RFID (Radio Frequency Identification) refers to a broad range of
technologies that allow users to track and identify physical items
using radio waves. RFID "tags" of various types can be placed on
shipping crates, livestock, even clothing, where they can be later
identified by RFID readers designed to scan the items at a
distance. Many of those applications raise no real privacy
concerns, but when the data collected from RFID tags is linked to
personally identifiable information, privacy issues can arise. The
best practices are geared specifically toward those instances.
This week's publication offers guidance for companies that use
RFID technology to collect data that can be linked to consumers'
personally identifiable information. Drawn largely from widely
accepted principles of "fair information practices," the best
practices outline how consumers should be notified about RFID data
collection, what choice they should have with regard to their own
personal information, and how that information should be treated by
the companies that collect it.
"This is one of the most important steps yet taken to ensure
that developing RFID technology is not deployed in a manner that
threatens the privacy of individuals," said Paula Bruening, staff
counsel for the Center for Democracy &Technology (CDT) which
led the working group. "This document establishes a carefully
crafted balance: recognizing the core privacy needs of citizens
while acknowledging that early-stage technology needs the
flexibility to change as it evolves."
The compromise struck in the document is remarkable considering
the diversity of the organisations participating in the working
group. In addition to CDT, the American Library Association,
aQuantive, Cisco Systems, Eli Lilly and Company, IBM, Intel,
Microsoft, the National Consumers League, Procter & Gamble,
VeriSign and Visa USA all worked for more than a year to develop
the document, a first of its kind for RFID technology.
Identifying situations in which information linkage may raise
concerns, the document lays out clear responses based on the fair
information principles of notice, consent, access, transfer and
security.
"RFID is a fast-evolving technology that may soon become
ubiquitous in our lives," said Bruening. "While it offers great
promise, it also raises serious privacy concerns."
She described the document as "a vital first step toward
addressing those concerns in a manner that respects the pace and
uncertainty of technological advancement."
The document will be treated as a draft that can be updated to
respond to changes in the way RFID functions and is deployed,
according to the working group.
