SIST-TP CEN/TR 16673:2014

SLOVENSKI STANDARD
01-september-2014
Informacijska tehnologija - Ocenjevanje vpliva RFID na zasebnost za določene
sektorje
Information technology - RFID privacy impact assessment analysis for specific sectors
Informationstechik - Verfahren zur Datenschutzfolgenabschätzung (PIA) von RFID für
spezifische Sektoren
Technologie de l’information - Évaluation de l’impact sur la vie privée de la RFID pour
des secteurs spécifiques
Ta slovenski standard je istoveten z: CEN/TR 16673:2014
ICS:
35.040.50 Tehnike za samodejno Automatic identification and
razpoznavanje in zajem data capture techniques
podatkov
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL REPORT
CEN/TR 16673
RAPPORT TECHNIQUE
TECHNISCHER BERICHT
June 2014
ICS 35.240.60
English Version
Information technology - RFID privacy impact assessment
analysis for specific sectors
Technologies de l'information - Évaluation d'impact sur la Informationstechnik - Verfahren zur
vie privée des applications RFID dans des secteurs Datenschutzfolgenabschätzung (PIA) von RFID für
spécifiques spezifische Sektoren

This Technical Report was approved by CEN on 20 January 2014. It has been drawn up by the Technical Committee CEN/TC 225.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 16673:2014 E
worldwide for CEN national Members.

Contents Page
Foreword .4
Introduction .5
1 Scope .6
2 Terms and definitions .6
3 Symbols and abbreviations .8
4 Brief description of an RFID system .9
4.1 Infrastructure of an RFID system .9
4.2 Components of an RFID system .9
4.2.1 Transponder/Tag.9
4.2.2 RFID reader or writer . 10
4.2.3 Backend system. 10
4.3 Characteristics of RFID technology compared to other data capture techniques . 10
5 Privacy concept in RFID-based applications . 11
5.1 Interaction between data protection, data security and privacy . 11
5.2 Data protection . 12
5.3 Data security . 13
5.4 Privacy . 13
5.5 General privacy risks . 13
5.6 Challenges for a privacy concept in context with RFID. 14
5.7 Need for transparency . 15
6 Library sector overview . 15
6.1 Aspects of the library sector . 15
6.2 RFID technology overview . 16
6.3 Applications and parties involved . 17
6.4 Privacy considerations . 18
6.4.1 Privacy of possession . 18
6.4.2 Privacy of personal data in the central system . 18
6.4.3 The impact of NFC-enabled phones . 19
6.5 Prospects for PIA templates . 19
7 Retail sector overview . 20
7.1 Aspects of the retail sector . 20
7.2 RFID Technology Overview . 21
7.3 Applications and parties involved . 21
7.3.1 General . 21
7.3.2 Use of RFID in retail logistics . 21
7.3.3 The role of the solution provider . 22
7.3.4 Impact of RFID technology for the consumer . 22
7.4 Privacy considerations . 23
7.5 Technological prospects for privacy enhancements. 25
8 Transport sector overview . 25
8.1 Aspects of the transport sector . 25
8.2 RFID Technology Overview . 25
8.3 Applications and parties involved . 26
8.3.1 General . 26
8.3.2 Types of tickets, features and characteristics . 26
8.3.3 Characteristics of automatic fare calculation. 27
8.3.4 Sales channels and their impact on the products . 27
8.4 Privacy considerations . 29
8.5 Other applications not covered in detail . 29
8.5.1 General . 29
8.5.2 Toll roads and fee collection using RFID . 29
8.5.3 Event management using RFID . 30
9 Banking and financial services sector overview . 30
9.1 Aspects of the finance sector . 30
9.2 RFID Technology Overview . 31
9.2.1 General . 31
9.2.2 Contactless payment cards . 32
9.2.3 NFC based payment by mobile phones . 32
9.2.4 Micro-tags or stick-on-tags . 32
9.3 Applications and parties involved . 32
9.4 Privacy considerations . 32
9.4.1 General . 32
9.4.2 Security of contactless payment cards . 33
9.4.3 Organisations . 33
9.4.4 Impact of privacy in the banking and finance sector . 34
9.4.5 Vulnerabilities . 34
9.4.6 Transparency, consumer information, commercial confidentiality and security . 35
9.4.7 Implications for the PIA . 35
10 Conclusion and recommendations . 36
10.1 Diversity of RFID based applications . 36
10.2 Benefits of and recommendation for sector or application specific templates . 36
10.3 Recommendation for a general approach to PIA . 37
Bibliography . 38

Foreword
This document (CEN/TR 16673:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC
Technologies”, the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This Technical Report is one of a series of related deliverables, which comprise mandate 436 Phase 2. The
other deliverables are:
— EN 16570, Information technology — Notification of RFID — The information sign and additional
information to be provided by operators of RFID application systems
— EN 16571, Information technology — RFID privacy impact assessment process
— EN 16656, Information technology - Radio frequency identification for item management - RFID Emblem
(ISO/IEC 29160:2012, modified)
— CEN/TR 16684, Information technology — Notification of RFID — Additional information to be provided
by operators
— CEN/TS 16685, Information technology — Notification of RFID — The information sign to be displayed in
