The good news for those involved in the debate about RFID privacy is that, despite European interest in safeguarding consumers' interests, no decisions have yet been made with regard to regulation or self-regulation, though all the lobbyists are busy. At least, that is the reading of the runes from one expert I heard from recently.
My source says it probably still too early to say what will happen, which means the 8-week consultation period is important. Government policy-makers have yet to reach any formal conclusion and are still in fact-finding mode, and other countries' experiences may be a factor. Canada is one country that has already examined RFID privacy and produced guidelines. But that was nearly two years ago, and the policy may require updating.
And my source goes on: "Functionality in RFID technology goes hand in hand with cost. Any functionality, security, privacy or other, has a price. If goverments regulate in any way there is bound to be a private sector outcry on cost. However a laissez faire approach without adequate regards to protecting the rights of ALL participants, including citizens, is possibly a recipe for trouble. This is one of the issues government policy makers fear. The impact of culture and local societal values in matters of security and privacy cannot be underestimated. There is a fear that RFID could go down the same road in public perception as GM foods with decisons being based on irrational emotions and politics. If it does I believe that opportunities could be lost."
With that message in mind, I'm grateful to David Lyon from GS1 UK for his recent comments on EC privacy considerations regarding RFID, which I've reposted here.
"Recognising that RFID applications are at a fledging state, the business case for RFID for many retailers is still only just about positive and others still have difficulty finding it. Any EC requirement to offer deactivation with all its complexities, or even ubiquitous simple tag removal, would be very likely to result in the stopping of item level adoption by retailers. This is likely to halt the long term opportunities and benefits of RFID for consumer and retailer before they have been obtained.
RFID offers a real opportunity for European retailers to become more efficient.
This will not happen if the legislation fails to strike the right balance between consumer protection and the benefits consumers and retailers can obtain from an efficient service driven retail industry. As EPCglobal business manager at GS1 UK, I would like to comment on some initial points that the European Commission should consider during the 8 week consultation period:
1. An opt-out choice, where tags would only be deactivated when requested by the consumer, is a proportionate, feasible and efficient tool to provide control to the consumer. This can be offered after the point of sale and after checkout. Opt-in provisions (requiring automatic deactivation) would render the introduction of item-level RFID and the development of additional after sales services economically impossible.
2. Enabling deactivation at the consumer’s request for all RFID tags, as a general principle, fulfils the precautionary principle and goes beyond data protection obligations, instilling consumer confidence in the technology.
3. The ability to ‘opt in’ for tag removal, through the use of hang tags, peel able labels, or removing packaging is relatively simple but very expensive and excessive for retailers. It is not proportionate as the cost of removal is significant and to add new RFID labels to returned items would be costly. It is also worth noting that several major European retailers who are using or trialling RFID applications have had almost no requests for tags to be removed by customers.
4. Limit over-detailed information requirements to those RFID application operators whose applications appear to have an impact on privacy; while maintaining the need for transparency and information.
5. Continue to support the development of the technology and its post sale applications; while respecting the consumer’s right to make informed choices as item level tagging progressively becomes a reality in Europe and beyond."
Lyon's comments sound like an excellent basis for future discussion.
