1628 — RFID Technology and Consumer Privacy

Jan 4, 2005 | Conteúdos Em Ingles

The use of RFID (radio frequency identification) Technology, still at a very early stage, in Europe, is expected to grow phenomenally in the coming years. According to Soreon Reserach, in the EU 15 countries, the RFID – Market (2004) for retail trade, will grow six-fold to more than 2.5 bilion € in 2008. Michael Dominy, Analyst at The Yankee Group, stress that the privacy paranoia and anxiety surrounding the use of EPC RFID in the supply chain are overblown and misplaced.

In the article “Privacy Concerns Surround the RFID Plans of Wal-Mart and Other Retailers”, Dominy points that RFID-related laws and regulations must focus on securing and protecting consumer information, not limiting the use of RFID to track inventory in the supply chain. Alone, the Electronic Product Code (EPC) and RFID tags provide no consumer-specific data. RFID tags contain information about the object to which they are attached.

A network of computers called the EPCglobal Network enables authorized supply chain partners to access limited information associated with a specific RFID tag. The data shared is simple supply chain information such as date, time, location and EPC number (a string of numbers composed of the product identification: UPC number and a serial number). Manufacturers and retailers will use the data to improve supply chain management through better inventory management and more cost-effective logistics.

He add that today, consumers willingly provide mountains of personal information to retailers and consumer goods manufacturers in the form of loyalty cards, mail-in prizes, rebates and warranty data. Retailers and manufacturers use some of that information to understand which items to stock and which coupons to send to consumers in specific ZIP codes each week. The retailers and consumer goods manufacturers do this for one reason: to provide the right goods at the right place, the right time and the right price. That is good supply chain management, not an invasion of privacy.

Dominic notes that RFID is about product data and inventory management—the data is not tied to consumers. The only way retailers or manufacturers could link consumers to a product with an RFID tag is if consumers purchase the product using a credit card. The retailer, manufacturer and possibly others would know who bought a specific item, when and where. If consumers pay cash, there is no association unless they use a store loyalty card. However, even without using RFID, manufacturers or retailers that combine credit card and personal information with sales transactions will know exactly what was purchased, where, when and for how much. The point of sale (POS) scanner reads bar codes on every product sold. Today, every retailer can know exactly how many bags of potato chips an individual shopper purchases if the retailer associates POS data with credit card or loyalty card data—without using RFID.

The privacy guidelines and laws should focus on keeping customer data secure—with specific rules defining how and when manufacturers and retailers may tie together customer data and the product. For example, it would make sense to link certain consumer and warranty data. This information can even be stored on the RFID tag provided the tag is encrypted, sensitive data is omitted and the consumer can choose to omit personal information from the tag. An additional or alternative level of protection would involve enabling the consumer to “kill” or remove the RFID tag altogether.

Dominy ends his article, saying that the best solution to the privacy issue is to mandate the option for consumers to easily remove all RFID tags at the item level and enact laws to define the measures companies must take to secure consumer information that resides within enterprise systems.

Source: The Yankee Group


Em Foco – Empresa