EU-wide logo and “data protection impact assessments” aim to boost the use of radio frequency identification systems
New EU-wide technical standards have been agreed to help users of Radio Frequency Identification (RFID) smart chips and systems comply with EU Data Protection rules and the European Commission’s 2009 recommendation on RFID (IP/09/740).
A “data protection impact assessment” process has also been agreed.
Practical effects of these new standards will include:
People using electronic travel passes, or buying clothes and supermarket items with RFID tags in the label, will know that smart chips are present thanks to the RFID sign (pictured).
Retailers can use RFID technology to improve stock management and prevent theft, confident that they are respecting current EU data protection rules.
RFID application developers can rely on the Privacy Impact Assessment standards to ensure “data protection by design” within EU data protection rules.
In sectors such as healthcare and banking, where RFID use is exploding, this rapid set of changes will take place in the legal mainstream rather than in a grey zone.
European Commission vice-president Neelie Kroes said: “Smart tags and systems are part of everyday life now, they simplify systems and boost our economy. But it is important to have standards in place which ensure those benefits do not come at a cost to data protection and security of personal data”.
According to reports, the global market for RFID applications is expected to grow to €6.87bn in 2014. Consumers should not face surveillance from RFID chips, they should be deactivated by default immediately and free-of-charge at the point of sale.
Companies or public authorities using smart chips should:
· give consumers clear and simple information so that they understand if their personal data will be used, the type of collected data (such as name, address or date of birth, for example when registering for a travel subscription card) and for what purpose;
· provide clear labelling to identify the devices that ‘read’ the information stored in smart chips, and provide a contact point for citizens to obtain more information; and
· conduct privacy and data protection impact assessments, reviewed by national data protection authorities, before using smart chips.
No comments yet