Privacy implications of RFID: An assessment of threats and opportunites

  • Marc van Lieshout
  • Linda Kool
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 262)


European citizens consider Radio Frequency Identification (RFID) to be the most intrusive technology of the past two decades. Safeguarding privacy requires specific action that needs attention of all parties involved. European citizens consider legal instruments to offer insufficient guarantees for safeguarding privacy. ‘Privacy by design’ offers interesting opportunities to build in privacy guarantees in the technology, not as an end-of-pipe solution but as an integral design parameter. Notwithstanding the commercial focus on RFID in logistic processes and — eventually — in the retail sector, the first grand scale uses of RFID will be in public domain applications. These application domains are perfect ‘niches’ to stimulate a ‘privacy by design’ approach, both to academic researchers and application engineers.


Personal Data Working Party Radio Frequency Identification Electronic Product Code Informational Privacy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    See Scholar
  2. 2.
    ITU 2005. The Internet of things. Geneva: ITU.Google Scholar
  3. 3.
    Whitaker, R. 1999 The End of Privacy — how total surveillance is becoming a reality. New York: The New Press.Google Scholar
  4. 4.
    Warren, S.& Brandeis, 1890. The Right to Privacy. Harvard Law Review, 15 December 1890.Google Scholar
  5. 5.
    OECD. 2006a. Radio-frequency identification (RFID): Drivers, challenges and public policy considerations. Report DSTI/ICCP(2005)19/FINAL, published on 27 February 2006.Google Scholar
  6. 6.
    Article 29 Working Party on Data Protection. 2005a. Working document on data protection issues related to RFID technology. 10107/05/EN, 19 January 2005.Google Scholar
  7. 7.
    Article 29 Working Party on Data Protection. 2005b. Results of the Public Consultation on Article 29 Working Document 105 on Data Protection Issues Related to RFID Technology, 1670/05/EN, 28 September 2005.Google Scholar
  8. 8.
    For illegal immigrants see; for using RFID in soldiers, see Scholar
  9. 9.
    Capgemini. 2005. RFID and Consumers — What European consumers think about radio frequency identifications and the implications for businesses. Capgemini reportGoogle Scholar
  10. 10.
    Heuvel, E.van den, Nagel, K. Hof, C.van ‘t, Schermer, B 2007.RFID-bewustzijn van consumenten: hoe denken Nederlanders over Radio Frequency Identification?. (‘RFID awareness of consumers: how do Dutch people think about RFID?’) http://www. Scholar
  11. 11.
    Spiekermann, S., Ziekow, H. 2006. ‘A systematic analysis of privacy threats and a 7-point plan to address them’. Journal of Information System Security, vol. 1, no. 3.Google Scholar
  12. 12.
    Juels, A., Rivest, R. and Szydlo, M. 2003. The blocker tag: selective blocking of RFID tags for consumer privacy. CCS’03, October 2003, Washington.Google Scholar
  13. 13.
    See for a description of the Japanese pilot, see students_halted.php for a description of the objections in a USA pilot and children.html for an overview of pilots and objections.Google Scholar
  14. 14.
    Lieshout, M. van, Grossi, L., Spinelli, G., Helmus, S., Kool, L., Pennings, L., Stap, R., Veugen, T., Waaij, B. van der, Borean, C. 2006. RFID Technologies: Emerging Issues, Challenges and Policy Options. Sevilla: IPTS, EN22770. publications/pub.cfm?id= 1476Google Scholar
  15. 15.
    OECD Guidelines for the protection of privacy and transborder flows of personal data. See http://www.oecd.Org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00. htmlGoogle Scholar
  16. 16.
    EPC global, 2005. Guidelines on EPC for Consumer Products. Revised Sep. 2005 Scholar
  17. 17.
    Centre for Democracy and Technology. 2006. Privacy Best Practices for Deployment of RFID Technology — Interim draft, May 2006.Google Scholar
  18. 18.
    European Commission. 2006c. The RFID Revolution: Your voice on the Challenges, Opportunities and Threats, Online Public Consultation. 16 Oct. 2006.Google Scholar
  19. 19.
    Floerkemeier, C., Schneider, R., Langheinrich, M. 2005. ‚Scanning with a purpose — Supporting the Fair Information Principles in RFID Protocols’. Lecture Notes in Computer Science, Vol. 3598, pp. 214–231.CrossRefGoogle Scholar
  20. 20.
    Rieback, M.R., Crispo, B. Tanenbaum, A.S. 2005. ‘RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management’. Lecture Notes in Computer Science, vol. 3574. pp. 184–194.CrossRefMATHGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Marc van Lieshout
    • 1
  • Linda Kool
    • 1
  1. 1.TNO Information and Communication TechnologiesDelftThe Netherlands

Personalised recommendations