••• 1

Communication on RFID: “steps towards a policy framework”

(COM(2007)96 of 15 March 2007)

Council of the European UnionWorking Party on Data Protection

Brussels, 24 May 2007

••• 2

How Does RFID Work?

Reader Antenna

Reader broadcasts signal through antenna

Transponder

Transponder receives signal

Computer System

Reader sends info/data to computer system for collecting, logging and processing

Transponder is charged with enough energy to send back an identifying response

••• 3

Why RFID Matters

• Strategic importance– Improve efficiency– Enable new products, services and solutions– Gain competitive advantage– Prepare Europe for the « Internet of Things »

• Socio-economic importance– Safety, convenience, accessibility– Sectoral benefits– Horizontal benefits (anti-

counterfeiting…)

••• 4

Need for Legal Certainty

• Data protection, privacy and securityData protection, privacy and security– Guidance on practical implementation of RFID

under existing legal framework• Governance of resourcesGovernance of resources

– Model of an information retrieval network for RFID tags in the emerging “Internet of Things”

• Radio spectrumRadio spectrum– Short-term and longer-term spectrum

requirements • StandardsStandards

– Working towards international standards• Environment and healthEnvironment and health

– Raising public awareness of existing legal framework

••• 5

Actions at European Level: A threefold strategy

• Technology development– ICT-FP7 (RFID in 4 ‘challenges’ out of 7)– Cluster of European Research Projects (CERP)

• Awareness and multi-stakeholder debate– RFID Expert Group: from June 2007 to 31 March 2009

• Regulatory measures – Self-regulation

• Codes of conduct, best practices and guidelines on data protection and privacy aspects of various RFID applications

• Close concertation with “Article 29 Data Protection Working Party”

– Legislation• RecommendationRecommendation to public authorities and other

stakeholders– Input from Expert Group, “Art. 29 WP”, other initiatives

• Further possible legislative steps

••• 6

Milestones

• June 2007– Establishment of RFID Expert (Stakeholder) Group

• Balanced representation of all relevant interests• By end of 2007

– Recommendation • Principles that public authorities and other stakeholders should

apply wrt RFID usage– Amendment of ePrivacy Directive

• Add appropriate provisions wrt RFID• By end of 2008

– Communication about the “Internet of Things”• Particular attention to security, privacy, trust, governance • Assessment of policy options, incl. legislation

• 2006 – 2008 – International dialogue

• China, Japan, Korea, Russia, USA…

••• 7

Follow-up

• Council of the EU– Telecommunications Council, 7 June

• German Presidency of the EU– Conference “RFID: Towards the Internet of Things”,

Berlin, 25-26 June (http://www.nextgenerationmedia.de/Nextgenerationmedia/Navigation/en/rfid-conference.html)

– ‘European Policy Outlook RFID’ document• Portugal Presidency of the EU

– Tentatively: Conference & Exhibition “Towards a European Policy on RFID”, Lisbon, 15-16 November

• European Parliament– Participation of MEPs in RFID Events– STOA 20th Anniversary Exhibition, Strasbourg, 18-21 May

– 5 RFID R&D projects with live demonstration• European Economic & Social Committee

– Exploratory Opinion expected in July

••• 8

Outcome of Public Online Consultation (1)

• Rely on technical solutions (70%) and awareness raising (67%) underpinned by legislation (55%) rather than on self-regulation (15%)

• Less than 10% think there is no issue, and just over 10% think it is up to the end user to take action

• 66% want RFID tags attached to products in supermarkets to be automatically de-activated, to be removable (51%) or only readable on short distance (44%)

••• 9

Outcome of Public Online Consultation (2)

• 74% of respondents is fairly strongly or very strongly concerned with RFID-enabled monitoring of employeesmonitoring of employees

• ~50% thinks use of PETsPETs in RFID applications should be mandatory, be promoted at European level (31%); ~10% wants to leave it to the market

• Notification of RFID use can be done either by 3rd party certification (says 56%), or by self-certification (says 44%), as long as RFID use is clearly indicated

••• 10

• Users’ privacy protection– Core principles should be defined

• EU’s Data Protection and ePrivacy Directives– Compliance with principles

“Working Party 29”

• Communication on promoting Data Protection by PETs (COM(2007) 228 final)

• Other societal concerns– RFID use in the workplace– Environment-friendly RFID tags

Privacy and Data Protection

••• 11

Further Information & Contact

• http://ec.europa.eu/information_society/newsroom/cf/itemlongdetail.cfm?item_id=3247

• http://www.rfidconsultation.eu/ • http://www.nextgenerationmedia.de

/Nextgenerationmedia/Navigation/en/rfid-conference.html

• gerald.santucci@ec.europa.eu