(Dieser Artikel ist auch in deutscher Sprache verfügbar)

In the context of increasing debates in the European Union over the RFID policy, Peter Hustinx, the European Data Protection Supevisor (EDPS), published on 20 December 2007 his opinion on the growing use of RFID chips in consumer products and other new applications affecting individuals.

EDPS published this opinion as a response to the European Commission's communication on Radio Frequency Identification (RFID) in Europe that was released in March 2007, but taking into consideration other actions, such as the creation by the EC of the RFID expert group, where EDRi is a member.

Peter Hustinx, explained the role of RFID and its relation with the privacy issues: "RFID systems could play a key role in the development of the European Information Society but the wide acceptance of RFID technologies should be facilitated by the benefits of consistent data protection safeguards. Self-regulation alone may not be enough to meet the challenge. Legal instruments may therefore be required to guarantee that the technical solutions to minimise the risks for data protection and privacy are in place."

EDPS confirms that the wide use of RFID-technology is fundamentally new and may have a fundamental impact on our society and on the protection of fundamental rights in our society, such as privacy and data protection. He underlined the basic five privacy and security issues that can be distinguished in this respect: the identification of the data subject, the identification of the data controller, the decrease meaning of the traditional distinction between the personal and the public sphere, the consequences of the size and physical properties of RFID-tags and the lack of transparency of the processing.

The Opinion has highlighted several direct recommendations to the Commission including the provision of a clear guidance on how to apply the current legal framework to the RFID environment and the identification of "Best Available Techniques" which will play a decisive role in the early adoption of the privacy-by-design principle.

EDPS also tackled the issue of a specific legislation for the main issues of RFID-usage in relevant sectors and considered that such legislation would be needed if the proper implementation of the existing legal framework failed. Such a legislation "must be considered as a 'lex specialis' vis-a-vis the general data protection framework. This legislative measure should also address the privacy and data protection concerns that arise in certain RFID applications, such as item level tagging before the point of sale, which may not necessarily involve the processing of personal data."

In any event, EDPS emphasised the need to lay down "the opt-in principle at the point of sale as a precise and undeniable legal obligation, also for RFID applications that fall outside of the scope of the Data protection Directive and to ensure the mandatory deployment of RFID applications with the appropriate technical features or 'privacy by design'."

EDPS opinion on the communication from the Commission on Radio Frequency Identification in Europe: steps towards a policy framework (20.12.2007)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/...

EDPS Opinion on RFID: major opportunities for Information Society but privacy issues need to be addressed with more ambition (20.12.2007)
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/...

EDRi-gram: RFID Expert Group - Kick Off (6.06.2007)
http://www.edri.org/edrigram/number5.11/rfid-workgroup

EDRi-gram: RFID and Informed Consent - Using and removing of RFID functionality (5.12.2007)
http://www.edri.org/edrigram/number5.23/rfid-informed-consent