HealthManagement, Volume 3 / Issue 2 / 2008
In the field of RFID (Radio Frequency Identification) chips, the European Union is losing the technological battle for mass deployment, seen as the driver of the creation of an “Internet of things,” the Commission declared. RFID chips have already been deployed at a significant scale all over the world while their implementation can be found in sectors such as the auto industry, transport (luggage retrieval), healthcare (for safer blood transfusion), pharmaceuticals (against counterfeiting) etc. By allowing objects to exchange information among themselves, RFID chips have the potential to create an “Internet of things” (defined as the vision that in the future the real world will come closer to the virtual world). Although depending on many other technologies, the “Internet of Things” vision relies partially on the development of the RFID technologies, while the world market for these devices in 2007 has been estimated at 4.2 billion euros, with the Commission predicting it could grow five-fold within ten years.
What has the European Commission Done on
RFID?
In the field of RFID, recent actions by the Commission can be summarised as follows:
Ó March-October 2006: the Commission conducted a series of workshops and a first public consultation to build a consensus on key issues associated with the development of RFID technologies
Ó November 2006: the Commission made spectrum available for RFID in the UHF band 865-868 Mhz
Ó March 2007: the outcome of the previous workshops and public consultations were summarised in an official Communication. Further action was expected by the public in terms of privacy and data protection
Ó June 2007: the Commission established an RFID Expert Group which would, amongst other things, advise on the elements to be included in an upcoming Commission legal instrument on the implementation of privacy, data protection and information security principles in applications supported by RFID.
Still a Fragmented Market?
The answer is clearly “Yes”. The European market is still highly fragmented, with different approaches developed at national level and wide intra-EU variations regarding overall knowledge and development of the new technology.
Another European shortfall in the uptake of RFID is extremely poor awareness about their benefits and even of their existence by the majority of citizens. This was indeed one of the reasons why the Commission is about to launch an Information Day on RFID (likely to be held on 23 April).
To approach this structural deficit, the EC will introduce a “thematic network” this year, aimed at making stakeholders discuss common approaches including EU standards to develop the new technology more quickly and more safely. Towards this, the Commission has allocated 800,000 euros from its budget.
Status of Privacy Issues
While there is a broad recognition of the economic benefits of RFID, the European deployment of this technology is still far behind the other main global actors. This observation is made by Gerald Santucci, a Commission official in charge of RFID who argued, “We are seeing things being shaped, but they are shaped outside Europe”.
At the foundations of this low penetration of RFID in Europe lie perceived legal and privacy-related risks. As a result, instead of exploring ways to deploy the devices, the debate on RFID in the EU mainly focuses on data protection. However, EU law addresses these concerns in various legal instruments, including the 1995 Directive on the protection of individuals with regard to the processing of personal data and the free movement of such data (the so-called Article 29 Working Party which advises the Commission on Data Protection matters, including implications of new technologies like RFID). Paradoxically, despite this wide array of rules and laws, which has created a complex legal framework, concerns are still being raised on privacy matters.
EC Public Consultation for a Draft
Recommendation
At the present moment, the Commission is consulting the public on whether an additional legal instrument (such as a Recommendation) could add legal certainty and provide guidance on the interpretation of EU data protection law when RFID technologies are used. The main elements proposed in the draft Recommendation can be summarised as follows:
Ó Operators should conduct a risk assessment prior to deploying an RFID application to ensure privacy risks have been properly evaluated
Ó The industry is encouraged to establish codes of conduct governing the use of RFID
Ó Operators should provide a minimum level of information to users of tagged products
Ó Operators should follow a series of information security measures when deploying RFID applications
Ó Specific provisions should apply to the retail sector when a product containing an RFID tag is sold; the Commission is considering a harmonised sign that would inform consumers when RFID tags are used
Ó Member States are encouraged to raise awareness among citizens and SMEs through information campaigns or large-scale pilot projects
Ó Member States should continue their efforts in Research and Development to improve the privacy features of RFID.
The final challenge for the EU will be to shape RFID-related activities within Europe and disseminate them in a constant and visible manner.
For more information, please visit: http://ec.europa.eu/information_society