areas where RFID interrogators are deployed
— CEN/TR 16669, Information technology — Device interface to support ISO/IEC 18000-3 Mode 1
— CEN/TR 16670, Information technology — RFID threat and vulnerability analysis
— CEN/TR 16671, Information technology — Authorisation of mobile phones when used as RFID
interrogators
— CEN/TR 16672, Information technology — Privacy capability features of current RFID technologies
— CEN/TR 16674, Information technology — Analysis of privacy impact assessment methodologies relevant
to RFID
Introduction
In response to the growing deployment of RFID systems in Europe, the European Commission published in
2007 the Communication COM(2007) 96 ‘RFID in Europe: steps towards a policy framework’. This
Communication proposed steps which needed to be taken for a wider take up of RFID whilst respecting the
basic legal framework safeguarding fundamental values such as health, environment, data protection, privacy
and security.
In December 2008, the European Commission addressed Mandate M/436 to CEN, CENELEC and ETSI in the
field of ICT as applied to RFID systems. The Mandate M/436 was accepted by the ESOs in the first months of
2009. The Mandate addresses the data protection, privacy and information aspects of RFID, and is being
executed in two phases. Phase 1, completed in May 2011, identified the work needed to produce a complete
framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Report TR 187
020, which was published in May 2011.
Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase.
This Technical Report is one of eleven deliverables for M/436 Phase 2. Its focus is on four major sectors that
have a number of implementations of RFID that currently impact European society. Using these as detailed
case studies will assist in addressing the development of the standard on the Privacy Impact Assessment. For
the purpose of this work, the definitions of "RFID Operator" and "RFID Application" will be those provided in
the EC RFID Recommendation of 2009-05-12.
1 Scope
The scope of this Technical Report is to use the RFID PIA Framework as the basis for exploring issues with
four major sectors involved with RFID:
— libraries;
— retail;
— e-Ticketing, toll roads, fee collection, events management;
— banking and financial services.
After specific sector research and consolidation of the results of industry workshops and seminars that take
place in several EU Member States, this Technical Report will identify the characteristics that need to be taken
into consideration by operators of RFID systems in the example sectors. In addition it will provide advice to
operators in the sector on significant variants both in terms of technology and application data. This will enable
the appropriate risk factors to be taken into account.
Based on the synthesis of the applications in the chosen sectors, this Technical Report will also identify a set
of factors relevant to specific RFID technologies and features that will need to be taken into account in
preparing a Privacy and Data Protection Impact Assessment for many RFID applications.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
NOTE Definitions are derived from EU Recommendation C(2009) 3200 final, EU Directive 95/46/EC, ISO/IEC 19762
(all parts)
2.1
data controller
controller
natural or legal person, public authority, agency or any other body which alone or jointly with others
determines the purposes and means of the processing of personal data; where the purposes and means of
processing are determined by national or Community laws or regulations, the controller or the specific criteria
for his nomination may be designated by national or Community law
2.2
data subject's consent
any freely given specific and informed indication of his wishes by which the data subject signifies his
agreement to personal data relating to him being processed
2.3
identified or identifiable person
person who can be identified, directly or indirectly, in particular by reference to an identification number or to
one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
2.4
individual
natural person who interacts with or is otherwise involved with one or more components of an RFID
application (e.g., back-end system, communications infrastructure, RFID tag), but who does not operate an
RFID application or exercise one of its functions. In this respect, an individual is different from a user. An
individual may not be directly involved with the functionality of the RFID application, but rather, for example,
may merely possess an item that has an RFID tag
2.5
information security
preservation of the confidentiality, integrity and availability of information
2.6
monitoring
any activity carried out for the purpose of detecting, observing, copying or recording the location, movement,
activities or state of an individual
2.7
personal data
any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is
one who can be identified, directly or indirectly, in particular by reference to an identification number or to one
or more factors specific to his physical, physiological, mental, economic, cultural or social identity
