According to Article 211 of the Treaty establishing the European Community (TEC), the Commission can formulate recommendations to ensure the proper functioning of the common market (internal market).
Radio frequency identification (RFID) marks a new development in the information society where objects equipped with microelectronics that can process data automatically will increasingly become an integral part of every day life.
RFID is progressively becoming more common, and hence a part of individuals’ lives in a variety of domains such as logistics, healthcare, public transport, the retail trade, in particular for improved product safety and faster product recalls, entertainment, work, road toll management, luggage management, and travel documents.
RFID technology has the potential to become a new motor for growth and jobs and thus make a powerful contribution to the Lisbon Strategy, as it holds great promise in economic terms, where it can bring about new business opportunities, cost reduction and increased efficiency, in particular in tackling counterfeiting and in managing e-waste, hazardous materials, and the recycling of products at their end of life.
RFID technology enables the processing of data, including personal data. It raises questions about the monitoring of individuals and the protection of personal data.
This is the background for Commission Recommendation 2009/387/EC of 12 May 2009 on the implementation of privacy and data protection principles in applications supported by radio- frequency identification, published in the Official Journal of the European Union (OJEU) 16.5.2009 L 122/47.
Points 1 and 2 of Recommendation 2009/387/EC set out the scope:
1. This Recommendation provides guidance to Member States on the design and operation of RFID applications in a lawful, ethical and socially and politically acceptable way, respecting the right to privacy and ensuring protection of personal data.
2. This Recommendation provides guidance on measures to be taken for the deployment of RFID applications to ensure that national legislation implementing Directives 95/46/EC, 1999/5/EC and 2002/58/EC is, where applicable, respected when such applications are deployed.
The member states are supposed to make the recommendation known to stakeholders and to report back in two years time. Within three years from now, the Commission will issue a report on implementation.