How Privacy Could Affect the
Future Roll-Out of RFIDs:
Take Note
Ann Cavoukian, Ph.D.
Information & Privacy Commissioner/Ontario
www.ipc.on.ca
Symposium on Supply Chain Management
September 30, 2004
Just What is an RFID?
Radio Frequency Identification (RFID)
Generic term for technologies that use
radio waves to automatically identify
individual items
www.ipc.on.ca
Slide 2
RFIDs and Supply Chain
Management
 Products are embedded with an RFID tag, which
includes a microchip and tiny radio antenna
 The microchip may contain data about the product,
including a unique identifier called an Electronic
Product Code (EPC)
 Cases and pallets of products may also include their
own RFID tags
www.ipc.on.ca
Slide 3
RFID Readers
RFID readers at various points in the supply
chain (e.g., factory loading docks) “wake up”
the tags, which transmit the EPC and other
data to the readers at a short distance (passive
RFIDs)
www.ipc.on.ca
Slide 4
Benefits of RFIDs
RFID technology offers benefits for supply
chain management:
• More efficient management and tracking of
goods and inventory
• Reduced labour costs (e.g., no manual
scanning of individual items is required)
www.ipc.on.ca
Slide 5
EPCglobal
Non-profit organization that is leading
the development of industry standards
for the Electronic Product Code (EPC),
including the use of RFID technology
Public Policy Steering Committee is
responsible for setting privacy standards
www.ipc.on.ca
Slide 6
Privacy and RFIDs
RFID tags contain information about a
product, not an individual (e.g., EPC, price,
size, colour, manufacture date, etc.)
But many consumers perceive a threat to
privacy
www.ipc.on.ca
Slide 7
Consumer Perceptions
Consumers perceive that RFIDs may
facilitate:
• The merger and linking of product information
and personal information without consent
• The ability to track consumers who have
purchased a product
• The establishment of a widespread surveillance
infrastructure
www.ipc.on.ca
Slide 8
Implementing RFIDs
A failure to build privacy into the design
and implementation of RFIDs can
produce a consumer backlash
This can have an adverse impact on a
company’s reputation and affect the
bottom line
www.ipc.on.ca
Slide 9
Consumer Backlash
How real is this?
Could privacy truly affect the roll-out of
RFIDs?
www.ipc.on.ca
Slide 10
Benetton
Italian clothier Benetton sparked a furor
after it announced plans to implant RFID
tags in its apparel (April 2003)
Public opposition forced the company to
cancel its plans
www.ipc.on.ca
Slide 11
Gillette:
Keeping “Tags” on Customers
 Privacy groups threatened a consumer boycott
after the media reported that Gillette was testing
a “smart shelf” at a Tesco store in the U.K.,
possibly for theft detection purposes (July 2003)
 RFID tags embedded in Gillette razor packages
triggered CCTV cameras that took a picture of a
customer both when he or she removed a package
from the shelf and at the check-out
www.ipc.on.ca
Slide 12
Metro AG
 Metro AG, a German company, announced plans to
start using RFID chips in supermarket loyalty cards
in one store
 The purpose of this initiative was supposedly to
allow the store to verify the age of shoppers wanting
to view DVD movie trailers
 Metro AG abandoned its plans after protests from
privacy groups (March 2004)
www.ipc.on.ca
Slide 13
Checkpoint:
Tracking Individual Items
 Checkpoint Systems Inc. announced earlier this
month that it has developed new RFID solutions for
tracking individual consumer items
 CASPIAN, a U.S.-based consumer rights group,
claimed that:
• Checkpoint was developing RFID “spychips” for three
well-known clothing labels
• Consumers wearing the tagged clothing could potentially
be identified and tracked by readers
www.ipc.on.ca
Slide 14
Get Ready for a Good Fight
 Checkpoint senior executive: “These RFID
applications are prototype designs to demonstrate
how the technology will fulfill a customer’s need for
greater information and stock availability …”
 CASPIAN: “[We] will be working with consumers
on an aggressive response to this privacy threat. Roll
up your sleeves and get ready for a good fight.”
