New EU Guidelines on RFID Technology to Address Data Protection Concerns
Time 2 Minute Read
Categories: Behavioral Advertising, European Union, International

On April 6, 2011, the European Commission (“the Commission”) signed a voluntary agreement with private and public stakeholders to establish data protection guidelines for companies that use radio frequency identification device (“RFID”) technology within Europe.

The agreement, entitled “Privacy and Data Protection Impact Assessment Framework for RFID Applications” (the “Framework”) requires companies to conduct privacy impact assessments for all RFID applications they implement and to take measures to address identified data protection risks before those applications are deployed in the market.  Reports of the completed privacy impact assessments must be made available to the national data protection authorities.  The Framework, which was designed in close cooperation with the European Network and Information Security Agency after consultation with the Article 29 Working Party, provides the first clear, comprehensive methodology that can be applied across all industry sectors to assess and mitigate RFID-related privacy risks.  It is intended both to assure companies that their use of RFID technology is compatible with European data protection legislation, and to enhance privacy protections for European citizens and consumers.

In the future, privacy impact assessments also may become a useful tool for assessing privacy risks associated with other technologies.  During the signing ceremony, Neelie Kroes, Vice President of the European Commission for Digital Agenda, said that this Framework for RFID applications would constitute “an interesting model that could be used for other similar situations or areas, such as smart metering and online behavioural advertising.”

Tags: Article 29 Working Party, Consumer Protection, Data Protection Authority, ENISA, European Commission, Legislation
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators

As reported on the Hunton Employment & Labor Perspectives blog, SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
Guardrails for Legal AI: What California’s SB 574 Would Require of Attorneys and Arbitrators
By and

SB 574 is a California bill that would set specific duties for attorneys who use generative artificial intelligence and would restrict how arbitrators may use such tools in decision-making. It would amend provisions in the Business and Professions Code and the Code of Civil Procedure to address confidentiality, accuracy, bias, and citation verification for attorneys, and to prohibit delegation of arbitral decision-making to AI while adding disclosure and responsibility requirements for arbitrators.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page