RFID privacy code useful in Asia

Industry watchers welcome privacy assessments and greater transparency, but warn that costs of adhering to guidelines may be passed on to consumers.

Consumers benefit from having guidelines that promote the protection of their data captured by radio frequency identification (RFID) tags, but may be burdened by additional costs to exercise greater transparency and diligence, say industry observers.

Earlier this month, the European Commission introduced guidelines on the use of RFID technology, to safeguard consumer data and privacy. There are three broad thrusts to the EC recommendations: it should be easy for consumers to know that their data is collected and what it will be used for; privacy and security assessments should be conducted before companies and public authorities use RFID chips; and the tags ought to be deactivated at the point-of-sale unless the consumer opts to keep the chip operational.

Responding to the move by the European Union (EU), Wong Tack Wai, center manager at Singapore's National RFID Centre, told ZDNet Asia in an e-mail interview that putting a logo to indicate that products contain an RFID tag "is good to have". The National RFID Centre is an industry group that drives the development and adoption of RFID technology in various industries in Singapore, including manufacturing, logistics, retail and hospitality.

According to Wong, having guidelines to safeguard user data and privacy can help reduce the fear of the technology. An informed public with higher acceptance of RFID, will drive businesses to exploit the technology to improve business efficiencies, he noted.

However, such a move may act against consumers, he pointed out. "Implementing such guidelines will add overheads and cost to [the] businesses, which may be passed on to the consumer through higher prices."

Implementing icons or labels on RFID tags would not drive up costs significantly, but "the total chain of efforts and events" can amount to much, explained Wong. Such activities could include additional information placed on Web sites, as well as customer service training to manage queries or clarify the use of the icons or technology.

Tim Payne, Gartner's research director focused on supply chain management (SCM), said that privacy and security assessments would be relevant in Asia, in the context of supply chain RFID applications.

Having guidelines protecting consumer information can allay fears, but there is typically no personal data on supply chain RFID tags, he pointed out in an e-mail. For the sake of transparency, however, there will likely be labeling requirements if item-level tagging becomes more extensive--adding costs to retailers, he said.

"SCM RFID deployments, as they expand, will need to prove there is no privacy invasion," said Payne. "For other RFID use cases where personal data is involved, then consumers need to be reassured that there isn't an invasion of privacy or else there is a risk of consumer [backlash].

"Also, as different RFID deployments in different parts of the value chain start to converge, privacy concerns will arise if not addressed through a privacy framework of some kind."

The U.K.-based analyst added that tying privacy guidelines for RFID to a wider privacy framework would be a "sound approach".

Payne said while the EU move can be explained as the European culture of respect for privacy, it does not necessarily have to be limited to within Europe's borders.

"This is also a cultural issue--for Europeans the invasion of privacy is a big thing, it is less so in other parts of the world," he noted. "However, this still needs to be addressed where there is a global flow of goods and products between different regions--especially in terms of labeling [or] transparency requirements."