The European Commission (EC) offered a recommended code of conduct for companies deploying RFID and contactless smart card technologies. The announcement, which took the form of a formal recommendation to member countries, hopes to booth safeguard consumer’s privacy rights and enable speedy adoption of the technology, according to a UK Computer Weekly article.
RFID chips are used by retailer to tracks products and contactless smart card chips are used in electronic passports, credit cards and transit programs. The EC lays out four basic principles for the protection of consumer privacy.
First, an RFID tag attached to consumer products for inventory or other purposes of that type should automatically deactivate at the point of sale, unless the consumer agrees to a voluntary option to keep the tag active.
Second, companies or public authorities using RFID technology should give consumers clear notice if personal data is being collected, exactly what type of data is being collected, and for what purpose. The RFID users should also clearly label any readers capable of reading smart tags or cards.
Third, retail groups should promote consumer awareness of RFID-tagged products with a common sign indicating when the technology is being used.
Fourth, companies and public authorities should assess the effects on privacy and data protection prior to deploying the technology. These assessments should be reviewed by national data protection authorities in order to assure that personal data will remain secure.
The EC’s recommendation follows consultation with privacy groups, consumer groups, retailers and representatives of the industries. It is intended to address fears that RFID technology could be used to track citizens’ movements or compromise their personal data.
Read more here.