The Legal Side: A Global Perspective on RFID Legislation

By Kenneth A. Adler, Esq.

The international community is taking notice of the continued global expansion of RFID implementation and responding with public policy review. This is particularly prominent in jurisdictions such as the European Union, where the debate continues regarding how and whether RFID implementation can satisfy privacy laws and directives.

On March 9, 2006, the European Union’s Commissioner for Information Society and Media, Viviane Reding, announced the launching of a comprehensive public process to examine issues pertaining to the expanded deployment of RFID technology in Europe and around the world. This EU initiative comes just a few months after the release of a report titled “The Internet of Things” by the International Telecommunications Union (ITU), which addresses international policy implications regarding RFID implementation.

These developments demonstrate that RFID has taken a prominent place in international policy discussions. This article describes these two initiatives and examines their potential implications for both manufacturers and users of RFID technologies.

The European Union’s Initiative

The most recent announcement of the European Union’s decision to launch public debate on RFID issues follows the January 2005 release of the Working Document on Data Protection Issues Related to RFID Technology by an independent European advisory body (http://europa.eu.int/comm/justice_home/fsj/privacy/docs/wpdocs/2005/wp105_en.pdf). This Working Document provides an explanation of RFID technology, its application in a variety of sectors and the applicability of the EU’s data privacy Directive 95/46/EC and the e-privacy Directive 2002/58/EC to RFID uses. As described in Commissioner Reding’s announcement, the objective of the process is to advance the examination of expanded RFID implementation and consider specific RFID-related policies and legislation.

The announced examination of RFID will include the hosting of several public workshops to be held in Brussels from March to June 2006 to address a broad range of RFID-related issues including RFID applications, issues affecting end-users of RFID technologies, standards, and compatibilities of RFID technologies, including its interoperability with other technologies and radio frequency spectrum constraints and requirements. Conclusions that arise from these workshops will be incorporated into another working document on RFID scheduled for publication in the fall of 2006, which will serve as a basis for further discussion and analysis into RFID implementation, culminating in the publication of a formal Commission Communication by the EU to be adopted by the end of 2006.

In her March 2006 announcement, Commissioner Reding stated that “RFID will link everyday objects into an 'Internet of things’ that will greatly enhance economic prosperity and the quality of life. But as with any breakthrough, there is a downside–in this case, the implications of RFID for privacy. This is why we need to build a society-wide consensus on the future of RFID, and the need for credible safeguards. We must harness the technology and create the right opportunities for its use for the wider public good.”

Presently, the EU does not have a common frequency range for UHF (ultra-high frequency) RFID tags. Accordingly, RFID tags operating on UHF do not function across borders of EU member states and the Commissioner has identified standardization of UHF frequencies as a key issue for consideration. In addition, the Commissioner also has identified the need to examine international compatibility of RFID technologies, particularly with respect to the United States and Asia, Europe’s largest trading partners.

Perhaps the most significant aspect about this EU examination of RFID is the prospect of new EU-wide legislation. Any new EU legislation on RFID would likely appear in the form of new or amended EU Directives. An EU Directive is a mutually binding decision by member states made through their respective representatives in the Council of the European Union and the European Parliament. Once issued, a Directive sets forth general rules or regulations regarding its subject matter and a time frame by which member states of the EU are required to implement national legislation that comports with the Directive.

While Directives outline the general objectives of a regulation, member states generally have discretion in determining the form and scope of their own enabling legislation. As such, an EU Directive on RFID could result in a series of national legislations throughout member countries of the European Union, which may contain particular nuances and variances in scope and applicability.

The United Nations’ ITU Initiative

The ITU is a specialized agency of the United Nations that has also been considering the implications of expanded RFID implementation. The ITU’s “Internet of Things” report describes some of the societal changes that developments in information and communication technologies will effect (www.itu.int/dms_pub/itu-s/opb/pol/S-POL-IR.IT-2005-SUM-PDF-E.pdf). The report was released by the ITU at the World Summit on the Information Society (WSIS) in Tunis, Tunisia, in November 2005. WSIS was a significant international event endorsed by resolution of the United Nations General Assembly and attended by high-ranking officials from 175 countries, as well as representatives from the private sector, non-governmental organizations, and civil society.

As described in the executive summary, “the report takes a look at the next step in 'always on’ communications, in which new technologies like RFID and smart computing promise a world of networked and interconnected devices.” The summary examines the impact that RFID and other communication technologies may have on global markets, the developing world, and everyday life. The ITU’s discussions demonstrate the ongoing international attention being paid to RFID.

These developments can lead to significant changes in international RFID-related policies and regulations. Users of RFID technologies with multinational operations and manufacturers seeking to do business in the international arena should pay close attention to international policy and legislative developments pertaining to RFID, as such developments may result in compliance issues that vary across jurisdictions.

Ken Adler is a partner in the New York office of Brown Raysman Millstein Felder & Steiner, where he concentrates on complex transactions, intellectual property, and outsourcing issues relating to emerging technologies, e-commerce, telecommunications, and computer law. Ken can be reached at 212-895-2410 or kadler@brownraysman.com.

Paresh Trivedi, an associate of the firm, assisted in the preparation of this article.