This article was originally published by RFID Update.
March 16, 2007—The European Commission yesterday used CeBIT, Europe’s gigantic technology conference taking place this week in Germany, as a platform to publicly deliver its decision regarding the near-term regulation of RFID technology. In what will surely come as a welcome development to the industry, the executive body of the EU declared that it would seek to minimize regulating the technology. The decision comes after a year-long, Europe-wide public consultation that included workshops, conferences, and online surveying.
“I don’t want to regulate,” Information Society commissioner Viviane Reding was quoted by Reuters. “I believe that the problems here can be solved really if the industry goes for it by self-regulation and by looking at what we got already [in terms of legislation].” The problems to which she referred are largely related to data security and privacy. The public concern around RFID’s potentially intrusive applications was a key focus of the Commission’s efforts.
In studying the issue, the Commission found that abuse and misuse of RFID technology and the resulting data can be addressed by existing European law. Specifically, the forward-looking Data Protection Directive is cited, which is “a legislation framework on data protection and privacy designed to be robust in the face of innovation,” according to the Commission’s official communication regarding its decision. “The protection of personal data is covered by the general Data Protection Directive regardless of the means and procedures used for data processing. The Directive is applicable to all technologies, including RFID. It defines the principles of data protection and requires that a data controller implements these principles and ensure the security of the processing of personal data.”
Another area of focus was the environmental and heath impacts of RFID. Here, too, the Commission found existing law to be largely sufficient.
That is not to say that the Commission has decided RFID need not ever be regulated. “RFID information systems, and related … risks are a moving target and hence require continuous monitoring, assessment, guidance, regulation, and R&D,” reads the communication. Indeed, next steps for the Commission include clarifying how certain existing laws apply to RFID.
Another key component of its strategy going forward is to raise public awareness and understanding about RFID, which was found to be lacking. “Given that the information available is insufficient to allow the public to come to an informed judgment on the balance of risks of RFID, it would appear that awareness and information campaigns need to be an essential part of the policy response.”
Notably, much of the Commission’s decision making was predicated on a strong belief that RFID can serve as both an economic engine and a beneficial tool for Europe’s society, whose promise in both respects need not be hindered by superfluous regulation. “The Commission’s RFID strategy will seek to raise awareness, stress the absolute need for citizens to decide how their personal data is used, and ensure that Europe removes existing obstacles to RFID’s enormous potential,” said Reding.