Navigation path

Left navigation

Additional tools

Radio Frequency Identification Devices (RFID): Frequently Asked Questions

European Commission - MEMO/08/145   05/03/2008

Other available languages: none

MEMO/08/145

Brussels, 5 March 2008

Radio Frequency Identification Devices (RFID): Frequently Asked Questions

“RFID tags are far cleverer than traditional bar codes. They have the potential to link everyday objects into an ‘Internet of Things’ that will greatly enhance economic prosperity and the quality of life. But as with any breakthrough, there is a possible downside – in this case, the implications of RFID for privacy. This is why we need to build a society-wide consensus on the future of RFID, and the need for credible safeguards. Privacy is at the heart of our European model of society. RFID will therefore only become successful if they do not call into question the capability of every consumer to control the use of his or her personal data. I expect the industry to assume its responsibilities.”

Viviane Reding,

EU Commissioner for Information Society and Media

Why is RFID on the European agenda?

Few new technologies attract as much attention from industry, consumer organisations and politicians as Radio Frequency Identification Devices. The interest in RFID largely derives from the technology's rapid movement from the research lab to mass application, mirroring the evolution of GSM mobile phones in the 1990s.

The Commission sees RFID as an emerging technology with great potential for economic operators in Europe and for European citizens. However, a precondition for the successful take-up of RFID is that it be introduced by industry in full respect of privacy, and that consumers remain in full control of their personal data.

Research must be pursued in the area of RFID to build and maintain Europe’s leadership in the next generation of RFID technology and its applications. However, the development of RFID technology should not be considered an end in itself. The Commission expects RFID to be the forerunner of many increasingly “intelligent” objects that interact with each other and help humans in ever more sophisticated ways.
The RFID market is expected to grow quickly over the coming years. In 2007, the overall market for RFID was estimated at €4.2 billion and 1.7 billion tags. Within ten years the overall RFID market is expected to be 5 times larger with approximately 450 billion tags produced.

What has the European Commission done on RFID?

The recent actions of the Commission on RFID can be summarised as follows:

  • From March to October 2006, the Commission conducted a series of workshops and a first public consultation to build a consensus on key issues associated with the development of RFID technologies.
  • The outcome of these activities was summarised in a Communication adopted by the Commission in March 2007, which showed that further action was expected by the public in terms of privacy and data protection.
  • In November 2006, the Commission made spectrum available for RFID in UHF band 865-868 MHz.
  • In June 2007, the Commission established an RFID Expert Group which would, amongst other things, advise on the elements to be included in an upcoming Commission legal instrument on the implementation of privacy, data protection and information security principles in applications supported by RFID.

From February to 25 April 2008, the Commission is launching a Public Consultation on the draft text of a Commission Recommendation on the implementation of privacy, data protection and information security principles in applications supported by RFID. This consultation can be found at: http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=RFIDRec.

The Commission expects to adopt a legal instrument on RFID by summer 2008.

What has Europe done so far to ensure the privacy of its citizens in an RFID environment?

While there is broad recognition of the economic benefits of RFID, especially in fields such as transport and logistics, there is at the same time public concern that the large-scale use of RFID technology in daily products could come in conflict with the individual's right to privacy. Many organisations, data protection experts and consumer protection associations have therefore drawn public attention to this important concern.

The European Commission is very much aware of the importance of civil rights regarding information and communication technologies, and of privacy and data protection rights in particular. EU law addresses these concerns in various legal instruments, including the 1995 Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data. The Directive created the so-called Article 29 Working Party which advises the Commission on Data Protection matters, including implications of new technologies like RFID.http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2005_en.htm

The so-called “e-Privacy” Directive of 2002 also deals with the processing of personal data and the protection of privacy in the electronics communications sector. It is currently being reviewed and the proposed revision includes some clarifications with regard to RFID technology.

The Commission is currently consulting the public on whether an additional legal instrument (such as a Recommendation, although other legal instruments under Article 249 EC Treaty are an option) could add legal certainty and provide guidance on the interpretation of EU data protection law when RFID technologies are used.

http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=RFIDRec

What are the main features of the Commission's draft Recommendation currently under public consultation?

