A monthly look at government activity at the state and federal levels
By Ronald E. Quirk Jr., Esq., Venable LLP
During the past month, RFID regulatory trends appear to have shifted. In previous months, the states and the federal government worked to introduce bills aimed at requiring retailers to protect consumer privacy. Now, some states are focusing on restricting the use of RFID by public schools, while others have specifically exempted RFID from a new computer privacy law, and killed a pending RFID retail consumer privacy bill.
The proposed school legislation resulted in part from complaints by parents concerned about their children’s privacy after reading accounts of RFID pilot programs initiated by school districts in Sutter, California and Spring, Texas. The concerns of privacy advocates and students were also influential. The consumer protection trend reversal is due in large part to lobbying by various industry groups. The lone exception is Nevada, which introduced a new RFID deceptive trade practices bill in mid-March.
On the federal side, the movement is toward market solutions for RFID. The Federal Trade Commission issued a report encouraging self-regulation in the RFID industry, while a group of Republican senators vowed to keep RFID free of any unnecessary regulation.
In The States
Public School Funding Tied to RFID Privacy
H.B. 2, H.B. 2953: Both bills would prohibit public school districts from requiring students to wear RFID tags to identify them, transmit information about them or track their locations. The bills also provide that any school district that permits voluntary use of RFID tags for tracking students must allow for alternative forms of identification for individual students if their parents or guardians object in writing. H.B. 2 is a public school funding bill and the RFID privacy provision is an integral part of the funding requirements. According to an aide of the bills’ sponsor, Rep. Lois Kolkhorst (R-Brenham), no Texas lawmaker has raised an objection to either the RFID component of the funding bill or the standalone RFID bill. Status: H.B. 2 passed the House, and has been referred to the Senate State Education Committee. H.B. 2953 is pending in the Judiciary Committee.
No RFID Tracking as Condition of State or Municipal Benefits
H.B. 5929: Would prohibit state and municipal agencies from using, or even requesting, the use of RFID to track the movement or identity of any employee, student or client, or of any other individual as a condition of obtaining a benefit or service from those agencies. Civil remedies—monetary damages, attorney fees and injunctive relief—are available for violations of this bill. Status: In the Judiciary Committee.
RFID Use Exempted from Computer Crimes Law
H.B. 185: Utah’s governor recently signed into law the Utah Computer Crimes Act Amendments. The Utah Computer Crimes Act, in pertinent part, prohibits unauthorized persons from accessing personal information from a computer without search warrants or other legal rights. H.B. 185, among other things, amended the definition of “computer” to include any electronic device or communication facility that stores, retrieves, processes or transmits data. That definition would have encompassed RFID systems, but during a House Floor Amendment session in late January, language was inserted in the bill, and retained in the version passed into law, that specifically exempts RFID. The new language states that the term “information” does “not include information obtained through the use of an electronic product identification or tracking system; or other technology used by a retailer to identify, track or price goods; and by a retailer through the use of equipment designed to read the electronic product identification or tracking system data located within the retailer’s location.” The Retail Industry Leaders Association (RILA) actively lobbied the legislature for the RFID exemption.
RFID Privacy Bill Killed
A House Committee tabled H.B. 215, which would have required businesses that tag consumer items to notify consumers and remove the tags at point of sale. The committee was persuaded by lobbyists, who testified that the bill would unnecessarily hinder the implementation of RFID, which will save businesses billions of dollars each year in the cost of tracking inventory. The lobbyists lining up against the bill included the Grocery Manufacturers of America, American Electronics Association and the New Mexico Retailers Association. The bill’s sponsor, Rep. Mimi Stewart (D-Albuquerque), said she will reintroduce the bill in 2006.
New RFID Deceptive Trade Practice Bill Introduced
A.B. 264: Would prohibit, as a deceptive trade practice, any failure by a manufacturer, producer, distributor or seller of retail products that has attached an RFID tag to a consumer item, to also attach a label notifying consumers of the tag’s existence. The bill also requires retailers that know or should know that a product contains a tag, to ensure that the item contains the notification label. Violators are subject to civil penalties. Status: In the Commerce and Labor Committee.
FTC Urges Self-Regulation by RFID Industry
The Federal Trade Commission recently released a report stating it will take a hands-off approach to RFID for now, and encouraged the RFID industry to self-regulate.
In its report, RFID: Applications and Implications for Consumers, the FTC rejected suggestions by participants in its June workshop that it issue a set of privacy guidelines to manufacturers and retailers using RFID. The agency noted its concerns about privacy, and stated that it has the ability to enforce existing deceptive trade practice regulations against entities that misrepresent their privacy and/or data security practices.
Accordingly, the FTC issued some self-regulatory suggestions to the RFID industry, including:
(a) encouraging transparent industry initiatives, e.g., retailers should provide clear and conspicuous notices to consumers if RFID tags are being used and state what information is being collected by the tags;
(b) implementing company-specific measures to protect database security; and
(c) engaging in public education programs about how and why they are using the technology.
The FTC concluded that privacy is strongly linked to database security, and therefore companies using RFID to collect personal information should adhere to existing FTC privacy guidelines on protecting that data. The agency stated that it will continue to monitor the deployment of RFID, and it would not rule out the possibility of issuing RFID-specific regulatory guidelines in the future.
GOP Senate Task Force Opposes ‘Premature’ RFID Regulation
The day after the FTC report was issued, the Senate Republican High Tech Task Force announced that it will “protect exciting new technologies,” including RFID, from “premature regulation or legislation in search of a problem.” The Task Force, made up of 14 Republican senators and chaired by John Ensign (R-Nev.), issued a statement assuring the RFID industry that RFID will be free of unnecessary federal regulations.
Industry groups praised the announcement and its platform, which advocates market-based solutions to protect individual privacy. RILA President Sandy Kennedy declared that “the position taken by the Senate task force is completely consistent with our view that RFID holds great potential to benefit the economy and, ultimately, the consumer.” That view was echoed by Jack Grasso, senior director of public relations for the Uniform Code Council, who remarked that the UCC is pleased with the task force’s announcement, and that it “also favors self-regulation and voluntary guidelines for RFID.”
The privacy group CASPIAN took a different view of the task force’s announcement. Its newsletter stated that, while CASPIAN does not advocate tight legislative controls over RFID (it wants labeling legislation only), CASPIAN does not think it “appropriate for our elected officials to gush about the technology, calling it ‘exciting.’ ” CASPIAN also stated that elected officials should not identify themselves as “conduits for the technology industry,” and that the task force’s announcement could mean that the possibility of RFID labeling legislation may “go down in flames.”
This article originally appeared in the May 2005 issue of RFID Operations.