« Tony Blair repeats his ID Cards nonsense in his farewell speech to the Labour Party Conference | Main | CCTV surveillance society article in the New Statesman »

RFID data protection guidance from the Information Commissioner

The Office of the Information Commissioner has published

Data Protection Technical Guidance Radio Frequency Identification (.pdf - 7 pages)

There is an important reminder in the document:

The Data Protection Act 1998 concerns the processing of personal data. Any electronically held information relating to an identified or identifiable individual is personal data. It is not easy to define exactly when an individual is identified, but identifying someone does not necessarily mean being able to ascribe a name and address to them. If a person is uniquely distinguished from all others within a relevant group, he will be identified.

Without going into much detail, the document mentions "biometric" contactless chip ICAO standard passports, EPC Global RFID tags for the retail goods and warehouse logistics, so called "ubiquitous computing", and travel smartcards like the London Transport Oyster Card.

There is specific mention of retail RFID tags being used in combination with CCTV images.

However this combination of surveillance technologies is especially true of the Oyster Card, and of ICAO standard "contactless chip" boiometric Passports.

Is the Information Commissioner saying that the current data mining practices and of Transport for London, are illegal, because they do not ask for specific, informed consent ?

People's movements

Travel smartcards such as the Oystercard collect information about people's journeys which is then stored on a linked database. This information is used to tie together the journeys made on an individual travel card and improve journey planning. People's movements should not be tracked in this manner without a legitimate reason: for example, the personal data collected from a travel card should be relevant and proportionate to the needs of journey planning and customer service. Anyone who is subject to such tracking with RFID should be informed of this, and consent will be needed for any tracking that goes beyond what people would expect for a given legitimate purpose.

Or do the usual "coach and horses" overbroad exemptions to the Data Protection Act apply ?

Remeber that this linked travel data, and, in many cases, nme and address data is being routinely handed over to the Police, and possibly other agencies.
c.f. "Oyster Card data use by the Police"

Posted by on September 28, 2006 11:57 AM |

TrackBack

Listed below are links to weblogs that reference RFID data protection guidance from the Information Commissioner:

» Guía de protección de los datos de RFID de la Information Commissioner from CFI en Red
Guía de protección de los datos de RFID de la Information Commissioner. (Spy Blog). Ingrese al post [Read More]

Tracked on September 28, 2006 1:16 PM

Comments

IS THERE ANY WAY TO TOP UP A OYSTER CARD FOR FREE IE ILLGALLY USING THINGS FROM HOME IE A MOBILE PHONE OR A RADIO

Posted by: unknown | November 14, 2007 3:58 AM

@ unknown - of course there are, but why do you think anyone here would help you to commit such illegal frauds ?

Are you hoping that by using upper case text, you will somehow make it more difficult for the authorities to hunt you down ?


Posted by: wtwu | November 14, 2007 1:37 PM

Post a comment