European RFID pact aims to safeguard privacy

Privacy watchdogs and industry bodies have signed up to a European Commission agreement to protect data in devices using RFID technology, commonly used in smartcards

A new agreement signed in Brussels will make it easier for companies developing RFID tags to ensure that they are following European data-protection laws.

The European Commission brokered the voluntary pact, which is designed to improve privacy in smart tag use in the 'internet of things'. The Commission, security and privacy groups, and industry bodies signed the agreement in a ceremony on Wednesday.

RFID European Commission

RFID tags will be easier to develop, with new rules addressing "legitimate concerns over data privacy", according to Neelie Kroes.

"I'm pleased that industry is working with consumers, privacy watchdogs and others to address legitimate concerns over data privacy and security related to the use of these smart tags," digital agenda commissioner Neelie Kroes said in a statement.

RFID (radio frequency identification) tags are chips that interact with smartcard readers to exchange data. The technology is commonly used for travel smartcards, such as Transport for London's Oyster card. It is also expected to play a key part as smart tags in the internet of things, which is the expansion of the internet to include computing systems in devices such as cars, fridges, mobile phones and e-books.

The privacy and data Protection Impact Assessment [PIA] Framework for RFID Applications provides guidelines for assessing all smart-tag technologies to make sure they conform to requirements in the 1995 EU Data Protection Directive. It is meant for use by retailers, hospitals, logistics and communication services companies, among other organisations, according to digital agenda spokesman Jonathan Todd.

"The agreement covers all applications of RFID technology," Todd told ZDNet UK. "It will take effect no later than six months after publication and endorsement by the Article 29 Data Protection Working Party — that is, in principle by September 2011."

The Article 29 Data Protection Working Party, a group made up of European data-protection authorities, worked on the framework with the other signatories. These include the European Network Information Security Agency (Enisa), as well as industry bodies such as the European American Business Council,the European Retail Round Table and the Association for Automatic Identification and Mobility.

RFID products

The industry organisations are involved in developing and deploying technologies that identify, track, record, store and communicate business, personal and product data. Smart tags and other RFID technologies are increasingly used in goods supply chains, transport and logistics, e-government and the public sector, health and the pharmaceutical industry, and new mobile and internet applications, according to Todd.

The agreement builds on a RFID recommendation adopted by the Commission in May 2009. Enisa called the pact "an historic event".

"The RFID PIA Framework [brings] major stakeholders to agree on an approach for proactively addressing legitimate privacy concerns posed by the inappropriate use of RFID applications," Enisa executive director Udo Helmbrecht said in a statement.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All