Advertisement

Identification and Tracking of Individuals and Social Networks using the Electronic Product Code on RFID Tags

  • Markus Hansen
  • Sebastian Meissner
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 262)

Abstract

Recent studies claim that RFID transponders containing only an Electronic Product Code (EPC) do not carry person-related data. This paper describes how to use EPCs on RFID transponders to identify individuals and track their consumer habits and locations. In addition, it is shown how these mechanisms can be used to identify social networks. An overview of the relevant legal aspects is given; in particular the article elaborates under what circumstances EPC item level tagging entails the processing of personal data, thus resulting in the applicability of data protection legislation.

Keywords

Personal Data Biometric Identification Electronic Product Code Consumer Habit Privacy Invasion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    ARTICLE 29 Data Protection Working Party: WP 105 — Working document on data protection issues related to RFID technology, 19 January 2005, http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2005/wp105_en.pdfGoogle Scholar
  2. 2.
    ARTICLE 29 Data Protection Working Party: WP 136 — Opinion 4/2007 on the concept of personal data, 20 June 2007, http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/ 2007Avpl36_en.pdfGoogle Scholar
  3. 3.
    Judgement of the European Court of Justice C-101/2001of 6.11.2003 (Lindqvist).Google Scholar
  4. 4.
    EPCglobal: EPCglobal Architecture Framework Final Version, 2005, http://www.epcglobalinc.org/standards/Final-epcglobal-arch-20050701.pdf.Google Scholar
  5. 5.
    EPCglobal: Electronic Product Code Information Service Frequently Asked Questions, 2007, http://www.epcglobalinc.org/standards/FINAL-EPCIS_FAQ042707.pdf.Google Scholar
  6. 6.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, 1995, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri= CELEX:31995L0046:EN:NOT.Google Scholar
  7. 7.
    Benjamin Fabian, Markus Hansen: Technische Grundlagen des Ubiquitous Computing, in: ULD, HU Berlin: TAUCIS — Technikfolgenabschätzung Ubiquitäres Computing und Informationelle Selbstbestimmung, Studie im Auftrag des BMBF, 2006, https://www. datenschutzzentrum.de/taucis/ita_taucis.pdf.Google Scholar
  8. 8.
    Eleni Kosta, Michael Vanfleteren: Data Protection legislation, in: FIDIS — Future of Identity in the Information Society Deliverable 7.7: RFID, Profiling, and AmI, 2006, http://fidis.net/fileadmin/fidis/deliverables/fidis-wp7-del7.7.RFID_Profiling_AMI.pdf.Google Scholar
  9. 9.
    Bernd Holznagel, Mareike Bonnekoh: Rechtliche Dimensionen der Radiofrequenz-Identifikation, Untersuchung im Auftrag des Informationsforums RFID, 2006, http://www.info-rfid.de/downloads/rfid_rechtsgutachten.pdf.Google Scholar
  10. 10.
    Andreas Pfitzmann: Biometrics — how to put to use and how not at all?, Talk at ISC 2005, 2005, http://dud.inf.tu-dresden.de/literatur/Duesseldorf2005.10.27Biometrics.pdf.Google Scholar
  11. 11.
    EPCglobal Public Policy Steering Committee: Frequently Asked Questions on Guidelines on EPC for Consumer Products, no date given, http://www.epcglobalinc.org/public/ppsc_faq/.Google Scholar
  12. 12.
    EPCglobal Public Policy Steering Committee: Fact Sheet Electronic Product Code — An Overview, no date given, http://www.epcglobalinc.org/public/ppsc_factsheets/epc_overview.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Markus Hansen
    • 1
  • Sebastian Meissner
    • 1
  1. 1.Independent Centre for Privacy ProtectionSchleswig-HolsteinGermany

Personalised recommendations