An agreement between the European Commission (EC) and the European Network and Information Security Agency (ENISA) commits to creating guidelines for the use of RFID (radio frequency identification device) tags after concerns about the privacy of user data.
RFID tags are used in mobile phones, computers, smartcard bus passes and cars, and can be used to track individuals, which may mean they fall under the EU Data Protection Directive. Concerns have been raised about the privacy, security and data protection risks and the possibility of third parties gaining access to users' location data.
Neelie Kroes, European Commission vice-president for the Digital Agenda, said: "I welcome today's milestone agreement to put consumers' privacy at the centre of smart tag technology and to make sure privacy concerns are addressed before products are placed on the market."
"I am pleased that industry is working with consumers, privacy watchdogs and others to address legitimate concerns over data privacy and security related to the use of these smart tags. This sets a good example for other industries and technologies to address privacy concerns in Europe in a practical way," she added.
The agreement, "Privacy and Data Protection Impact Assessment (PIA) Framework for RFID Applications", is part of an EC recommendation that says smart tags should be deactivated when purchased and companies should carry out assessments of privacy risks before bringing smart tag applications to the market.
The PIA framework will contribute to the revision of EU rules on data protection.