Privacy Laws: Europe Protects Against RFID Abuses

Even though European retailers are embracing RFID, consumers there are wary of the technology's impact on their privacy. Some fear RFID tags will be used to link buying patterns, financial data, and other information directly to individuals.

Those concerns sparked a protest in February 2004 at Metro Group AG's Future Store in Rheinberg, Germany, and a near-boycott of Tesco plc after it said in January that it was expanding its pilot to tag individual DVDs.

European consumers have the government on their side. The European Union already has put in place sweeping privacy laws, and it continues to review them as technology advances. Article 29 of Directive 95/46/ec is Europe's data-protection regulation, and it's the platform on which each country builds its own privacy and data-protection laws.

"The European Union has a much more stringent privacy regimen than the United States," says Mark Rasch, former head of the U.S. Justice Department's computer crime unit, who now serves as senior VP and chief security council at Solutionary Inc., a security software provider. "The issue with RFID is to what extent does it identify an individual purchaser and product, and whether it allows the retailer to aggregate a list of all the products the person has purchased."

Under European law, any company that uses RFID must notify the consumer the tag is on the product and provide details on how to discard the tag and access the information held on it. The company must also disclose how any information will be collected and used.

More than half of 2,000 European consumers who participated in a recent online survey say they're concerned about privacy with regards to RFID. But the survey, conducted by Capgemini and ORC International, a global research unit of Opinion Research Corp., also found that respondents are more likely to buy RFID-tagged products if there are laws protecting their privacy. The ability to disable RFID tags at the store after purchase, a customer opt-in/opt-out choice regarding information collected, and clear labels that state the tag is RFID enabled follow in importance.

It's too early to say how just how far item-level tagging will go, but it will happen. Within three years, about 2.1 billion tags will be affixed to individual items, U.K. consulting firm IDTechEx estimates, while pallets and cases will account for another 11.7 billion tags. The firm estimates that consumer product companies will use the bulk of tags--about 12 billion--for item-level tagging by 2010.

Return to main story, Europe Tries On RFID