CE RFID has analysed the existing legal framework applicable to Radio Frequency Identification technology to identify and address potential concerns. Five different topics have been taken into consideration: Privacy and Security, Health and Environment, Standardisation and Radio Spectrum, Intellectual Property Rights and RFID Governance. A cross-analysis depicting current regulations and RFID application cases is given in each chapter so as to conclude whether or not the existing regulative framework suffices for the legitimate development of RFID.

Privacy and Security

As any other technology, RFID, when processing personal data, shall comply with data protection legislation. The cornerstone of those laws is Directive 95/46 (“Data Protection Directive”), which provides a number of principles that should be complied with for the processing of personal data to be lawful. All RFID applications that are identified in the Report as “involving personal data” shall then be subject to the Data Protection Directive and related legislation. Consequently, the current legal framework suffices for the existing RFID applications, although further enforcement and monitoring might be required. Technical and organisational measures constitute sound alternative means to enhance data protection. In particular, Privacy Impact Assessments (to determine the type of data involved (personal or not) and the privacy risks) and “Privacy by design”, (tags designed with privacy features embedded from the very beginning) shall be encouraged. According to the Data Protection Directive, individuals should be well informed on RFID applications and be able to agree or not on using the RFID applications involving their personal data without imposing unbearable burdens to the RFID deployers. In general, considering the low degree of knowledge within the general public, public information on RFID technology and about the benefits and the risks of RFID applications is crucial.

The deployment of RFID in the workplace raises in particular concerns that can be addressed through the implementation of guidelines and the involvement of employee representations

Standardisation and Radio Spectrum

There are currently some problems concerning the use of radio spectrum in the European Union, such as the lack of harmonisation and full availability of a “first generation” radio spectrum ranges, which in Europe are considerably narrower than the available frequency ranges in other countries. In addition, harmonised international standards, aiming at making the system interoperable are required to avoid hindering progression. Therefore, no further specific legislation is needed in the fields of standardisation and radio spectrum, although continuous monitoring is encouraged. The efforts of the European Union should be rather focused on harmonising the existing technical requirements for the development of RFID. Interoperable and suitable security standards shall be developed. With regard to radio spectrum,  the European Commission is encouraged to keep up its commitment to harmonize spectrum management and allocation across the Member States, and to continue efforts to provide additional UHF spectrum.

Intellectual Property Rights

The right to be granted a patent on technical innovations or a copyright on a certain work is essential to promote progress. It is recommended that political efforts to come closer to a genuine (European) Community Patent shall be continued, in order to boost technological development. Global platforms, international debates and private approaches in how to manage IPR (such as patent pools or open source) shall be encouraged.

Health and Environment

Concerning Environment, the key issue is the recycling of the tags. In this respect, the European Union has enacted a consistent legal framework on the waste of electrical and electronic equipment. RFID should not be, however, considered as electric or electronic waste itself, but is rather linked to the product it is attached to. Therefore, constant monitoring of the laws is required in order to amend them if necessary in the future. With regard to Health, the impact of RFID on human beings raises some public concerns. However, as for all technologies using radio frequency, the current legal framework to protect citizens from overexposure to electromagnetic radiation applies. In general, in order to secure the future massive development of RFID applications, further studies regarding RFID impact on health and environment and close monitoring should be performed with the help of the industry in order to assess whether the existing respective legal framework need to be adapted.

RFID Governance

If the so-called “Internet of Things” is to be successfully accomplished, RFID Governance structures should be discussed in a broad scope, open for all ideas and requirements, and the processes should remain interoperable and non-discriminatory. This dialogue should include all relevant stakeholders and use international forums such as GRIFS. Institutions such as EPCglobal should be approached proactively and the European Commission should encourage further scientific research in this field.