The main elements proposed in the draft Recommendation can be summarised as follows:

  • Operators should conduct a risk assessment prior to deploying an RFID application to ensure privacy risks have been properly evaluated. This assessment, which reflects good business practice, will be useful for the industry which can expect in return a broader acceptance of its RFID applications.
  • The industry is encouraged to establish codes of conduct governing the use of RFID. These codes can be sector-specific to reflect the different ways operators use technology.
  • Operators should provide a minimum level of information to users of tagged products, such as the purpose of the application or the identity of the operator.
  • Operators should follow a series of information security measures when deploying RFID applications. One of those requirements is to use recent technology when deploying such applications (not superseded technology).
  • Specific provisions should apply to the retail sector when a product containing an RFID tag is sold. The Commission is considering a harmonised sign that would inform consumers when RFID tags are used. In addition, to guarantee consumer choice and control, RFID tags that contain personal data should be automatically deactivated at the "point of sale", unless the consumer decides otherwise.
  • Member States are encouraged to raise awareness among citizens and SMEs through information campaigns or large-scale pilot projects.
  • Member States should continue their efforts in Research and Development to improve the privacy features of RFID.

For the full draft Recommendation and a more detailed explanation, see http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=RFIDRec

What have data protection officials in the EU said so far on RFID?

The Article 29 Working Party, which gathers all national data protection authorities of the EU, has adopted several documents:

  • Document 105 on Data Protection Issues related to RFID Technology (19 January 2005) provides guidance to RFID users on the application of basic principles in the EC Directives, particularly the Data Protection Directive and the Directive on Privacy and Electronic Communications.
  • The results of the Public Consultation on Article 29 Working Document 105 (25 September 2005) indicates different views among respondents regarding the definition of ‘personal data’, as well as the level of further guidance needed from the EC on privacy and data protection issues arising from RFID.
  • An Opinion on the concept of personal data (20 June 2007), – which refers to RFID several times – provides guidance on the concept of personal data in Directive 95/46/EC and related Community legislation and its application in different situations.

These texts can be obtained at:

http://ec.europa.eu/justice_home/fsj/privacy/workinggroup/wpdocs/2005_en.htm

In December 2007, the European Data Protection Supervisor (EDPS) adopted an opinion on the March 2007 Communication of the Commission. EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. The opinion can be obtained at http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/45.

What are the next steps?

On the basis of the outcome of the current public consultation (which runs until 25 April 2008), the Commission intends to finalise a legal instrument on ensuring privacy and the protection of personal data in an RFID environment by summer 2008.

Furthermore, a separate and broader debate on the so-called "Internet-of-Things" has been initiated since the beginning of 2008. This debate focuses in particular on the issues of privacy, trust and governance and might lead to further actions by the Commission.

What is meant by "Internet-of-Things"? What is the link with RFID?

The Internet-of-Things is a catch phrase expressing a vision foreseen by experts who share the view that in the future the real world (i.e. day-to-day objects) will come closer to the virtual world (i.e. the internet).

Other words such as ubiquitous networked society, ambient intelligence or ubimedia have been used to describe the "Internet-of-Things". One can imagine walls that understand people's presence to adjust room temperature, smart-fridges that detect food no longer fit for consumption or smart-washing machines that select the appropriate programme, amount of water and powder depending on the cloths inserted.

While depending on many other technologies, the "Internet-of-Things" vision relies partially on the development of RFID technologies.

How important is the international dimension of the debate on RFID?

The Commission has integrated the international dimension of the debate on RFID for some time as many important applications, especially in the logistics sector, include the overseas transportation of tagged items, cases, parcels or containers. In this respect, the Commission maintains a close and fruitful dialogue with its counterparts worldwide to address issues such as common standards and rules.

As an illustration of this permanent dialogue, during the Transatlantic Economic Council in April 2007, the EU and the US jointly made the identification and development of best practices for RFID technologies one of their "Lighthouse priority projects".

More information on the public debate can be found at:

http://europa.eu.int/information_society/policy/rfid/


Side Bar

My account

Manage your searches and email notifications


Help us improve our website