Global Insight: Two Approaches To Privacy By Bert Moore, AIM Global

Reprinted from RFID Connections with permission from AIM Global. AIM Global, the trade association for the Automatic Identification and Mobility industry, is the source for technically accurate, unbiased, commercial-free, and up-to-date information on all AIM technologies. For additional information, please visit www.aimglobal.org.

The European Commission (EC) recently published a draft RFID Privacy Recommendation that, if adopted, would effectively deny the use of RFID for post sales applications, such as warranty, repair, recycling, and recalls. In contrast was the policy published by the Japanese government in 2004 which acknowledges the benefits of RFID for these activities and takes a seemingly more enlightened approach.

The requirement for retailers to automatically deactivate the RFID tag at the point of sale, unless the customer decides to leave it "live," would create a negative impression of RFID (in that it should be deactivated prior to leaving just as anti-theft devices are), imply that RFID is a threat to personal privacy, and place an unnecessary burden on retailers to provide deactivation equipment at each point of sale (POS). Although provision 3 (b) does not require deactivation at POS, privacy advocates could assert that any EPC tag, because it has a unique serial number, could constitute "personal information" and should be deactivated at the POS.

The use of lockable, password protected tags should also be considered so that data on the tag could be read only by authorized agents for recycling, recalls, and other legitimate purposes.

The most significant difference in these approaches is that the EC proposal automatically places RFID in a negative light whereas the Japanese statement acknowledges both risks and benefits and presents a reasonable foundation for the creation of a workable solution to consumer privacy while preserving the benefits of post-purchase RFID applications.

In 2006, AIM Global and its RFID Experts Group devoted considerable effort to developing a policy statement on RFID and privacy. Input to this policy was solicited and received from parties in Europe, the Americas, and the Pacific Rim.