There are only ten days left for those with an interest in RFID to make their views known to the European Commission on the technology's privacy implications, so it's time for those who care how the EC will deliberate about RFID and privacy to start weighing into the debate.
RFID Journal has already suggested to its readers in the RFID community via a mailer, that they should add their voice to the discussion.
The mailer reads:
"I would like to bring to your attention the fact that the potential of radio frequency
identification to deliver value to companies and consumers across Europe is at risk—
and I want to encourage you to act.
The European Commission, which has been considering the privacy implications
of RFID for a couple of years, has published draft recommendations that will likely
reduce the business and consumer benefits of RFID. Before the European Union
adopts these proposals, there's still time to convince them they risk throwing the baby
out with the bathwater.
The commission is soliciting feedback. The deadline to comment is April 25. You
know opponents of RFID will be out there saying the proposals don't go far enough,
so it's imperative that end users, vendors and anyone else associated with RFID submit
comments before the industry is saddled with regulatory issues that render RFID
untenable in any consumer—and, potentially, supply chain—application.
It's easy to make your opinion count. There's an online form that will just take a few
minutes to fill out. Here's the link.
I encourage you to give your own opinions, and to stress that the RFID industry supports
the responsible use of the technology. But here are some specific points you might
want to make.
Article 2
This article defines the terms used in the recommendations. Stress to the commission
that the definitions are overly broad and could restrict RFID's use not just in public places,
but in the supply chain as well.
Article 3
If this article is adopted, it will mean that if there is any chance—no matter how small—
that RFID data could be linked to an individual, national governments in Europe should
legislate technical protections and organizational measures to protect the problem. Tell the
commission that it would make far more sense to say that where there is a reasonable
likelihood RFID data will be linked to individuals, governments should ensure there
are protections.
Article 5
This article spells out some specific actions companies must take if they plan to use RFID
in "public spaces" (for instance, they need to explain what their data storage policy is).
But "public spaces" is not clearly defined, so these requirements could affect everyone.
Tell the commission that the term needs to be more clearly defined.
Article 6
This article requires users to establish security for RFID applications, but doesn't recognize
that many companies might participate in a single application, such as supply chain
management. Who is responsible if one company in a particular chain fails to adhere to the
recommendations? All of them? Tell the commission to more narrowly define "RFID application,"
and to clearly spell out the obligations of those who share data across the supply chain.
Article 7
This article singles out the use of RFID in retail. It says that if a retailer's privacy assessment
"shows significant likelihood of personal data being generated from the use of the application,
the retailer has to follow the criteria to make the processing legitimate as laid down in
directive 95/46, and to deactivate the RFID tag at the point of sale unless the consumer chooses to keep the tag operational."
Tell the commission that this article will prevent retailers in Europe from being able to use RFID
for reverse logistics, or for recycling applications. And let them know that as long as retailers
take steps to safeguard customer data, they should be allowed to kill the tag at the request of the customer (an opt-out rather than opt-in approach).
If you believe, as I do, that RFID technology will bring great benefits to consumers and
businesses alike, and that abuses can be prevented, you need to submit your opinions before
April 25."
I would echo that call. Retailers, others interested organisations, individuals - including those that have concerns about privacy; this is a not a one-way-street - should be adding their thoughts to the debate. Post a sample of your ideas here too. And they will be reflected in this blog's own submission to the EC.
Make sure your voice is heard. If you don't enter the lottery, you can't win it! Again, here's the link.
Technorati tags: retailers European Commission, privacy tag customer RFID debate