Digital privacy: EU-wide logo and “data protection impact assessments” aim to boost the use of RFID systems
New EU-wide technical standards have been agreed that will help users of Radio Frequency Identification (RFID) smart chips and systems comply with EU Data Protection rules and the Commission’s 2009 recommendation on RFID (see IP/09/740). A “data protection impact assessment” process has also been agreed.
Practical effects of these new standards will include:
People using electronic travel passes, or buying clothes and supermarket items with RFID tags in the label, will know that smart chips are present thanks to the RFID sign (see right).
RFID application developers can rely on the Privacy Impact Assessment standards to ensure “data protection by design” within EU data protection rules.
In sectors such as healthcare and banking where RFID use is exploding, this rapid set of changes will take place in the legal mainstream rather than in a grey zone.
European Commission Vice President said: "Smart tags and systems are part of everyday life now, they simplify systems and boost our economy. But it is important to have standards in place which ensure those benefits do not come at a cost to data protection and security of personal data". According to reports, the global market for RFID applications is expected to grow to $9.2 billion in 2014. Consumers should not face surveillance from RFID chips, they should be deactivated by default immediately and free-of-charge at the point of sale.
Companies or public authorities using smart chips should:
give consumers clear and simple information so that they understand if their personal data will be used, the type of collected data (such as name, address or date of birth, for example when registering for a travel subscription card) and for what purpose.
provide clear labelling to identify the devices that 'read' the information stored in smart chips, and provide a contact point for citizens to obtain more information.
should conduct privacy and data protection impact assessments, reviewed by national data protection authorities, before using smart chips.
Retail associations and organisations should promote consumer awareness on products containing smart chips through the use of a common European sign (see above).
These standards follow eight years of Commission policy action.