The Internet of Things (IoT) has been gaining a lot of traction in recent years and is expected to continue to grow in the future. One of the key technologies that enables the IoT is radio-frequency identification (RFID). RFID technology employs radio waves to transmit information between a tag and a reader, making it possible to track and monitor the movement of goods and people, even capable of doing so in real-time.
In 2008, protesters gathered in Manhattan, New York to protests against RFID use in clothing and shoes at a conference organised under “RFID in Fashion” which included REEBOK, JOCKEY, LEVI- STRAUSS etc in the past.
In 2003, Dr. Katherine Albrecht, a Harvard educated privacy activist and author of book, ‘SPYCHIPS’ successfully protested and forced Italian clothing manufacturer BENETTON to withdraw plans to sew RFID labels into women garments. She vehemently protests against item level tracking using RFID. In her book, SPYCHIPS, Albrecht makes compelling arguments about future use of RFID technology and how it can invade individuals’ privacy, seeping into homes via consumer items.
Data Protection and Privacy:
In terms of data protection and privacy, RFID technology raises some concerns as it can be used to track and monitor the movement of individuals without their knowledge.
RFID technology cannot be easily switched off or logged off like other technologies, which can raise concerns about privacy and unauthorized access. One of the main concerns is that RFID tags can be read remotely, without the knowledge or consent of the individual or organization being tracked. This can make it difficult for individuals or organizations to control who has access to their information and how it is used.
Additionally, RFID technology can be vulnerable to hacking and other forms of unauthorized access, which can compromise the security of sensitive data. For example, an unauthorized person with the right equipment could potentially read the information stored on an RFID tag from a distance, or even alter the information stored on the tag.
RFID tags, particularly passive RFID tags, have limited memory and processing capabilities, which can make it difficult to implement encryption. Passive RFID tags rely on the energy from the reader to power the tag and communicate with the reader, which limits the amount of data that can be stored and processed on the tag.
How businesses can address Data protection and privacy concerns regarding RFID use?
To address these concerns, companies can implement strict data protection policies and encryption to ensure that sensitive data is kept secure and also limit access control to ensure that only authorized individuals have access to sensitive data.
Additionally, RFID tags can be designed to be disposable or deactivated once they are no longer needed.
There are also some security protocols, such as the Advanced Encryption Standard (AES) and the Elliptic Curve Digital Signature Algorithm (ECDSA) that can be used to secure the communication between RFID readers and tags with limited data writing capabilities.
It's also important to consider the laws and regulations related to data protection and privacy.
Most countries have laws and regulations related to data protection and privacy, such as the General Data Protection Regulation (GDPR) in the European Union, which provide guidelines and requirements for how companies should handle personal data. Companies using RFID technology should ensure that they are in compliance with these laws and regulations.
RFID technology has the potential to greatly improve business operations by providing real-time tracking and monitoring, increasing visibility and traceability, and improving security and access control but businesses need to address customers’ data privacy and security concerns at earliest to make any real progress in this regard.