Home European Union Signs Internet of Things Privacy Framework

European Union Signs Internet of Things Privacy Framework

The executive body of the European Union signed an agreement today titled Privacy and Data Protection Impact Assessment (PIA) Framework for RFID Applications (PDF), intended to safeguard consumer privacy and offer assurances to citizens that RFID [Radio Frequency Identification] and connected devices are safe for industry to develop. The agreement creates a four-step process for assessment of new tracking applications, basically requiring that risks, mitigation strategies and remaining costs in terms of privacy all be articulated explicitly whenever a new system that tracks a previously unconnected object or device is brought to market.

ReadWriteWeb has covered developments in the Internet of Things space for several years, in the belief that sensors and connected devices will join the tidal wave of data produced by online social networks to create a large pool of information resources available for development of new software, services and analysis. Perhaps even more than with social networks, however, tracking of objects and devices will require serious consideration of user, consumer and citizen privacy.

Europe has far more stringent data privacy laws than the United States when it comes to Personally Identifiable Information online, so it’s not a surprise to see the EU leading the conversation regarding privacy and the Internet of Things.

“In certain respects, Europe has led the way in RFID adoption,” writes Mary Catherine O’Connor at RFIDJournal today.

“The technology is used by postal systems, transportation agencies, libraries and, increasingly, retailers across the European Union. And this strong adoption rate has been matched by coordinated efforts to ensure that the use of RFID does not erode Europeans’ personal privacy, or the protection of personally identifiable information.

“According to the European Commission, an estimated 2.8 billion RFID tags are expected to be sold this year–a third of those in Europe.”

The Framework document says there’s a big difference between tracking applications that do or do not contain Personally Identifiable Information. “The PIA process is designed to help RFID Application Operators uncover the privacy risks associated with an RFID Application, assess their likelihood, and document the steps taken to address those risks. These impacts (if any) could vary significantly, depending on the presence or lack of personal information processing by the RFID Application.”

Below: IBM’s explanation of the Internet of Things

Harriet Pearson, Chief Privacy Officer at IBM (a big Internet of Things participant), articulated well the tension between technology innovation and privacy in January.

See also: How 50 Billion Connected Devices Could Transform Brand Marketing & Everyday Life

“Getting data privacy ‘right’ is an economic and social imperative. Trust and confidence in the security and privacy of the critical systems of our planet – especially the digital version of its central nervous system, the Internet – is foundational to individuals’ continued engagement and reliance on such things as online commerce, e-health and smart grids. If individual consumers don’t feel that their privacy and security are protected, they will not support modernization efforts, even though the capabilities of technology advancements are proven and the potential benefits to society are extensive.

“Here’s an example of the tensions we face: The ability of smart grids to conserve resources relies on the ability of, and commitment from, consumers to monitor and modify their individual usage. An individual using a smart meter understands the difference in the cost of using electricity at peak versus non-peak hours and could opt to lower their usage during more costly time periods. At the same time, data from the meters can reveal sensitive information such as work habits, shower schedules, use of medical devices such as dialysis, and whether or not a house is occupied.”

“I don’t worry that the technology will have a negative impact on consumer privacy,” wrote Mark Roberti, founder of RFID Journal in a June overview of the state of the RFID market where privacy is concerned. “Instead, I worry that ignorant legislators trying to score points with uninformed voters will pass laws that limit the many benefits RFID can deliver–and that is a much bigger threat to consumers.”

Today’s agreement in Europe appears not to be the kind of legislation Roberti feared. As a framework focused on self-reporting it may be too little, ultimately, but it’s a start.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.