This is what the European Commission's critical proposal on deactivating RFID tags, Article 7, actually looks like. Not particularly easy to read, but the message is clear to the retailer. The EC, however, is promising a review within three years after it comes into force.
I know there have been plenty of issues re loss of personal data recently, and yes, that is a serious concern, but is the RFID industry - and let's be honest, it's still a fledging industry - really deserving - yet - of all this legalese?
I'd be interested in your thoughts.
Article 7
RFID use in retail
1. RFID application operators acting at any level of the value chain should ensure that they provide sufficient information and means to operators down the chain so that the provisions of this recommendation can be followed.
2. RFID application operators, where appropriate in cooperation with retailers, should adopt a harmonised sign to indicate the presence of tags within retail products and ensure that consumers are informed:
- about the presence of a RFID tag in a retail product;
- whether this tag has a specified, explicit and legitimate purpose after the sale;
- about the likely reasonable privacy risks relating to the presence of the tag and of the measures consumers can take to mitigate these risks.
3. (a) Where a RFID application processes personal data or the privacy impact assessment (undertaken in accordance with Art 3.1) shows significant likelihood of personal data being generated from the use of the application, the retailer has to follow the criteria to make the processing legitimate as laid down in directive 95/46 and to deactivate the RFID tag at the point of sale unless the consumer chooses to keep the tag operational.
(b) Where a RFID application does not involve processing of personal data and where the privacy impact assessment has shown negligible risk of personal data being generated through the application, the retailer must provide an easily accessible facility to deactivate or remove the tag.
4. Deactivation or removal of tags should not entail any reduction or termination of the legal obligations of the retailer or manufacturer towards the consumer. Deactivation or removal of tags by the retailer should be done immediately and free-of-charge for the consumer. Consumers should be able to verify that the action is effective.
5. Within three years after the entry into force of this recommendation, the European Commission will review these provisions in order to assess the effectiveness and efficiency of systems to remove or deactivate tags with a view to providing automatic deactivation at the point of sale on all items except where the consumer has specifically opted-in to the RFID application.
Feel like reading all the rest? Here is where you can find it.
Comments (2)
Hi David,
Thanks for your reply. I certainly do think it's going to be interesting.
So if it's not technically possible for the tags to be hacked what are the main security concerns with RFID?
I’m under the impression that the security issues raised are by members of society who don’t fully understand the way RFID tags work, I certainly experienced this, when i read about RFID tags my initial thoughts were the potential security and privacy threats but after researching more in depth I kind of understand that there isn't a great deal of a threat, right? Or is there?
So should we expect to see RFID tags in the retail industry soon?
What else will RFID tags be able to do in the future? Or perhaps what are RFID tags likely to do in the future?
Be interested in your thoughts.
Ross Rawlings.
Posted by Ross Rawlings | March 2, 2008 12:07 AM
Posted on March 2, 2008 00:07
I don't want to be surrounded by the low frequency radio waves they emit all the time. Human bodies won't even be able to heal properly from all the radio waves. When I go shopping I'll have a little hammer in my purse for smashing the suckers at checkout. I've also heard they can be deactivated with cell phones.
Posted by Rossi | March 4, 2008 9:20 PM
Posted on March 4, 2008 21:20