of detecting, observing, copying or recording the location, movement, activities, image, text, voice, sound or state of an individual." That means using RFID to detect or prevent theft might not be feasible.
Article 3 says: "Where it cannot be excluded that data processed in RFID applications can be related to an identifiable natural person by an RFID application operator or a third party, Member States should ensure that RFID application operators and providers of components of such applications take appropriate technical and organizational measures to mitigate the ensuing privacy and data protection risks."
In other words, if there is a chance—no matter how small—that RFID data could be linked to an individual, national governments in Europe should legislate technical protections and organizational measures to prevent it. The fact is, as any lawyer would attest, there is no application for which you can guarantee, with absolute certainty, that an RFID tag won't be linked to a specific person somehow or in some way, even if companies have the best intentions. It would make far more sense to say that where there is a reasonable likelihood RFID data will be linked to individuals, states should ensure there are protections in place.
Article 5 spells out some specific actions companies must take if they plan to employ RFID in "public spaces" (for instance, they must explain what their data storage policy is). However, as stated earlier, "public spaces" is not clearly defined, so these requirements could affect everyone.
Article 6 is problematic, because it requires users to establish security for RFID applications but doesn't recognize that many companies might participate in a single application, such as supply chain management. Who is responsible if one company in a particular chain fails to adhere to the recommendations? All of them?
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.
|RFID Journal LIVE!||RFID in Health Care||LIVE! LatAm||LIVE! Brasil||LIVE! Europe||RFID Connect||Virtual Events||RFID Journal Awards||Webinars||Presentations|