Radio Frequency Identification (RFID) in Europe: steps towards a policy framework
The spread of Radio Frequency Identification (RFID) technology offers substantial benefits to European citizens, but also raises serious questions relating to security and privacy. The Commission supports the widespread deployment of this technology, and has adopted a communication proposing actions at the European level to facilitate development of a suitable policy and legal framework.
Communication from the Commission to the Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 15 March 2007 - "Radio Frequency Identification (RFID) in Europe: steps towards a policy framework" [COM(2007) 96 - Not published in the Official Journal].
RFID is a method for exchanging information between a marker (radio tag) *, which can be incorporated into any object, and a reader, a wireless device that identifies the information using radiofrequencies. The technology is more powerful when the reader is linked to communication networks such as the internet, which makes the information available over the world-wide web.
The widespread deployment of RFID technology is an important stage in the development of many sectors, including transport, health and retail trade. Its applications range from the traceability of food, to automated payments, and the mobility and observation of patients suffering from Alzheimer's disease. It can therefore have a significant contribution to improving the lives of citizens.
However, the technology also raises concerns about the protection of privacy, health and the environment.
From a technical and commercial point of view, RFID is ready for mass deployment. However, there are some outstanding issues relating to the legal and policy framework for the technology.
Confidentiality and Security
RFID technology raises confidentiality issues and security concerns as it can be used to gather and distribute personal data. As a result, it is difficult to achieve wide public acceptance of the technology, as the public wants to see measures taken to protect its rights. For this reason, the social, political, ethical and legal implications of the deployment of RFID should be taken into account.
Under the current legislation, the national public authorities are responsible for ensuring the application of national legislation as regards data processing procedures, including for RFID applications. As regards the security of the RFID system, the Member States, the Commission and businesses should take concerted action concerning technical and organisational aspects and business procedures. To this end, the Commission encourages the consolidation of good practice and the drawing up of design criteria for RFID technology so risks are restricted from the start.
Reducing the threat to security and privacy requires permanent scrutiny of all implications of RFID. To that end, an approach that focuses on each individual RFID application may prove more effective than a more general approach, because each application has its own risks and advantages.
Awareness and information campaigns can play a key role here. The Commission's public consultation indicated that the general public is often poorly informed about the possibilities and challenges of RFID technology.
The European Union has put in place a vast array of legal instruments to protect personal data. The importance of protecting personal data is recognised in the EC Treaty (Article 16) and in the Charter of Fundamental Rights (Article 8). Moreover, the European legislative framework in this field is defined by the general Data Protection Directive and the ePrivacy Directive. These Directives guarantee the protection of personal data, while taking account of innovations in data processing procedures.
Data storage and access also constitute problems for the drawing up of policy on the deployment of RFID. Given this new phase in the development of the internet, account should be taken of possible breakdowns in or accidental damage to the technology, as well as of individuals who might seek to exploit the technology for their own ends. The World Summit on the Information Society provides a framework for the emerging policy debate on this subject.
The availability of radio frequencies and the harmonisation of conditions for their use are key issues in the functioning of RFID applications in Europe. The Commission's streamlining of the use of the radio spectrum within the EU has since 2002 provided a new basis for the deployment of RFID technology.
The standards governing RFID must facilitate the harmonious distribution of services, while taking account of the rapid development of the technology. Participants in the consultation have expressed the view that the Commission should play a more active role in promoting interoperability and the streamlining of international standards.
Environmental and health issues
Environmental concerns relate to the processing of waste and the use of dangerous substances. These issues are dealt with in the Community legislation on electrical and electronic equipment. As regards health concerns, even though the effects of exposing the population and workers to the electromagnetic fields (EMFs) * of RFIDs are thought to be low, they continue to cause a range of concerns. Moreover, the Community legal framework limits exposure to EMFs.
The deployment of RFID solutions goes hand in hand with enhancing the role of information and communications technology (ICT) in developing the European economy. ICT must become one of the leading sectors of our economy.
|Key terms used in the act|