2.8
processing of personal data
any operation or set of operations which is performed upon personal data, whether or not by automatic data
means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation,
use, disclosure by transmission, dissemination or otherwise making available, alignment or combination,
blocking, erasure or destruction
2.9
data processor
processor
natural or legal person, public authority, agency or any other body which processes personal data on behalf of
the controller
2.10
recipient
natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third
party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be
regarded as recipients
2.11
radio frequency identification
RFlD
use of electromagnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum
to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the
identity of a radio frequency tag or other data stored on it
2.12
RFID application
application that processes data through the use of tags and readers, and which is supported by a back-end
system and a networked communication infrastructure
2.13
RFID application operator
RFID operator
natural or legal person, public authority, agency, or any other body, which, alone or jointly with others,
determines the purposes and means of operating an application, including controllers of personal data using
an RFID application
2.14
RFID reader or writer
Reader
fixed or mobile data capture and identification device using a radio frequency electromagnetic wave or
reactive field coupling to stimulate and effect a modulated data response from a tag or group of tags
Note 1 to entry: The term interrogator is often used in the context of RFID item management applications, and the
term 'Proximity coupling device' and ' Vicinity coupling device' in the context of card applications. They perform the same
functions for any given air interface protocol.
2.15
RFID tag
RF tag
Tag
RFID device having the ability to produce a radio signal or a RFID device which re-couples, back- scatters or
reflects (depending on the type of device) and modulates a carrier signal received from a reader or writer
Note 1 to entry: The most accurate term is technically "transponder". The most common and preferred term is ‘tag’ or
‘RFID tag’ in the context of RFID item management applications and 'Proximity integrated circuit card' or 'Vicinity
integrated circuit card' in the context of card applications.
2.16
third party
any natural or legal person, public authority, agency or any other body other than the data subject, the
controller, the processor and the persons who, under the direct authority of the controller or the processor, are
authorised to process the data
2.17
threat
physical, hardware, or software mechanism with the potential to adversely impact an asset through
unauthorised access, destruction, disclosure, modification of data and / or denial of service
2.18
vulnerability
weakness of an asset or group of assets that can be exploited by one or more threats
3 Symbols and abbreviations
AFI Application Family Identifier
CICO Check-In-Check-Out
CSC Card Security Code
CVC Card Verification Code
CVV Card Verification Value
DPA
Data Protection Authority
EPC Electronic Product Code
ERP Enterprise Resource Planning
FMCG Fast Moving Consumer Goods
EMV Europay International, MasterCard, Visa
GDPR General Data Protection Regulation
GS1
Global Standards One
HF High Frequency (3-30 MHz)
IFMS Interoperable Fare Management Systems
IOPTA InterOperable Public Transport Applications for smart cards
ISIL International Standard Identifier for Libraries and Related Organisations
IT Information Technology
LF Low Frequency
LMS
Library Management System
NEC National Entitlement Card
NFC Near Field Communication
PCI Payment Card Industry
PIA Privacy Impact Assessment
PIN Personal Identification Number
POS
Point of Sale
RF Radio Frequency
RFID Radio Frequency Identification
UHF Ultra High Frequency (300 MHz – 3 GHz)
UII Unique Item Identifier
4 Brief description of an RFID system
4.1 Infrastructure of an RFID system
RFID technology allows for the contactless transmission of data via electromagnetic fields and/or radio waves.
An RFID infrastructure contains at least one RFID tag, an RFID reader or writer) and an IT backend system. In
order to enable the exchange of data between the transponder and the reader, communication standards
define the necessary features for the air interfaces, which have to be supported by both, transponder and
reader.
4.2 Components of an RFID system
4.2.1 Transponder/Tag
The transponder or tag has a tiny computer chip which contains radio processing, data storage and data
processing capabilities. This chip is attached to an antenna to create a tag. This is incorporated into a
particular form factor, e. g. integrated into a self-adhesive label or into a contactless card. The information that
can be stored on the tag depends on the memory and influences the speed of the data capture process. The
tag generally contains a code, which points to information stored in a data base.
