Public Policy

We develop accepted best practices so that companies can implement RFID technology with full respect for consumer information and privacy.

Privacy Impact Assessement (PIA) Tool

23 Nov 2011: GS1 launches Privacy Impact Assessment (PIA) Tool

• Find out more about the Privacy Impact Assessment (PIA) tool
• Read the press release

18 Apr 2011:  Privacy Impact Assessment (PIA) Framework for RFID applications signed

• Read the full press release
• View a video of the signing ceremony
• Download Privacy and Data Protection Impact Assessment Framework for RFID Applications

What is an RFID Privacy Impact Assessment (PIA)?

An RFID Privacy Impact Assessment helps companies to assess the privacy risks - and identify the measures to be taken to address them - before a new RFID application is introduced onto the market.

When implementing an RFID application within your company, you may be collecting personal information about your customers. It is important to ensure that you protect the privacy of your customers with regards to that data.

Collecting, processing and storing customer’s personal data should be done in accordance with relevant national and local laws and best practices. For European companies, this includes the EU legal framework.

Privacy and Data Protection Impact Assessment (PIA) Framework for RFID Applications 

The Privacy and Data Protection Impact Assessment Framework for RFID Applications was produced by GS1 in collaboration with members of industry, trade associations and academia. The Privacy Impact Assessment (PIA) Framework, which was called for in the European Commission's RFID Recommendation of May 2009, was officially endorsed by the Article 29 Working Party (the body representing the EU National Data Protection Authorities) in February 2011 and by the European Commission in April 2011. The PIA Framework will be used by European industries using RFID applications of all kinds, and industry should start conducting PIAs on their EPC/RFID applications before the end of this year. GS1 EPCglobal is now working on templates to help industry conduct a PIA on its EPC applications.

• Link to Framework through the European Commission Information Society website: http://ec.europa.eu/information_society/policy/rfid/index_en.htm.
• Opinion of the Data Protection Working Party through the EC DG JUST website: http://ec.europa.eu/justice/policies/privacy/workinggroup/wpdocs/2011_en.htm.
• More information about the European Commission endorsement of the PIA framework

Guidelines and Tools

• Guidelines on EPC for consumer products
• Frequently Asked Questions about the guidelines
  
• Frequency Asked Questions on Pharmaceutical Products
• Manufacturer Toolkit
• Retailer Toolkit
• Privacy Impact Assessment Framework

Best Practices

• Occupational Use Best Practices for Complying with Limits on Human Exposure to Electromagnetic Fields (EMF)
• Public Space (General Public) Use Best Practices for Complying with Limits on Human Exposure to Electromagnetic Fields

Fact Sheets

• Electronic Product Code (EPC): An overview  (PDF)
• EPC Benefits for Consumers (PDF)
• Guidelines on EPC for Consumer Products Facts (PDF)
• About EPC in the Healthcare Industry (PDF)
• Frequently Asked Questions (PDF)
• Important Messages About EPC and RFID (PDF)
• 2nd Transatlantic Symposium on the Societal Benefits of RFID, Symposium report