An Analysis of Legal and Technological Privacy Implications of Radio Frequency Identification Technologies

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Organization

Dalhousie University

Published

2005

Summary

Radio Frequency ID tags are poised to replace the UPC barcode as a mechanism for both wholesale and retail inventory control. Yet the tiny chips offer a range of potential uses that go beyond the bar code. What was conceived of as a superior inventory control device has the potential to become a powerful data-matching technology and, ultimately, a technology of surveillance.

Media attention has tended to focus on consumers’ concerns about retail uses of RFID technology, especially the ways in which it can be used to feed the ever-increasing demand for personal information in exchange for goods and services in the ordinary retail marketplace. However, privacy concerns extend far beyond the commercial context. RFIDs have virtually limitless applications and are being considered for use (or are already deployed) in a range of contextsfrom delivering health care, managing library collections and controlling the safety of food supplies, to employee monitoring or government surveillance as a part of national security initiatives.

The authors begin with an exploration of the technology that underlies RFIDs, and an overview of the present use and anticipated deployment of RFID technology. They then examine the privacy implications of the use of RFID technology. Noting that privacy law can either be formative or reactive in addressing the issues raised by new technology, the authors examine various legal initiatives in the U.S. and abroad that attempt to deal with privacy implications of RFID technology, as well as activity by consumer and privacy activists.

Using PIPEDA as a focus, the authors consider the extent to which existing private sector privacy legislation in Canada sets norms that are useful or practical in addressing RFID technology, and identify gaps in the legislation.

While this report focuses on private sector use and deployment of RFID technology, the authors also consider the broader public context. Government adoption or use of RFIDs for government programs will support private sector deployment of these technologies, and may play a role in limiting government response. Further, the potential for personal information to migrate with relative ease from the private sector to government adds a public dimension to private sector developments.

The authors conclude with a set of specific recommendations addressing the need for RFID-specific standards and guidelines; consumer awareness that data collected in the private sector may be sought by government departments and agencies, and may be obtained without their knowledge or consent; mandatory privacy impact assessments by government agencies that would apply to new programs or initiatives employing RFIDs, and legislation or regulations that would require manufacturers and retailers to use RFID tags only on removable hang tags or product packaging.

This document is available in the following language(s):

English only

OPC Funded Project

This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.

Contact Information

Dalhousie University
Halifax, Nova Scotia,
Canada
B3H 4R2

Website: http://www.dal.ca/
Tel: (902) 494-2211

Date modified: