25TH INTERNATIONAL CONFERENCE OF DATA PROTECTION &

25 ^th International Conference of Data Protection &

Privacy Commissioners

Sydney, 12 September 2003

Proposed Resolution on Radio-Frequency Identification

Resolution

The Data Protection and Access to Information Commissioner of Brandenburg, Germany, and co-sponsors (to be inserted) propose that the International Conference resolve that:

Radio-frequency identification (RFID) technology which is increasingly being deployed for a variety of purposes has numerous potential privacy implications. Although RFID tags are so far primarily used to identify and manage objects (products) to control the supply chain or to protect the authenticity of the product brand they may be linked with personal information such as credit card details and could even be used to collect such information, to locate or to profile persons possessing tagged objects.

The Conference stresses that all the basic principles of data protection and privacy law have to be observed when designing and implementing this technology. In particular

a) any controller – before introducing RFID tags linked to personal information or

leading to customer profiles - should first consider alternatives which achieve the

same goal without collecting personal information or profiling customers;

b) personal data, should they be indispensable for the controller, must in any case

be collected in an open and transparent way in order to avoid an unjustifiable

invasion of privacy
and

c) personal data may only be used for the specific purpose for which they were first collected and only as long as this purpose has not been attained.

These principles should be taken into account when designing and using products with Radio-Frequency Identification.

The remote reading and activating of RFID tags without any possibility for the person in possession of the tagged object to influence this process would raise additional severe privacy concerns.

The Conference and the International Working Group on Data Protection in Telecommunications will monitor closely the technological developments in this field in greater detail in order to ensure the respect for data protection in the context of "ubiquitous computing".

Explanatory Note:

Radio-frequency identification tags (RFIDs) are currently being tested and increasingly being used as a more advanced form and possible replacement of bar codes ("smart labels"). The size of these microchips is about 1/3 of a millimetre (and smaller – "smart dust"). Most of them operate as passive transponders (without batteries) by listening to radio signals sent by transceivers (RFID readers) and using the energy of the received radio signal to reflect and answer it. Active RFIDs have a greater range (depending on the readers used). Since prices for RFID microchips and readers are dropping their massive deployment becomes economically viable. RFID tags are likely to become essential drivers of ubiquitous (or pervasive) computing. Due to their storage and capacity for interactive communication they are far more powerful than bar codes. In addition they provide for unique identification of each tagged unit whereas bar codes are identical for every unit of the same product.

RFID tags can be used to install "smart shelves" in stores in order to better manage the supply chain and facilitate the replenishments of goods supplies (e.g. the case of Gillette razors). They may also be used for easy (contact-less) payment at the point of sale especially if linked with credit cards. Furthermore an employer may use the technology to tag his property in order to reduce theft by employees. They could be linked with videosurveillance cameras to check employee as well as customer behaviour. Specific documents may be tagged to be traced easier in an office. Identity cards as well as travel documents (passports, visa) may be equipped with RFIDs. More recently the European Central Bank has announced that Euro notes will be issued with RFID tags in order to fight counterfeiting and money laundering as well as to control circulating notes. Washable RFID tags can be embedded in clothes ("wearable computing") in order to prevent or detect counterfeiting specific brands and to prove the authentic manufacture of the product. Other possible applications range from car keys (immobilizers) to container management.

The RFID technology has numerous privacy implications. This is obvious in the case of implanted microchips. But also in the more widespread case of tagged objects and goods undoubtedly the information transmitted also refers to the person carrying or wearing (or otherwise associated with) a tagged item or a "constellation" of brands thereby revealing the individual's taste. Therefore personal data are processed and transmitted or read with the help of RFIDs or at least such object-related information can easily be linked with personal information (e.g. when a credit card is used for buying the tagged item). RFIDs have the potential of tracking every single movement of a person who possesses or handles tagged objects.

Plans to afford technical devices legal protection against circumvention may prevent data subjects from disabling or deactivating RFIDs which function in a privacy-unfriendly way (e.g. after having paid and left the shop).

Since this issue has led to a growing public debate in a number of countries it is recommended that the International Conference addresses the related privacy problems at this stage in order to encourage privacy-friendly solutions which have been proposed. The International Working Group on Data Protection in Telecommunications at its 34 ^th meeting in Berlin on September 2 and 3, 2003, has expressed its support for this proposal.