RFID tagging tech gets privacy code

The European Commission has today issued a set of principles for the use of track and trace RFID technology with the aim of reassuring the public that their privacy and personal data will be safeguarded.

The guidelines state products containing RFID chips should be automatically and immediately deactivated at the point of sale unless the consumer specifically opts-in to keep the chip operational. However the EC says exceptions can be granted to "avoid unnecessary burden on retailers" - provided an assessment of the chip's impact on privacy has been conducted.

Privacy and data protection impact assessments should also be conducted before companies and public authorities use RFID chips, with national data protection authorities reviewing such assessments.

Companies and public authorities using RFID should also provide consumers with "clear and simple information" so they understand if their personal data will be used, as well as telling them the type of data collected and the purpose for collecting it.

The recommendations also state RFID readers should have clear labels identifying what they are, and also act as contact points where people can find out more about the technology. A common European sign should be used by retail associations and organisations - and displayed on products containing RFID chips or their packaging or on the store shelves where that product is located - to further promote consumer awareness of the use of the tech.

The EC said the recommendations "seek to create a level playing field for the European industry while respecting individual's privacy".

Member states now have two years to inform the EC of the steps they intend to take to make sure the guideline's recommendations are met. The Commission added it will report on member states' implementation within three years.

GS1 UK, a global supply chain data standards organisation, welcomed the recommendations - describing them as a "common sense approach" to the tech.

Miguel Lopera, CEO of GS1, said in a statement: "With the adoption of the recommendation, we now have clarity and a framework in which manufacturers and retailers can begin or expand deployments to deliver the benefits of RFID for consumers in Europe."

The recommendations follow a 2006 EC public consultation on the development and use of RFID chips, and a 2007 communication that identified the public expected further action on privacy and data protection.

The Commission said 2.2 billion RFID tags were sold worldwide in 2008, with around one-third of these in Europe. The worldwide market value for RFID tags is estimated to be €4bn in 2008 and to grow to around €20bn by 2018, it added.