In July, the EU introduced new technical standards (‘Standards’) to assist users of Radio Frequency Identification (‘RFID’) technology to comply with the EU Data Protection regime and the Commission’s 2009 recommendation on RFID. The Standards are the result of a long-term EU project which began with a public consultation in 2006.
When RFID technology is used to gather and distribute personal data, it falls within the EU Data Protection regime. The Standards are being introduced at a critical time, as the use of RFID becomes more widespread, particularly in the health care and banking industries.
The key features of the Standards include:
- The introduction of a new, EU-wide RFID sign which will allow people to identify products that use smart chips
- New Standards for Privacy Impact Assessments (‘PIA’) to help ensure data protection by design
- Guidance on the structure and content of RFID privacy policies
The Standards will be a useful tool for organisations that already use RFID technology, or are looking to do so. In particular, the Standards on PIAs will assist organisations to plan how they will comply with the forthcoming Data Protection Regulation, which requires PIAs to be carried out in various circumstances.