You are currently browsing EDRi's old website. Our new website is available at https://edri.org

EDRI-gram

If you wish to help EDRI promote digital rights, please consider making a private donation.


Flattr this

logo

EDRi booklets

RFID Privacy Impact Assessment Framework formally adopted

6 April, 2011
» 

This article is also available in:
Deutsch: RFID – Neue Datenschutzregeln formell verabschiedet

The Privacy Impact Assessment Framework for RFID applications (RFID PIA) was officially signed by European Commission Vice President Neelie Kroes, representatives of the RFID industry, the chairman of the Article 29 Working Party, Jacob Kohnstamm, and the Executive Director of the European Network and Information Security Agency (ENISA), Udo Helmbrecht. The ceremony took place today, 6 April 2011, in the European Commission's Berlaymont building in Brussels.

In its 2009 recommendation on the implementation of privacy and data protection principles in RFID applications, the European Commission suggested that the RFID industry should develop a framework for RFID privacy and data protection impact assessments. In the months following this recommendation a first draft PIA framework was developed by an informal working group of industry representatives to which EDRi and other stakeholders were also invited to contribute their views.

This first draft RFID PIA framework was submitted for endorsement to the Article 29 Working Party, which did not endorse the framework but published on 13 July 2010 in its working paper no. 175 a request for improvements. Further improvements were suggested by ENISA in July 2010.

In January 2011 a revised PIA Framework was submitted to the Article 29 Working Party, which formally endorsed it by publishing the framework as an annex to its working paper no.180 on 11.02.2011.

In EDRi's opinion the RFID PIA Framework, that was formally signed today, properly follows a risk assessment methodology, which addresses the data protection targets defined in the European data protection legal framework and provides therefore a sound basis for a meaningful assessment of data protection risks for RFID applications.

The RFID PIA Framework is an important milestone on the way to the implementation of privacy friendly RFID applications. Now it is important that industry quickly but thoroughly implements the PIA in practice.

Today's formal signing ceremony took place before the background of the German Big Brother Awards, which were presented in Bielefeld only a few days earlier. One of the unpopular awards was given to the European Fashion Label Peuterey for violating the data protection rights of their customers by secretly tagging their fashion products with RFID chips.

The next twelve months will show how the new RFID PIA Framework is received by industry, as the European Commission is expected to present its report on the implementation of the RFID recommendation, its effectiveness and its impact on operators and consumers in May 2012.

EDRi sincerely hopes that today's important milestone will be followed by a number of serious implementation efforts and that last week's German Big Brother Award was the last one in Europe that will be awarded to a RFID operator.

Commission Recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification (12.05.2009)
http://ec.europa.eu/information_society/policy/rfid/documents/recommen...

EDRi-gram 7.10: EU supports RFID with proper protection of consumers' privacy (20.05.2009)
http://www.edri.org/edri-gram/number7.10/rfid-european-commission-reco...

Article 29 Working Party: Opinion 5/2010 on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp175_en...

ENISA Opinion on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications (31.03.2010)
http://www.enisa.europa.eu/media/news-items/enisa-opinion-on-pia

EDRi-gram 8.15: ENDitorial: Industry RFID PIA: not endorsed in its current form (28.07.2010)
http://www.edri.org/edrigram/number8.15/article-29-no-to-rfid-pia

Article 29 Working Party: Opinion 9/2011 on the revised Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp180_en...

Annex: Privacy and Data Protection Impact Assessment Framework for RFID Applications
http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp180_an...

EDRi-gram: German Big Brother Awards 2011 (6.04.2011) http://www.edri.org/edrigram/number9.7/bba-germany-2011

(contribution by Andreas Krisch - EDRi)

‹ NGOs ask CoE to investigate government collection of biometricsupWebsite blocking and suspension discussions in the UK ›
Printer-friendly version
 
Site by Floatleft.

Syndicate:

Syndicate contentCreative Commons License

With financial support from the EU's Fundamental Rights and Citizenship Programme.
eu logo