EU Tries to Balance Consumer, Industry Interest in Embedded Chips

LONDON – Forthcoming European Union guidance on embedded microchips and consumer privacy could have serious implications for the automotive industry.

The concerns focus on guidance from the European Commission, the EU’s executive body, circulating since last April requiring all companies that use embedded radio frequency identification (RFID) or Internet-enabled chips to draw up an impact assessment highlighting the potential privacy-related risks of the devices they are using.

The EC initiative is aimed at giving citizens more control over chips that track their movements, and it could give auto consumers a right to disable them.

The EC last September launched a public consultation on the early challenges of the “Internet of Things” – the network of objects able to communicate with one another via Web-enabled chips. This is expected to result in a new official policy from the EC to be released in the year’s second quarter.

“The Commission is still working on the recommendation,” Gerald Santucci, who heads RFID at the European Commission, tells Ward’s. “Industry must be encouraged to innovate in a technology that holds potential economic and social benefits, but at the same time, citizens have the right to an appropriate level of information transparency and protection with respect to privacy and data security.

“We intend to identify the right balance between the obligations for the industry and the level of risk involved.”

In a related initiative, the EC is drafting plans to use logos to indicate the presence of embedded chips in products.

The French government is calling for consumers to have the right to deactivate these chips, which could cause considerable difficulties for operations such as the remote reading of vehicle license plates or tracking the whereabouts of delivery vehicles. France argues that drivers of vehicles with embedded tracking chips have legitimate concerns about privacy during off-duty hours.

Viviane Reding, EU information society commissioner, was planning to issue another EU recommendation in November 2008 that called for the introduction of an opt-in principle at the point of sale of products with embedded chips. In practice, consumers would be asked whether they wanted to deactivate tags when they bought a product.

However, a spokesman from her office tells Ward’s the text and precise legal format of this recommendation is still under discussion, with final adoption scheduled for this spring.

A key problem for industries that produce goods with embedded chips is what happens if users are allowed to deactivate them.

“Currently, it is not possible to deactivate tags,” Bernard Benhamou, an Internet specialist in the French Ministry of Research, says in a meeting in Nice. “When they are deactivated, they are basically killed. We need to ensure that deactivation is not the end of a tag.”

Consequently, the EC is expected to press for the development of a new generation of chips and tags that could be switched on and off intermittently by users.

This option may not sit well with the U.K. government, however, which has been testing license plates embedded with RFID technology since 2005. The country is considering making this a mandatory requirement for all new cars as part of its antiterrorism strategy, despite considerable opposition from civil rights groups.

The BEUC, the European consumer organization, along with the ANEC, the consumer standardization organization, support the opt-in approach but are not happy with merely a recommendation.

“These provisions should not take the form of a recommendation but must be laid down in binding legislation,” says BEUC Director Monique Goyens.

A joint BEUC/ANEC statement calls for the technology to be built in such a way as to ensure easy and safe user control. Users who want to opt out should be able to do so easily and without having to submit endless requests.

The statement points to the potential of mass data storage and the increasing connectivity of databases.

“We fear that in a self-regulatory environment there is not enough pressure on industry and other parties to set themselves high standards. We feel that a mandatory approach would be required.”

A fundamental concern is about knowledge of RFID technology. CompTIA, a global computing technology industry association, warns the Commission there is a dramatic shortage of computing technology specialists who understand the technology.

“RFID skills shortages should be seriously addressed by national and European policy makers,” the group urges.