Use of Radio ID Tags Faces Limits What Signals Are Your Clothes Sending?

In late February, the European Commission issued privacy protection proposals to establish a code of conduct for companies using RFID technology, fueling a debate among privacy advocates who seek more openness and trade groups of manufacturers and retailers who want practical guidelines that will allow the developing technology to flourish.

The guidelines will be open to public comment and debate through late April. They will stop short of becoming part of actual legislation, instead offering direction to members of the European Union for developing privacy protections.

The chips, whose use dates back to radar experiments during World War II by the Germans and the British - are gaining wider acceptance among manufacturers, the transport industry and the retail trade, according to Chad Eschinger, a research director at Gartner, an information technology research company based in Stamford, Connecticut. He forecast $1.28 billion in global revenues for RFID technology in 2008, a 31 percent increase from the year before, and revenue of $3.5 billion in 2012.

Against that backdrop, regulators in Brussels are proposing a new standard that would require stores to deactivate chips at the check-out counter unless customers specifically chose to keep the tags functioning.

Privacy advocates have hailed what is known as the opt-in principle as a pioneering step by European regulators to establish clear privacy protections in connection with the technology. In February, lawmakers in the U.S. state of Washington also sought to carve out a privacy bill of rights, passing legislation in the state’s House of Representatives to make it a felony for businesses to keep personal information gathered from RFID chips without consent from customers.

“For us, consumers have to be protected,” said Emilie Berrau, a legal officer for the BEUC, the European Consumers Organization in Brussels. “They haven’t asked for the technology, so why should they have the burden of protecting themselves?”

But some trade groups, and Metro, say they are concerned that strict guidelines will prevent retailers from adopting the technology.

EPCglobal, an international trade group formed in 2003 to pursue a common set of RFID standards, supports privacy protections, said Marisa Jimenez, public policy director for the group, based in Brussels. But the group opposes the approach being recommended.

“How can you make an assumption that consumers will want their tags deactivated at the point of sales?” she said. “How can we justify that? So far we haven’t heard from consumers with day-to-day concerns. There is a distance there. This technology is developing very quickly. And if there is an opt-in approach, that will probably deter many retailers from adopting the technology.”

Retailers have tended to use the chips for logistical purposes like tracking deliveries, but companies are starting to get more inventive. A British uniform supplier, Trutex, said it was developing clothing with chips to track schoolchildren, in part because of surveys that showed parents were favorable to the idea.

McDonald’s has been testing an RFID ordering system in Seoul on special tables equipped with touch-pad menus and fitted with readers that allow customers to link their mobile phones and order hamburgers. The tab goes on the mobile.

When the Metro Group opened its state-of-the-chip menswear department in September, it adopted the favored industry approach - leaving it to customers to request to deactivate the tags on their purchases. The chips are now contained in a larger hanging paper tag that can easily be cut off by cashiers or customers. But in the future the chips could be housed within the garment, making it less visible.

Metro, headquartered in Düsseldorf, has placed posters and brochures in the store and each tag hanging on a garment contains a notice about the chips.

“If we have to deactivate at the check-out, then the technology is going to stay within the logistics process - to say where is a box or where is the pallet in the distribution center,” said Antonia Voerste, a spokeswoman. “It won’t come on consumer items. They’re going to kill the technology with that.”

But even without that prodding, companies are looking for ways to demonstrate their respect for privacy standards. European authorities started financing a €1.2 million, or $1.8 million, pilot project in the summer to create a trans-European “privacy seal of approval” that could be marked on products that meet independent evaluations of privacy standards and could be applied to products using RFID chips. Called the EuroPriSe Project, the program has already accepted 20 companies seeking the seal, according to the project manager, Kirsten Bock. The Independent Center for Privacy Protection in the German state of Schleswig-Holstein is coordinating the project with partners in eight other countries, taking on the lead role because the center had already developed its own regional privacy seal. Bock said it was clear there was a demand for the logos - something akin to popular seals certifying organic products or fair-trade items. The new EuroPriSe program, she said, has had to turn away more than 80 companies during its test phase. And even Schleswig-Holstein, with its regional privacy seal, managed to attract a giant from across the Atlantic seeking a seal for its software, Bock said. At a ceremony last year in Berlin, Schleswig-Holstein officials awarded the privacy seal to Microsoft for its Update 6.0 and Windows Services 2.0.