New legislation may be required to regulate the widespread use of RFID (radio frequency identification) tags, the European Commission says, announcing the beginning of a public inquiry aimed at identifying citizens’ concerns about the technology.
“RFID is very important to businesses and it is very important to citizens, but it also raises concerns about trust,” says Viviane Reding, European Commissioner for Information Society and Media, in a press briefing at the recent CeBit trade show held in Hanover, Germany. “If we don’t remove the trust problem, well then the business won’t fly.”
As part of the inquiry, which the commission calls a consultation, it will talk to governments and industry groups around the world to try to reach an accord on interoperable standards for RFID equipment, Reding says.
RFID tags are being used increasingly to track inventory in supermarkets and to authenticate information in national identity documents. Each tag contains a unique serial number that can be read by an electronic device. By associating the serial number with information contained in databases the tags can provide personal information on the bearer of an identity document, or the manufacturing and shipping history of a consumer product, perhaps even including who bought it and when.
Reding stopped short of saying that consumer privacy is being compromised by RFID. But she says that sufficient doubt exists in the public mind to warrant a full study.
The commission will hold a series of workshops in Brussels between now and June to canvas opinion from the public and industry on the subject. The results will be incorporated into a consultation document to be published in September.
Reding declined to say what prompted the timing of the commission’s study, but it was likely tied to growing public awareness that RFID systems could compromise privacy, according to a consultant specialising in identity management.
“Obviously she’s been reading the newspapers,” says Tim Cole, a senior partner with the analyst group Kuppinger Cole and Partner.
He was sceptical that the commission’s inquiry will do much to protect individuals’ privacy. Businesses have already been introducing RFID systems “through the back door”, he says, without much regulation or public debate. That’s likely to continue and the commission may be too slow to have an impact, he says.
Still, businesses themselves are reacting to public concern, Cole says, “not out of social responsibility but because it’s bad for business if customers are worried.” Vendors at Cebit, for example, are showing RFID tags that become disabled when a person leaves a shop with a product.
Protection of personal information in electronic form is already the subject of a European law, the e-Privacy Directive. If the commission identifies new threats to European Union citizens’ privacy from RFID and determines that new legislation is required to protect them, then it will consider revising that directive, it says.
RFID is also a European issue for other reasons. Laws allowing for the free movement of goods around the EU would be worthless if tags on packaged foods from Poland, say, were unreadable by scanners in Portugal, as supermarkets would not be able to track their inventory. The commission is also considering legislation on technology standards and radio spectrum allocation to ensure the harmonisation of tag technology across the EU.
RFID is a fast-growing technology. The market is worth about €2.4 billion (NZ$4.45 billion) today, with 600 million tags sold in 2005, Reding says. That number will increase six-fold in seven years, to 3.6 billion tags, she predicts. “Citizens have to be sure they are in control of their data, and to have this control we must have worldwide legal certainty,” she says. “There is a lot of work to be done in the coming weeks and months.”