On December 20, 2007, the European Data Protection Supervisor (EDPS) issued an opinion in response to European Commission Communication COM (2007) 96 on Radio Frequency Identification (RFID) adopted on March 15, 2007. First, the EDPS stresses the significant impact of RFID technology on our society and its potential risks to privacy and data protection. It insists that the focus must be on the whole RFID system and not on RFID tags only. Second, it states that the current data protection framework applies to RFID if personal data is processed. The EDPS, however, recommends adding a new regulation to the current legal framework. This regulation could be a mix of regulatory tools. For example, the EDPS favors the use of self-regulatory mechanisms and close cooperation with the RFID Expert Group. If this combination (current legal framework and self-regulatory mechanisms) fails, the EDPS recommends the adoption of additional, sector-specific legislation regulating RFID technology. Regardless of the solution chosen, the EDPS calls for an opt-in principle “at the point of sale”, whereby the individual would consent to the RFID device remaining activated past the cashier.

The Opinion is available at:  http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2007/07-1220_RFID_EN.pdf