Radio Frequency Identification News and Information





 Conclusion


The Workshop provided Commission staff, panelists, and the public with a valuable opportunity to learn about RFID technology. In addition, the Workshop brought together RFID proponents, privacy experts, and other interested parties to discuss RFID's various current and potential applications and their implications for consumer privacy. It also highlighted proposals to address these implications and generated discussion about the merits of these different approaches.

Workshop participants generally agreed that certain RFID uses, like tagging cases and pallets of goods moving through the supply chain, may increase efficiency without jeopardizing consumer privacy. However, less consensus emerged about the implications of other potential RFID uses, such as item-level tagging of consumer products. Some panelists expressed concern about the physical characteristics of RFID devices, focusing on the small size of tags and readers and their ability to communicate even when concealed and at some distance from each other. These participants were also concerned that a third party could access information stored on RFID tags to monitor consumers surreptitiously.

Other panelists believed that privacy concerns about RFID technology were exaggerated. They doubted that RFID technology would ever have some of the capabilities that appear to raise privacy concerns, and they argued that costs will restrict the introduction of RFID into consumer environments. Finally, they asserted that RFID would not be deployed in privacy-intrusive ways, citing as evidence the range of industry self-regulatory efforts underway.

Panelists discussed a number of self-regulatory models, from RFID-specific practices to comprehensive privacy principles that implicitly incorporate RFID use. In general, these approaches incorporate disclosure of the presence of RFID technology ("notice"), providing the option to discard, remove, or disable the tags ("choice"), consumer education, and information security measures. Workshop participants agreed in particular that there is a need to protect information collected with RFID devices and stored in company databases.

Based on the Workshop discussions and comments submitted from technology experts, RFID users, privacy advocates, and consumers, Commission staff agrees that industry initiatives can play an important role in addressing privacy concerns raised by certain RFID applications. The staff believes that the goal of such programs should be transparency. For example, when a retailer provides notice to consumers about the presence of RFID tags, the notice should be clear, conspicuous, and accurate. The notice should advise consumers if an RFID tag or reader is present and if the technology is being used to collect personally identifiable information about consumers. This clarity is particularly important when a disclosure concerns an unfamiliar technology, as is the case with RFID. Similarly, if a company’s program provides consumers with the option of removing the RFID tag, the company’s practices should make that option easy to exercise by consumers. However, given the variation in RFID applications, translating these goals into concrete steps may be challenging and should occur in a way that allows flexibility to develop the best methods to address consumer privacy concerns.

Commission staff also agrees with the Workshop participants who viewed many of the potential privacy issues associated with RFID as inextricably linked to database security. The Commission has worked vigorously, through a combination of law enforcement, public workshops, and business education materials, to ensure that companies secure consumers' personal information. As in other contexts in which personal information is collected from consumers, the staff believes that a company that uses RFID to collect such information must implement reasonable and appropriate measures to protect that data. As part of implementing an information security program, the staff encourages businesses to consider whether retention of information collected from consumers through RFID or other methods is necessary or even useful. The staff also recommends that any industry self-regulatory program include meaningful accountability provisions to help ensure compliance.

Another critical element of self-regulatory programs that many Workshop participants and commenters emphasized was effective consumer education. The staff agrees that consumer education is a vital part of protecting consumer privacy. Industry members, privacy advocates, and government should develop education tools that inform consumers about RFID technology, how they can expect to encounter it, and what choices they have with respect to its usage in particular situations. As new applications of RFID emerge, the staff will continue to monitor these developments and consider what additional guidance or other actions are appropriate, in light of the implications of those developments for consumers.

<< Previous: Addressing Consumer Privacy Challenges: Best Practices and Principles

Next: RFID News Alerts >>


Google


Back to Pat's Planet.net