(This article originally appeared in a 2005 issue of RFIDOperations)
By Ronald E. Quirk Jr., Esq., Venable LLP, Washington,
WASHINGTON—The Federal Trade Commission says laws are already in place to protect consumer privacy and is urging the RFID industry to police itself.
In a recently released report, RFID: Applications and Implications for Consumers, the FTC says it will take a hands-off approach to RFID for now, and encouraged the RFID industry to self-regulate. The day after the report was released, a Senate Republican High Tech Task Force announced it will “protect exciting new technologies,” including RFID, from “premature regulation or legislation in search of a problem.” The Task Force, made up of 14 Republican senators and chaired by John Ensign (R-Nev.), issued a statement assuring the industry that RFID will be free of unnecessary federal regulations.
Industry groups praised the announcement and its platform, which advocates market-based solutions to protect individual privacy. RILA President Sandy Kennedy declared that “the position taken by the Senate task force is completely consistent with our view that RFID holds great potential to benefit the economy and, ultimately, the consumer.” That view was echoed by Jack Grasso, senior director of public relations for the Uniform Code Council, who remarked that the UCC is pleased with the task force’s announcement, and that it “also favors self-regulation and voluntary guidelines for RFID.”
The privacy group CASPIAN took a different view of the task force’s announcement. Its newsletter stated that, while CASPIAN does not advocate tight legislative controls over RFID (it wants labeling legislation only), CASPIAN does not think it’s “appropriate for our elected officials to gush about the technology, calling it ‘exciting.’ ” CASPIAN also stated that elected officials should not identify themselves as “conduits for the technology industry,” and that the task force’s announcement could mean that the possibility of RFID labeling legislation may “go down in flames.”
The FTC heard similar concerns at a June workshop but rejected suggestions by participants that it issue a set of privacy guidelines to manufacturers and retailers using RFID. The agency noted its concerns about privacy in its report and stated that it has the ability to enforce existing deceptive trade practice regulations against entities that misrepresent their privacy and/or data security practices.
The agency did offer some self-regulatory suggestions to the RFID industry, including:
(a) encouraging transparent industry initiatives, e.g., retailers should provide clear and conspicuous notices to consumers if RFID tags are being used and state what information is being collected by the tags;
(b) implementing company-specific measures to protect database security; and
(c) engaging in public education programs about how and why they are using the technology.
The FTC concluded that privacy is strongly linked to database security, and therefore companies using RFID to collect personal information should adhere to existing FTC privacy guidelines on protecting that data. The agency stated that it will continue to monitor the deployment of RFID, and it would not rule out the possibility of issuing RFID-specific regulatory guidelines in the future.