Depending on the application, the choice between different characteristics of tags can be made:
— Energy supply: The energy supply is not directly correlated to the communication modes. Passive tags
reflect, backscatter or use the load modulation of an incoming wave from the reader in order to
communicate. Active tags have their own transmitter on board to send information or answer to a reader's
commands. With today's technology, the link budget requires the use of a battery for the active tags
whereas for passive tags, the incoming wave can be used to supply the tag's chip with energy.
Nevertheless, even for passive tags, batteries can be used to supply the tag's chip or peripherals like
sensors. In that case, we speak of Battery Assisted Passive tags which communicate with the readers
through backscattering or load modulation of an incident wave but use the battery to supply energy to the
chip and/or embedded sensors.
— The form factor of a tag depends on the purpose of its use and the environment it is used in. Tags can be
attached to or integrated into a product, and therefore appear in multiple variations. Examples of tags
include, but are not limited to: hard-tags, woven- in tags, glass capsule tags, foil tags, smart labels,
personal identification cards (e. g. access cards or library cards), transport cards, contactless payment
cards.
— The frequency at which a tag operates is defined by its antenna and the chip design. The choice for Low
Frequency (LF), High Frequency (HF) or Ultra High Frequency (UHF) depends on the application and the
environment the tags are used in.
— The reading distance depends e.g. on the frequency used, the energy consumption and the
environmental circumstances in which the tag is used. Thus, the read range varies from few centimetres
up to several meters. The purpose of the use of an RFID application determines the read range to choose
(e. g. large distance reading for inventory, short distance reading for contactless cards).
— The chip memory varies from a few bits to several hundred Kbytes, Furthermore, the distinction can be
made between read only tags (information on tag stored by tag producer), write-once-read-multiple, write-
and-read-multiple (reusable) tags. Contactless cards and active tags might be equipped with a
microprocessor that supports the management of data files in a flexible way.
4.2.2 RFID reader or writer
Depending on the application, an RFID reader or writer activates, reads or writes information from or on a tag.
It sends or receives the information to or from the tag via its antenna and processes the data on to a backend
system. The reader can add information such as time of reading or its own ID to the data read from the tag
and transfers it to the software in the backend system. Readers can capture data from several tags in very
short time (bulk reading) when these get into its operation field.
The purpose of use of the RFID application defines the type of readers that might be used:
— Mobile readers such as handhelds (e. g. used for inventory in shops, warehouses, hospitals)
— Semi-mobile readers such as on forklifts (e. g. used in large warehouse management systems)
— Fixed readers such as gates or tunnel readers (e. g. used in goods entry or exit area of a warehouse,
transit points within a warehouse, access points in public transport systems, access to buildings)
For certain applications additional security features are part of the reader. Secure readers are used e. g. for
contactless payment cards or NFC applications. They are equipped with a protected key and data storage and
security functions in order to support secure communication with contactless smartcards, the back office
system and the key management system.
4.2.3 Backend system
The information captured from an RFID tag is transferred to and stored in the backend system. It is in the
backend system where the linking of the identification number from the tag and the corresponding information
is done. The information can only be processed where access is provided for the user of the system, ideally in
combination with automated systems of authorisation and authentication.
Additionally, the backend system can also provide functions for card- or key management systems as an
additional or required security feature of the specific application. This could be relevant in applications using
contactless cards, e. g. payment cards or multi-application cards for public institutions or transport systems.
4.3 Characteristics of RFID technology compared to other data capture techniques
Where other data capture technology requires optical (1- or 2-dimensional barcodes) or physical contact
(magnetic stripe) between data carrier and reader, RFID-based applications do not need this. Additionally, the
possibility of reading several data carriers sequentially in a very short time with the long distance read range
of one reader accelerates data capture processes considerably.
While adding or changing information on optical or physical contact data carriers would require the
reproduction of the carrier, tags provide for the possibility of changing or adding information on the same data
carrier. In return, this requires managing access authorisations as content on the data carrier should only be
changed when wanted respectively intended by the involved parties. Data, and where applicable additional
functionalities, on the tag can support improving quality of products and services for both, application operator
and consumer.
Examples of improvements through RFID technology include, but are not exhaustive:
— improved accuracy and traceability;
— improved processes in terms of speed and quality;
— reliable and automated quality control features of an object or service;
— reliable and automated anti-counterfeiting and antitheft mechanisms;
— reduction of out-of-stock situations;
— improvement services and processes with regard to speed and quality.
5 Privacy concept in RFID-based applications
5.1 Interaction between data protection, data security and privacy
The characteristics of an RFID-based application as described in 4.3 can be appreciated as benefits for the
parties involved. Due to the nature of RFID not needing visual or physical contact between reader and data
carrier, the technology is sometimes looked at sceptical and perceived as a threat to data protection and
privacy. This results from the reading process, which is not necessarily noticed by an individual.
