Digital Agenda: new guidelines to address privacy concerns over use of smart tags
Neelie Kroes, European Commission Vice-President for the Digital Agenda said "I warmly welcome today's milestone agreement to put consumers' privacy at the centre of smart tag technology and to make sure privacy concerns are addressed before products are placed on the market. I'm pleased that industry is working with consumers, privacy watchdogs and others to address legitimate concerns over data privacy and security related to the use of these smart tags. This sets a good example for other industries and technologies to address privacy concerns in Europe in a practical way."
The agreement signed today, "Privacy and Data Protection Impact Assessment (PIA) Framework for RFID Applications", aims to ensure consumers' privacy before RFID tags are introduced on a massive scale (see IP/09/952). Around 2.8 billion smart tags are predicted to be sold in 2011, with about one third of these in Europe. But industry estimates that there could be up to 50 billion connected electronic devices by 2020.
RFID tags in devices such as mobile phones, computers, fridges, e-books and cars bring many potential advantages for businesses, public services and consumer products. Examples include improving product reliability, energy efficiency and recycling processes, paying road tolls without having to stop at toll booths, cutting time spent waiting for luggage at the airport and lowering the environmental footprint of products and services.
However RFID tags also raise potential privacy, security and data protection risks. This includes the possibility of a third party accessing your personal data (e.g. concerning your location) without your permission.
For example, many drivers pay tolls electronically to use roads, airport and car parks based on data collected through RFID tags on their car windscreens. Unless preventative action is taken, RFID readers found outside those specific locations could unwittingly lead to privacy leaks revealing the location of the vehicle. Many hospitals use RFID tags to track inventory and identify patients. While this technology can improve the overall quality of healthcare, the benefits must be balanced with privacy and security concerns.
Comprehensive assessment of privacy risks
Under the agreement, companies will carry out a comprehensive assessment of privacy risks and take measures to address the risks identified before a new smart tag application is introduced onto the market. This will include the potential impact on privacy of links between the data collected and transmitted and other data. This is particularly important in the case of sensitive personal data such as biometric, health or identity data.
The PIA Framework establishes for the first time in Europe a clear methodology to assess and mitigate the privacy risks of smart tags that can be applied by all industry sectors that use smart tags (for example, transport, logistics, the retail trade, ticketing, security and health care).
In particular, the PIA framework will not only give companies legal certainty that the use of their tags is compatible with European privacy legislation but also offer better protection for European citizens and consumers.
Background
In May 2009 all interested stakeholders from industry, standardisation bodies, consumers' organisations, civil society groups, and trade unions, agreed to respect a Recommendation from the European Commission laying out principles for privacy and data protection in the use of smart tags (see IP/09/740). Today’s PIA Framework is part of the implementation of the 2009 Recommendation. Information gathered during the PIA framework drafting process will also make a valuable contribution to discussions on the revision of EU rules on Data Protection (see IP/10/1462 and MEMO/10/542) and on how to address the new challenges for personal data protection brought by technological developments.
For more information:
Link to the PIA framework
Digital Agenda website:
http://ec.europa.eu/information_society/digital-agenda/index_en.htm
Neelie Kroes' website: http://ec.europa.eu/commission_2010-2014/kroes/
Follow Neelie Kroes on Twitter: http://twitter.com/neeliekroeseu