28 March 2012
Support our work: become a Friend of Statewatch from as little as £1/€1 per month.
EU: Data
Protection and RFIDs
The EU's Article 29 Working Party has produced a useful report
setting out the data protections issues posed by RFID (Radio
Frequency Identification). The report is intended to provide
initial guidance to businesses and agencies intending to introduce
RFID's.
The Working Party is concerned that some applications may "violate human dignity as well as data protection rights". In particular:
"concerns
arise about the possibility of businesses and governments to
use RFID technology to pry into the privacy sphere of individuals.
The ability to surreptitiously collect a variety of data all
related to the same person; track individuals as they walk in
public places (airports, train stations, stores); enhance profiles
through the monitoring of consumer behaviour in stores; read
the details of clothes and accessories worn and medicines carried
by customers are all examples of uses of RFID
technology that give rise to privacy concerns."
The two components of RFID are a tag (ie: a microchip) and a reader. The tag consists of an electronic circuit that store data and an antenna which communicates the data via radio waves. The reader also has an antenna and a "demodulator" which translates the data - which is then processed by a computer.
There are two types of "tags":
“Passive” tags have no own power supply (battery) and can therefore be wakened decades after having been manufactured. The tag is powered by the radio signal. A RFID reader sends radio signals that wake up the tag within a range, triggering it to respond by transmitting the information that is stored on it. “Active” tags have their own battery which reduces their life cycle."
The report gives current examples of RFID usage such as in carkeys, vehicles, tagged boarding cards for airline passengers, patients in hospital and commercial use in shops and stores.
Looking at the data protection implications the report uses several examples. First where a store can track not just the object containing the tag but link this to the record of the customer (through store or credit card data). Second, travel passes using RFID enable the operator: "to know where an identified individual travels at all times".
More than once the report emphasises that: "RFID systems are very susceptible to attacks" because a third party will only need to obtain a "reader" to access the same information.
The report raises that question of whether individuals will be able to disable the tags, a purse with shields could ensure that tagged banknotes could not be detected and an aluminium sheet incorporated into a RFID passport cover could ensure protection except when the passport is opened.
Source: Working document on data protection issues related to RFID technology (pdf)
Spotted an error? If you've spotted a problem with this page, just click once to let us know.
Statewatch does not have a corporate view, nor does it seek to create one, the views expressed are those of the author. Statewatch is not responsible for the content of external websites and inclusion of a link does not constitute an endorsement. Registered UK charity number: 1154784. Registered UK company number: 08480724. Registered company name: The Libertarian Research & Education Trust. Registered office: MayDay Rooms, 88 Fleet Street, London EC4Y 1DH. © Statewatch ISSN 1756-851X. Personal usage as private individuals "fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.