EC should extend privacy regs to RFID, says bar code chief

Tags are a very private matter

channel

The organization which runs the bar code systems has backed the extension of EU privacy rules to cover RFID technologies.

EC commissioner Viviane Reding earlier this month launched a consultation on RFID, saying that while there was a level of hysteria over the technology’s perceived threat to privacy she was prepared to extend EC privacy legislation to cover the technology.

Jim Bracken, chief executive of GS1 Ireland, said RFID and its associated technologies should indeed be brought under the existing privacy regime. GS1 has administered the bar code system for 30 years and also oversees the electronic product code standards which will underpin the expected explosive growth of RFID.

Bracken said some high value retail items are already being tracked on an item level basis, and this is likely to be extended down to many low cost items as the cost of tags drops in the coming years.

But Bracken said that the organization's existing policy already called on retailers to post signs informing customers that items are tagged, and to give customers the right to have tags switched off or destroyed at the checkout. At the same time, he said, customers may find it advantageous to keep tags active, eg, for returns/warranty purposes, and it is entirely possible to have tags switched off, then reactivated if customers wanted it.

He acknowledged that GS1 had no power to force companies to adhere to its own advice.

But, he said, "We'd support it if the EU made it statutory."

Item level tracking is the nightmare scenario for privacy advocates already tossing and turning over the rise of RFID, with the most paranoid claiming Walmart and the like will be able to track your toiletries right to your home - and beyond.

Bracken said that RFID tags will themselves carry just a bundle of product and tracking codes identifying the particular product, where it's been, where it's going, when it was made, etc.

Everything that rattles privacy geeks - such as tracking shopping patterns and profiling customers - just needs tweaks to allow the RFID data to be fed into databases so it can be data mined by vendors. Just like they already do with store loyalty cards, targeted marketing, etc, which should be covered by existing data protection regulations.

Bracken’s comments came as IBM opened an RFID Centre of Excellence at its campus in Dublin. Colm Shorten, CTO of the Dublin RFID site, said that the company had to reassure its potential corporate customers about the privacy implications of the technology as much as potential consumers. It has to set some of them straight on the limits of RFID tracking while outlining what is and isn't acceptable practice.

The Dublin site will focus on asset tracking technologies, and has already developed a system for tagging laptops, which can then be tracked automatically by RFID-enabled portals at “choke points”, ie, the exit doors. The firm has already run a pilot of the technology, and plans to extend it to around 500 laptops operating across seven buildings on the campus and in Dublin city.

The company did not say exactly what effect the program has had on "delinquent" laptops – presumably those machines that go walkies. Let's face it, if you can't trust the man in the blue suit, who can you trust.®

Sponsored: How to determine if cloud backup is right for your servers