Wednesday, April 13, 2011

"What You Should Know About the EU's New 'Internet of Things' Privacy Framework"

In this entry on the Glen Gilmore and Social Media blog, Gilmore describes “the Internet of Things” as

a predicted, transformative moment in time when nearly all “things” in the physical world will be interconnected, wirelessly, with communication capabilities linking the physical and virtual worlds for a variety of cooperative applications

Much of the linking and cooperation will be facilitated by RFID smart tags, over which the European Union (EU) “has expressed grave concerns about the privacy implications of an unregulated internet and unchecked technology.” Gilmore provides an outline of the “EU’s 2009 Internet of Things: 14-point Strategic Action Plan” and links to the EU’s 24-page Privacy and Data Protection Impact Assessment Framework for RFID Applications and a two-page press release describing the voluntary agreement between the EU, industry, and privacy protection groups.

Specifically, the framework establishes “guidelines for all companies in Europe to address the data protection implications of smart tags (Radio Frequency Identification Devices – RFID) prior to placing them on the market.”

Gilmore’s critique of the framework is to the point, but perhaps a bit understated.

Despite the fanfare of many signatures, the framework is voluntary, with no express auditing mechanisms, though record-keeping procedures are outlined, and no defined penalties for non-compliance.

Coincidentally, the announcement of the EU’s voluntary framework came within one week of the release of a report by Carnegie Mellon University showing “lagging compliance” with U.S. industry self-regulation in online behavioral advertising.


[T]he framework gives private stakeholders the green light to continue full-steam ahead with their already massive investment in RFID technologies and the “internet of things” it heralds. [Emphasis and link in original]

I take it that Gilmore thinks the voluntary agreement is unacceptably weak and that the United States, “ever lagging behind the EU’s privacy initiatives,” is even worse.

Thanks to Francis Harvey for bringing this to my attention.

Ken Pimple, PAIT Project Director

No comments: