State and federal lawmakers are waking up to concerns that the use of radio frequency identification tags in stores might intrude on consumer privacy.
Lawmakers have introduced bills in the Utah and Missouri legislatures that would require retailers to clearly label products containing the devices. The California Senate late last month approved a similar bill in a 22-8 vote, and action is pending in the legislature’s lower chamber. In the northeast, Sen. Jarrett Barrios (D., Mass.), plans to introduce soon an RFID bill requiring labels and consumer opt-in. Exactly how this would work hasn’t yet been decided.
Sen. John McCain, (R., Ariz.), who is chairman of the powerful Senate commerce, science and transportation committee, told WWD he would consider holding RFID privacy hearings to weigh the potential need for federal legislation. Threats to privacy are “always a concern with new technology,” he said.
In March, Sen. Patrick Leahy of Vermont, the top Democrat in the chamber’s judiciary committee, with oversight of privacy issues, called for RFID hearings during a speech he gave about surveillance at the Georgetown University Law Center in Washington.
The Federal Trade Commission is also showing interest and has scheduled a July 21 public workshop to “address the privacy and security concerns associated with RFID use, particularly on an item-level basis,” as the workshop announcement put it. The FTC, which last year started a do-not-call list to curb telemarketing, also has the authority to regulate RFID’s use.
Privacy activists are concerned that the widespread use of RFID in general, not just in apparel, could one day allow citizens to be identified, tracked, or monitored by corporations, governments, police, or anyone with an RFID reader. Of particular concern to privacy advocates such as the American Civil Liberties Union and the Electronic Frontier Foundation is the potential for RFID to be used in identity documents, such as passports, and the buildup of a network of readers, such as the ones already in place to handle commuter E-ZPasses at some toll bridges and roads.
However, the potential for abuse of RFID at retail is limited by certain practical considerations. Currently, product tags don’t contain customer information or identities; they contain only a manufacturer ID number and a serial number, which the retailer must match to a database stored elsewhere that tells it what the product is and who supplied it. The tags currently used at retail cannot be read at distances of more than 10 feet, and they cannot be read through metal or liquid.
Nonetheless, the use of RFID in stores is controversial, and privacy advocates have convinced at least one retailer to scale back its plans. Metro AG, the German retail group, introduced the chips on customer loyalty cards in its Future Store in Rheinberg, Germany, last year. The retailer recently removed the chips in response to pressure from a German privacy group called FoeBud, which organized protests against Metro in February and outside an RFID conference earlier this month.
The only purpose of the chip was to keep age-inappropriate DVDs out of the hands of children, according to a Metro spokesman. The information stored on the chip was the customer number, which was also printed on the card, he added.
Last year, a U.S. consumer privacy group called CASPIAN called for a boycott of Benetton for using RFID. A Benetton spokesman said the company had merely tested the technology and has no plans to use it anytime soon because the RFID tags are still too costly.
So far there have apparently been no objections to the use of RFID by Prada in its New York City Epicenter store, where wireless tags on clothing trigger videos and show additional product information on touch screens to customers in the dressing rooms. The tags are removed at purchase and reused with updated information, said a spokeswoman.
Wal-Mart has aroused controversy and drawn the attention of Leahy and Barrio for a test it conducted on the shelf last fall, but the issue appears to be something of a red herring. Critics charged the company was using RFID and cameras to observe customers, but supplier Procter & Gamble Co. says it was not. The cameras were positioned to photograph shelves, so the manufacturer could see whether the lipstick count on the shelf matched that picked up by an RFID reader. A Wal-Mart spokesman said a sign at the Broken Arrow, Okla., store notified consumers there was a test in progress.
Earlier this month the retailer began testing the use of RFID to track selected goods in its Sanger, Tex., distribution center and the stockrooms and back hallways of seven stores in the Dallas area. In a press release announcing the pilot, the retailer’s chief information officer, Linda Dillman, said the retailer would not use RFID to collect information about consumers.
Leahy said he is concerned only about RFID’s potential for “excesses” and is not interested in quashing the technology or its potential applications at retail. For Leahy, consumer notification is key.
“While it may be a good idea for a retailer to use RFID chips to manage its inventory, we would not want a retailer to…put those tags on goods for sale without consumers’ knowledge,” Leahy said in his speech. He also said retailers must be able to deactivate any chips they use, and he added there must be some kind of oversight as to what information is collected and how it is used.
Retailers are concerned legislation could hamstring their use of RFID.
“We want to make sure [lawmakers] won’t do something that prohibits the growth of this just because of some preconceived fears about big bad retailers,” said Maureen Riehl, vice president and government and industry counsel for the National Retail Federation. “People presume, particularly in the privacy arena, that retailers will do something against the will of their customers…[RFID] is not going to be something that is back-doored or hidden from our customers.”
As for progress this year on federal legislation, a shortened election-year congressional calendar is expected to keep any potential RFID bills from moving. In the long run, it’s difficult to weigh whether Capitol Hill lawmakers might act to spell out RFID privacy do’s and don’ts. In the case of legislating Internet privacy policies, proposed laws were never passed in the late Nineties, and threatened regulatory action from the Federal Trade Commission never materialized.
However, extensive House and Senate hearings highlighted the practice of Internet sites and advertisers anonymously tracking consumer Web behavior, including shopping habits. Consequently, and with the help of FTC pressure, Internet sites, including those run by retailers, voluntarily agreed to give consumers the chance to opt in or out of having their personal information collected and shared with third parties.
— With contributions from Cate T. Corcoran, Melissa Drier, Amanda Kaiser and Alessandra Ilari