The RFID industry should regulate itself to ensure the privacy of consumers and build privacy-control features into the technology as it evolves, three panelists urged today during a discussion on privacy at RFID Journal LIVE! Europe 2006.
“The number-one thing for consumers is that they have control of when their personal information is disseminated and collected,” said Adrian Beck, a criminologist from Leicester University.
Beck said the industry must also ask itself a pivotal question: Should we be collecting this information, that could eventually be linked to personal information? “I feel there’s a presumption that since we can do this, we should do this. But I don’t think we’ve talked to consumers enough,” he said.
Beck was joined by Kathleen Carroll, director of government relations at RFID tag and reader vendor HID Global, and Marissa Jimenez, public policy director for EPCglobal Europe.
Carroll, hired by HID to address RFID-related privacy concerns and monitor legislation and policy affecting RFID, said some states in the United States have tried to pass bills constituting an outright ban on the technology. “It’s time for industry to stand up and start to communicate with the various constituencies about what RFID can and cannot do,” she said.
Jimenez, who also monitors legislation, encouraged more involvement from the RFID industry, warning that the process of creating European regulation or policies on RFID will take time.
“This is not going to be something that is solved in a year or two,” she said. Jimenez recapped the preliminary findings of a recent consultation process led by the European Union (EU), which found that European citizens are ill-informed about RFID and that privacy matters tops their list of concerns (see EU RFID Survey Shows Privacy Protection a Prime Concern).
Jimenez was asked by a member of the audience if companies need only communicate the fact that an article is tagged, or if they must also communicate the implications—i.e., that a third party could read the tag. Her answer was loud and clear: “When you inform, you have to give information about the implications.”
This lead back to the main point discussed: Who has control of personal information, how is it used and by whom? Beck addressed this issue, asking: “If we begin to get talking objects, are they going to start telling tales about me to organizations in a way I have no control of?” He said he could imagine insurance companies taking an interest in whether or not he buys cigarettes, for instance.
Beck compared RFID with the cell phone, saying mobiles are completely invasive since they allow companies to locate where you are, see whom you call and keep copies of text messages you send.
“The cell phone is the most invasive piece of technology that has ever been invented,” he said. “It’s a tracking device, and the phone companies track how you use it—yet people love it, and I understand that. It’s because you can call your mum from anywhere in the middle of the day. I’m not sure why people will accept RFID.”
According to Beck, cell phones have been welcomed despite these privacy infractions because consumers clearly saw their benefits, something consumers are not so clear about with RFID. “I’m a little bit unsure about what RFID will do for the consumer,” he said. Ultimately, consumers want to see prices fall and get through checkout lines more quickly. However, he admitted, no companies are willing to commit to reducing prices as a result of adopting RFID, and few believe that RFID will result in faster checkouts any time soon.