Consumers should be able to control the privacy aspects of "smart" or radio frequency identity (RFID) chips typically found in digital passports, identity cards and Oyster travel cards, the European Commission has said.
The Commission today adopted a recommendation to enure that everyone involved in the design or use of smart chip technology respects the individual's fundamental right to privacy and data protection. This right was set out in the charter of fundamental rights of the European Union on 14 December 2007.
Companies and public authorities should assess the privacy and data protection impacts before they use smart chips. National data protection authorities should review the assessments to assure public confidence, it said.
Firms and government departments that use smart chips, such as the passport and identity service and agencies, should tell consumers precisely what data they collect (such as name, address or date of birth), the purpose, and if and how it will be used. They should also label card readers clearly and provide a contact point for citizens, the commission said.
Retailers should disable tags automatically at the point of purchase unless specifically asked not to do so, the commission said.
Communications commissioner Viviane Reding said consumers had to be confident that the privacy of their personal data was "impregnable". "The commission therefore wants RFID technology to empower consumers to control their data security, which is the best way to make sure (RFID) is an economic success," she said.
RFID chips typically encode identity data that it can send over short range radio links to readers, allowing others to track the person or item attached to the chip.
Reding said the RFID chip market would grow five-fold in the next decade from 2.2 billion (worth €4bn) last year, with Europe taking a 35% share.