Today the European Commission, European data protection and information security authorities, NGOs and industry groups signed the Privacy and Data Protection Impact Assesment Framework for RFID Applications, which establishes a self-regulatory mechanism for ensuring data protection in the field of RFID (Radio Frequency Identification).  RFID technology – so called “smart tags” – can be found in a growing number of products.  When a RFID tag is brought near a “reader” the tag is activated and data is exchanged, raising potential privacy risks.

Under the agreement, companies will conduct an assessment of privacy risks and take measures to address any risks identified in the assesment before a new RFID application is introduced on the market.  The agreement includes detailed procedures for this process that should enable the delivery of RFID applications in compliance with the Data Protection Directive (95/46/EC) and the e-Privacy Directive (2002/58/EC).

The Commission called on industry in 2009 to develop a RFID impact assesment framework that would meet the requirements of the Article 29 Working Party, comprising EU Member State data protection authorities and the European Data Protection Supervisor.  The agreement signed today is the culmination of those efforts.

“This is truly a historic moment, and I want to thank our industry and civil society partners,” said Digital Agenda Commissioner Neelie Kroes.  “It is obvious that technology evolves faster than legislation.  The various parties gathered today have recognized this and decided that this … Framework was the most effective and efficient way to protect the privacy of European citizens without stifling innovation when using RFID applications.”