It is the more important to provide for transparency and ensure the safeguarding of privacy. In order to
understand how privacy of the individual can be provided for, it is important to look at three aspects, the
interaction of which leads to an effective privacy concept.
NOTE Transparency is to be understood in the sense Cf clauses 7 and 8 of Recommendation C(2009) 3200 final.
In order to safeguard the privacy rights of an individual, the three aspects: data protection, data security and
privacy shall be taken into consideration when setting up a RFID-based application.
Figure 1 — Relationship of data protection, data security and privacy
Data protection comprises all processing of data such as collection of data, accuracy of data and use of data.
Most importantly, it is addressed by legal requirement for compliance as set out in Directive 95/46/EC.
Security of data is additionally protected by the implementation of security procedures for protection computer
systems, using procedures defined e.g. in the ISO/IEC 270xx series. There is no legal requirement to
implement such system, but some breaches of computer security can be the direct cause of infringement of
data protection. While privacy is the individual's right to determine the use of any information about him, from
an RFID perspective this presents a challenge between data protection, data security and privacy: some of
the privacy risks can occur beyond the boundary of a legitimate RFID application, which does place some but
not the entire responsibility on the RFID operator. With the ongoing development and spreading of RFID
technology into a wider range of use there will be a need to address review of current legislation with regard to
illicit use of RFID technology by individuals.
5.2 Data protection
Current legislation and probably the upcoming General Data Protection Regulation (GDPR) deal with aspects
of data protection and data security. Legislators intended to cover as many areas as possible in the area of
processing of personal data and thus tried to be as generic as possible. They emphasise the importance of
adequate security measures, both on technological as well as on organizational level. These need to be
implemented wherever personal data is processed. Adequate security measures (either technologically or
organizationally) have to be implemented.
The current understanding of the upcoming GDPR is that it will take up the contents of the data protection
Directive 95/46/EC: the data controller is responsible for the quality and security of the data he holds. He shall
provide for protection of personal data against accidental or unlawful destruction or accidental loss, alteration,
unauthorized disclosure or access and unintended and unlawful forms of processing. This becomes even
more relevant where the processing of data also involves transmission of data to third parties via a network.
Any measures taken to provide for data protection should be appropriate with regard to the technology used,
the cost and effort for implementation and the risks emerging from data processing with a given technology at
given cost and probable risks.
The General Data Protection Regulation takes up the existing regulation from Directive 95/46/EC, which holds
the data processor as liable as the data controller.
This part of the privacy concept refers to how (personal) data is collected and then dealt with in an
organization's database, independent of the means of collection, i. e. manual or automatic data capture.
5.3 Data security
Data security is referred to as the protection of data from unauthorised - accidental or intentional -
modification, destruction, loss or disclosure. In the context of this TR, data security is primarily concerned with
the implementation of security risk assessment and implementation techniques that organizations adopt as a
means of protecting their computer systems from external and internal threats. The objective is focussed on
protecting the assets of the organization, but in doing so this does provide the protection of data from
unauthorized - accidental or intentional - modification, destruction, loss or disclosure.
Various methodologies are used to assess, and therefore keep under control, the security risks to an
organization. The internationally recognised reference is the ISO/IEC 270xx series of standards, although
other organizations have prepared useful references.
5.4 Privacy
There are many privacy definitions available. The most used is the definition of Westin: “the claim of
individuals (.) to determine for themselves when, how and to what extent information about them is
communicated to others” and as a means “(.) for achieving individual goals of self-realisation.” This also
includes the right to determine whether and to whom personal information is to be revealed.
Privacy therefore can also be referred to as the individual's right on (informational) self-determination. One
substantial aspect of this is the transparency to the individual about the use of data, including the purpose and
the persons using the data. This includes the explicit consent of the individual to the processing of his data.
Furthermore, the General Data Protection Regulation strengthens the individual's rights by requiring e. g. the
reporting of privacy breaches to the individual, the individual's access to his own data and the possibility to
control the data quality, the transferability of his data or the individual's "right to be forgotten", i. e. the deleting
of data at the wish of the data subject.
5.5 General privacy risks
The more personal information about an individual that is available, the greater is the risk of harm to an
individual's privacy. Such harm can go from gathering data without having explicit consent of the data subject
about his behaviour to provide him with customised offers up to identity theft by malicious persons, who
appropriate and use personal data in order to pretend being the individual they stole the personal information
from and use this for fraud and other illegal activities.
