For immediate release:
May 1, 2006
Contact:
David McGuire, Center for Democracy & Technology
(202) 637-9800 x106
(202) 423-7432 (mob)
LAS VEGAS, NEVADA -- May 1, 2006 -- A working group made up of some of the nation's largest companies, public interest and consumer advocates today unveiled a set of "best practices" designed to promote respect for consumer privacy in the growing use of Radio Frequency Identification (RFID) technology.
Released today at RFID Journal Live!, the document offers guidance for companies that use RFID technology to collect data that can be linked to consumers' personally identifiable information. Drawn largely from widely accepted principles of "fair information practices," the best practices outline how consumers should be notified about RFID data collection, what choice they should have with regard to their own personal information, and how that information should be treated by the companies that collect it.
"This is one of the most important steps yet taken to ensure that developing RFID technology is not deployed in a manner that threatens the privacy of individuals," said Paula Bruening, staff counsel for the Center for Democracy &Technology (CDT) which led the working group. "This document establishes a carefully crafted balance: recognizing the core privacy needs of citizens while acknowledging that early-stage technology needs the flexibility to change as it evolves."
The compromise struck in the best-practices document is particularly remarkable considering the size and diversity of the organizations participating in the RFID working group. In addition to CDT, the American Library Association, aQuantive, Cisco Systems, Eli Lilly and Company, IBM, Intel, Microsoft, the National Consumers League, Procter &Gamble, VeriSign and Visa USA all worked for more than a year to develop the document, a first of its kind for RFID technology. Elliot Maxwell, an RFID consultant and fellow with the communications program at Johns Hopkins University also worked on the document.
RFID refers to a broad range of technologies that allow users to track and identify physical items using radio waves. RFID "tags" of various types can be placed on shipping crates, livestock, even clothing, where they can be later identified by RFID readers designed to scan the items at a distance. Many of those applications raise no real privacy concerns, but when the data collected from RFID tags is linked to personally identifiable information, privacy issues can arise. The best practices are geared specifically toward those instances.
Identifying situations in which information linkage may raise concerns, the document lays out clear responses based on the fair information principles of notice, consent, access, transfer and security.
RFID is an evolving technology and the working group intends for the best practices to be an evolving document. As such, the document will be treated as a draft that can be updated to respond to changes in the way RFID functions and is deployed. The document is available online at http://www.cdt.org/privacy/20060501rfid-best-practices.php.
"RFID is a fast-evolving technology that may soon become ubiquitous in our lives. While it offers great promise, it also raises serious privacy concerns. This document is a vital first step toward addressing those concerns in a manner that respects the pace and uncertainty of technological advancement," Bruening said.
Members of the working group will hold a press conference call Monday, May 1 at 2:00 p.m. ET to discuss the best-practices document. Interested reporters can participate by calling (800) 391-2548 and giving the verbal pass-code VM105421.