the European Commission has signed a voluntary agreement with industry, civil society, ENISA (European Network and Information Security Agency) and privacy and data protection watchdogs in Europe to establish guidelines for all companies in Europe to address the data protection implications of smart tags (Radio Frequency Identification Devices - RFID) prior to placing them on the market.
The use of such smart tags is expanding enormously (around 1 billion in Europe in 2011) but there are widespread concerns about their privacy implications. RFIDs can be found in many objects from bus passes to smart cards that pay motorway tolls. Microelectronic devices can process data automatically from RFID tags when brought close to 'readers' that activate them, pick up their radio signal and exchange data with them. Today's agreement forms part of the implementation of a Commission Recommendation adopted in 2009 (see IP/09/740) that inter alia indicates that when consumers buy products with smart tags, they should be deactivated automatically, immediately and free-of-charge unless the consumer agrees explicitly that they are not.
Neelie Kroes, European Commission Vice-President for the Digital Agenda said "I warmly welcome today's milestone agreement to put consumers' privacy at the center of smart tag technology and to make sure privacy concerns are addressed before products are placed on the market. I'm pleased that industry is working with consumers, privacy watchdogs and others to address legitimate concerns over data privacy and security related to the use of these smart tags. This sets a good example for other industries and technologies to address privacy concerns in Europe in a practical way."
Full press release from EU website