- Advice Summaries
- Case Notes
- Codes of Conduct
- Compliance Notes
- Fact Sheets
Media Release: World's Privacy Regulators call for privacy friendly RFID tags
"Radio-frequency identification (RFID) tags have great potential. They can help companies greatly improve the way they manage the supply of their products and so save consumers a lot of money. But they also have equal potential to invade personal privacy if deployed wrongly." The Australian Privacy Commissioner, Malcolm Crompton, made these remarks when he released the last of five resolutions adopted by the world's data protection and privacy commissioners after their 2003 conference.
The resolution calls for all the basic principles of privacy law to be adopted when designing, implementing and using RFID technology. In summary, the resolution says that:
- RFID tags should only be linked to personal information or used to profile customers if there is no other way of achieving the goal sought;
- individuals should be fully informed if personal information is collected using RFID tags;
- personal information collected using RFID tags should only be used for the specific purpose for which it is first collected and destroyed after that purpose is achieved, and;
- individuals should be able to delete information, or disable or destroy any RFID tag that they have in their possession.
"Designers and users of RFID tags risk alienating customers if they do not take these privacy principles seriously. If they ignore them, implementation of RFID tags could be stopped in its tracks. Both business and consumers would be the losers," said Mr Crompton.
The first four resolutions were adopted in Sydney during the 2003 International Conference of Data Protection and Privacy Commissioners which was hosted by the Federal, NSW and Victorian Privacy Commissioners. The fifth resolution was recently adopted as a result of follow up work by Commissioners. The other resolutions adopted by the Conference include:
- a call for improved communication of data protection and privacy information practices;
- a call for the transfer of passenger's data internationally to be undertaken within a recognised data protection framework;
- a call to international organisations to observe and recognise privacy principles ; and
- a call to software companies to ensure processes for automatic software updates are transparent and that alternative update options are available.