Figure 2 shows the different areas where privacy issues might arise.

Westin A.F., Privacy and Freedom, New York 1967 p. 39
Figure 2 — Incidence of privacy issues
Figure 2 contains four columns. The first concerns applications and related devices on which data and
possibly personal data are stored, from which they can be collected and/or processed. Examples of such
devices could be smart cards, mobile phones, tablet computers, RFID-tagged items such as clothing and
more. This is where breaches in the privacy sphere might take place for the first time in the chain of
processing data. The second column relates to the infrastructure through which personal data are and
distributed via public and private networks, including of course the Internet. Within this infrastructure, it
becomes possible to follow the related personal data of persons. This may have been the original intention to
facilitate data processing, but might also be subject to privacy breaches when used without the consent of the
data subject. The third column represents the interdependencies between different organizations. Data
processing is undertaken by many different types of organizations, for example private and public sector,
utilities, health, voluntary. At the same time, the data processing is undertaken by many different applications
such as risk analysis, logistics, insurance, law enforcement, transaction processing etc. The interrelationships
between such organizations might, if not well controlled and protected, bring about uncontrolled distribution of
personal data and profiling. The fourth column makes visible the potential of data leakage arising from the
activities of others through, for example, click streams, other web bugs, multiple storage of the same data in
different databases and use of 3rd party infrastructure services.
5.6 Challenges for a privacy concept in context with RFID
RFID technology provides a lot of benefits to its users (see 4.3), independent of the business they deal with or
the role they have within a supply chain, a functional entity or other. But its characteristic of reading without
needing any physical or visual contact between reader and the data carrier may cause concerns with regard
to the unnoticed reading process and its possible abuse, such as e. g. unauthorised interference with the
normal process of reading.
Therefore, the pursuance of data protection and data security are crucial elements to provide for privacy within
the organization operating RFID-based applications. Additionally, the fact that an RFID tag as data carrier
might also be read beyond the boundaries of an organization, needs attention. An RFID operator should
consider at least:
— What kind of objects are tagged?
— What kind of data is on the tag?
— To what extent is the tagged object exposed in a public environment?
— Is there an impact from the data on the tag on privacy related issues?
— If so what harm could the information cause if used by unauthorised persons?
These considerations are made on a very general basis and are thus relevant for any kind of RFID application
and its operators. The detailed analysis of these question though depends on the application, the parties
involved and the industry or sector the technology is used in. This TR analyses four, sectors and its specific
characteristics. In the following subclauses the TR shows the necessity of different templates, depending on
various aspects of each sector.
5.7 Need for transparency
The nature of risks arising from RFID applications is not fully understandable by the individual. Therefore
transparency and extensive information of consumers is necessary to achieve acceptance for RFID
technology. Consumers shall be put into a position to at least get a basic knowledge of the technology
integrated or attached to the items or objects they buy. It is then up to the consumer to decide for or against a
tag on or in the item.
The Recommendation 2009/387/EC requires for transparency by applying a common European sign to
indicate that an RFID tag is present on or in the item. An additional valuable information for the consumer is
the knowledge of where the tag is placed. With regard to different categories of tagged items, the placement
probably provides the solution with regard to privacy aspects:
— Where the tag is in the packaging of an item, it is very likely that the tag is removed with the item
packaging.
— Tags may also be attached to the item itself. When the tag is easily removable, the individual can decide
whether or not he wants to remove the tag.
— Tags may be included into an item. Depending on the functionality of the tag, the consumer needs to
decide whether he wants the tag to be disabled or not. This may be wanted when the tag is not part of the
item function itself. However, deactivation would be counterproductive where the RFID tag is the core
element of the tagged item (e. g. smart transport cards).
6 Library sector overview
6.1 Aspects of the library sector
The library sector was an early adopter of RFID, with pre-implementation discussions in the 1980s. The first
implementations were in Singapore (September 1998) and Rockefeller University in New York (February
1999). An earlier implementation at a Canadian University in 1991 is also cited. Since then, the number of
library implementations around the world has increased at a steady rate.
There is some uncertainty about the number of libraries using RFID technology, depending on the metrics
used for counting. One measure uses a library authority, and another metric is the number of individual
locations.
Thus, estimations vary from around 2500 to 5000 library sites world-wide, which use RFID
...