www.ipc.on.ca
Slide 15
Information Privacy Defined
 Information Privacy/Data Protection
•
Freedom of choice; control;
informational self-determination
•
Personal control over the collection, use
and disclosure of any recorded
information about an identifiable
individual
www.ipc.on.ca
Slide 16
Fair Information Practices:
A Brief History
OECD Guidelines on the Protection of Privacy
and Transborder Flows of Personal Data
EU Directive on Data Protection
CSA Model Code for the Protection of
Personal Information
Personal Information Protection and
Electronic Documents Act (Canada)
www.ipc.on.ca
Slide 17
Summary of
Fair Information Practices
Accountability
Identifying Purposes
Consent
Limiting Collection
Limiting Use,
Disclosure, Retention
Accuracy
www.ipc.on.ca
Safeguards
Openness
Individual Access
Challenging
Compliance
Slide 18
Federal Private-Sector Privacy
Legislation
 Personal Information Protection and Electronic
Documents Act (PIPEDA)
 Applies to personal information collected,
used or disclosed in the course of commercial
activities by all:
• federally regulated organizations and
• provincially regulated organizations, unless a
substantially similar provincial privacy law is in
force
www.ipc.on.ca
Slide 19
Provincial Private-Sector Privacy
Laws
Québec: Act respecting the protection of
personal information in the private sector
B.C.: Personal Information Protection Act
Alberta: Personal Information Protection Act
Ontario: draft Privacy of Personal Information
Act, 2002 – not introduced…so PIPEDA applies
www.ipc.on.ca
Slide 20
How The Public Divides on Privacy
Privacy
Unconcerned
10
64
Feb 2003
(%)
26
0
20
40
60
The “Privacy Dynamic” - Battle
for the minds of the pragmatists
www.ipc.on.ca
Privacy
Pragmatists
Privacy
Fundamentalists
80
Dr. Alan Westin
Slide 21
Importance of Consumer Trust
 In the post-9/11 world:
• Consumers either as concerned or more concerned about
online privacy
• Concerns focused on the business use of personal
information, not new government surveillance powers
 If consumers have confidence in a company’s privacy
practices, they are more likely to:
• Increase volume of business with company…….... 91%
• Increase frequency of business……………….…...90%
• Stop doing business with company if PI misused…83%
Harris/Westin Poll, Nov. 2001 & Feb. 2002
www.ipc.on.ca
Slide 22
Damage Caused by Privacy
Breaches
 The Information Security Forum reported that
a company’s privacy breaches can cause major
damage to brand and reputation:
• 25% of companies surveyed experienced some
adverse publicity due to privacy
• 1 in 10 had experienced civil litigation, lost
business or broken contracts
• Robust privacy policies and staff training were
viewed as keys to avoiding privacy problems
The Information Security Forum, July 7, 2004
www.ipc.on.ca
Slide 23
Building Privacy Safeguards into
RFIDs
 RFIDs will continue to produce a consumer backlash
unless both RFID manufacturers and business users
adopt privacy safeguards
 Privacy is not a concern at most stages of the supply
chain (e.g., tracking items in a warehouse)
 However, privacy concerns are triggered at the point
when a consumer comes into contact with a product
with an RFID tag
www.ipc.on.ca
Slide 24
The Privacy Solution
RFID tags should be de-activated at the
point of sale
De-activation should be the default
Customers should be able to choose to
have an RFID tag re-activated
www.ipc.on.ca
Slide 25
Openness and Transparency
Businesses should be open and
transparent with consumers about the use
of RFID tags and readers
If RFIDs are embedded in a product that
makes its way to the retail shelf, proper
notice should be provided to consumers
www.ipc.on.ca
Slide 26
Notice
Notice must be conspicuous to the consumer
and explain what an RFID is in plain language
(not technical language)
It must explain where RFIDs are being used
and for what purposes
Proper notice could be in the form of signs,
labels, brochures, etc.
www.ipc.on.ca
Slide 27
Choice
 Potential reasons for RFID tag re-activation:
• Facilitating product returns and warranty
servicing
• Facilitating recovery of lost or stolen products
to consumer
• Enabling interaction with “smart” appliances
 Consumers should have the choice to have an
RFID tag re-activated without cost
www.ipc.on.ca
Slide 28
Use Limitation
Personal information must not be used
for purposes other than those for which it
was collected, except with the consent of
the individual or as required by law
www.ipc.on.ca
Slide 29
Consent
A business must not merge or link a consumer’s
personal information with RFID information about a
specific purchased product, without that individual’s
knowledge and consent
 Consent must be voluntary and informed, which
means that the individual understands the nature and
consequences of providing or withholding consent
www.ipc.on.ca
Slide 30
Challenging Compliance
A business should have a clear process in
place for resolving privacy complaints from
its customers about RFIDs
A business’s chief privacy officer (CPO) and
other privacy compliance staff must be key
players in the design and launch of any RFID
initiative
www.ipc.on.ca
Slide 31
Staff Education and Training
Both managers and frontline employees must
be provided with privacy training that includes
information about RFIDs
They must be trained to provide clear, honest
and informed answers to customers who have
privacy concerns about the tracking potential
of RFID tags
www.ipc.on.ca
Slide 32
To Find out More …
 The Information and Privacy Commissioner of
Ontario has published two RFID papers:
• Tag, You’re It: Privacy Implications of Radio Frequency
Identification (RFID) Technology (February 2004)
www.ipc.on.ca/docs/rfid.pdf
• Guidelines for Using RFID Tags in Ontario Public
Libraries (June 2004)
www.ipc.on.ca/docs/rfid-lib.pdf
www.ipc.on.ca
Slide 33
Final Thought
“Anyone today who thinks the
privacy issue has peaked is
greatly mistaken…we are in the
early stages of a sweeping
change in attitudes that will
fuel political battles and put
once-routine business practices
under the microscope.”
Forrester Research, March 5, 2001
www.ipc.on.ca
Slide 34
How to Contact Us
Commissioner Ann Cavoukian
Information & Privacy
Commissioner/Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario M4W 1A8
www.ipc.on.ca
Phone:
Web:
E-mail:
(416) 326-3333
www.ipc.on.ca
commissioner@ipc.on.ca