Consumer privacy and RFID

Representatives from P&G, EPCglobal, and electronics group EPIC assembled for a lively panel discussion on the knotty issue of privacy concerns for RFID.

One of several well-attended sessions at last month’s RFID Journal Live! conference was a panel discussion on the complexities of consumer privacy and RFID.

One of the songs playing in the background at the conference was Hall & Oats’ “Private Eyes (Are Watching You).” That song seemed ironically coincidental, if not prophetic, when hours later a discussion entitled RFID: The importance of privacy drew a large and attentive audience.

The panel discussion comprised Elizabeth Board, executive director, EPC public policy steering committee, EPCglobal Inc.; Sandy Hughes, Procter & Gamble’s global privacy executive; and Cedric Laurant, policy counsel, Electronic Privacy Information Center (EPIC). Strong views flavored the opinions on both sides of the fence, whether current guidelines were viewed as appropriately protective or as naively lax.

Against the general backdrop of ongoing developments and news regarding terrorism, invasion of privacy, and identity theft, it seems RFID has a bit of a public relations battle to wage, especially with proactive consumer groups like EPIC.

EPCglobal’s view

Speaking first, EPCglobal’s Board emphasized that there would be “no hidden tag, and that Generation 2 technology offers tag deactivation capability.” She also pointed to EPC guidelines for a visual graphic indicating that the packaging contains an RFID tag. She believes that there might be a technological solution beyond just throwing the tag or package away, but that it must also be cost-effective. She also emphasized that “supply chain efficiency is not worth losing consumer trust.”

Board pointed out that privacy guidelines would be useless without consistent global standards.

“Now is the time to pay attention and get privacy right,” Board emphasized. “Think about the strategic effects, not just the law.” She also said that EPC data is about products, not people.

P&G’s perspective

P&G’s Hughes spoke next, noting that at Wal-Mart stores involved in the RFID rollout in Texas, information sheets were provided on store shelves to explain the program. She pointed out that the mandated EPCglobal logo required for containers with RFID technology was a “minimum” notice. She also noted that during the Project Jumpstart RFID pilot for pharmaceuticals, a bright orange label reminded the pharmacists to remove the tag before providing the prescription to consumers. She said that Metro supermarkets RFID test in Germany also included shelf signage about the program.

In a survey conducted in 2004, consumers in general had not heard of RFID—only 28% had, Hughes said. In a more recent survey, 40% of those surveyed had heard of RFID, she added. Also, 77% of consumers indicated that they had general concerns about invasion of privacy.

Hughes said that P&G has no plans to track marketing data from RFID at the case or pallet level, much less even discussing the possibility at the item level.

P&G operates a Web site that provides further details on the company’s privacy policies at www.pg.com/privacy.

There, you can read the following summary:

“Based on this research and our own core mission that ‘the consumer is boss,’ we support the application of the following privacy principles for item-level EPC:

1. Clear and accurate notice should be provided wherever EPC is being used, and consumers should be informed as to whether products they are buying contain EPC tags.

2. Consumers should have a choice as to whether EPC tags in the products they buy are permanently disabled or discarded, without incurring cost or penalty.

3. Consumers should have a choice as to whether personally identifiable information about themselves is electronically linked to the EPC number on products they buy.”

Also, by Googling the keywords P&G privacy RFID, you can find a link to this P&G Web site that includes updated details on the company’s RFID rollout. For example, information showed that, since May 2004, P&G’s Pantene, Bounty, and Always brands have been tagged at the case and pallet level for distribution at 163 stores in Dallas, TX.

EPIC’s stance

Laurant warmed things with his observations primarily aimed at EPCglobal. His concern is mismanagement of RFID data, such as if the data were incorrect or out of date. EPIC is specifically opposed to having an individual tracked after the purchase of a product with an RFID tag—Personally Identifiable Information (PII) tied to an individual tag.

Laurant says that EPIC prefers that the RFID tag be disabled at checkout. Yet, he said, “it’s not the RFID tag itself that causes [us] concern, it’s that EPCglobal doesn’t have the power to enforce its guidelines to its members,” said Laurant. In sum, he said, “I have a problem with EPCglobal’s policy.”

Amidst the diverse opinions that ranged from conspiracy theory paranoia to a why-worry approach, it was pointed out that those retailers involved with RFID rollouts—Wal-Mart, METRO, Marks & Spencer—were not getting calls on their toll-free lines for consumers who had questions about the technology.

In any event, the debate will continue.

Companies in this article
More in Coding, printing & labeling