Mar 01, 2004The formal debate over how RFID tags can and can't be used has begun in the United States. Representative David L. Hogue (R-District 52) has introduced a bill in Utah that would require labels to indicate that products have RFID tags embedded in them or in the packaging. A similar bill has also been introduced in Missouri.
California State Senator Debra Bowen (D-Redondo Beach) has penned a more
|
|
comprehensive bill that would require retailers to inform consumers when using RFID tags and readers, to get written consent before gathering personally identifiable information, and to kill the transponders before customers leave the store (see Bowen Seeks Balance in RFID Law).
The Utah bill has passed the House of Representatives and is now being considered by the state Senate. The prospects for Bowen's bill are unclear. But it is likely that RFID laws will be passed in several states over the next few years, which means companies could be faced with complying with different laws, depending on which states their products are being sold in. That would increase costs for companies that want to use RFID to track unique items and would likely slow adoption.
Way back in August 2002, I recommended that the companies backing the Auto-ID Center adopt privacy guidelines that are enforceable (see The Privacy Nightmare). The reason? It would reassure consumers and politicians that the companies were serious about protecting consumer privacy. It also would enable companies to adopt one global RFID privacy policy. To no one's surprise, the suggestion was completely ignored. Now companies will be forced to spend time, money and human resources to try to counter legislation that contains measures they oppose.
Often self-regulation doesn't work because there is no way to punish those who fail to comply with the rules. That's not the case here. EPCglobal can punish those who don't comply by refusing to issue EPCs or dropping them from the EPC Network. I'm not sure those that oppose this approach have thought through the issues. Europe already has privacy laws on the books that require products with RFID tags to be labeled as such. European Union laws also require companies to inform consumers when they are gathering data on them and to ask for their consent to use the data. Having different rules in the United States—and even within the different states—means creating different packaging for products, different IT systems to manage data and different rules for governing the use of data.
I don't agree with some of the things in Senator Bowen's bill. For instance, I think mandatory kill means that consumers won't get benefits from RFID tags, and the tags won't be able to be used for recycling. And I think it's probably premature for Utah and California to enact legislation, since most companies are not planning to tag consumer items for several years.
But maybe proposing legislation is a good thing. First, it will convince companies that privacy is a serious issue that they need to address. And second, it helps proponents and opponents of the technology to get beyond this divisive issue. We need to have a debate about how RFID technology can and can't be used, reach a consensus and move on. Nothing crystallizes people's thinking more than the prospect of legislation.
Personally, I think some privacy advocates and some businesspeople are naïve. Next week I'll explain why. For now, I will leave you with this thought: The vast majority of the businesspeople, RFID vendors and privacy advocates I've spoken to believe, as do Bowen and I, that we need to find ways to allow companies, consumers and society at large to reap the benefits of RFID while minimizing potential abuses. The people on the ends of the spectrum of opinion—those who completely oppose the use of RFID and those who completely oppose restrictions on the technology—should not prevent us from reaching a consensus.
Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below.
