Efficient Method of Achieving Agreements between Individuals and Organizations about RFID Privacy

Shi-Cho CHA  

IEICE TRANSACTIONS on Information and Systems   Vol.E93-D   No.7   pp.1866-1877
Publication Date: 2010/07/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.E93.D.1866
Print ISSN: 0916-8532
Type of Manuscript: PAPER
Category: Information Network
RFID privacy,  privacy enhancing technology,  RFID,  

Full Text: PDF(801.1KB)>>
Buy this Article

This work presents novel technical and legal approaches that address privacy concerns for personal data in RFID systems. In recent years, to minimize the conflict between convenience and the privacy risk of RFID systems, organizations have been requested to disclose their policies regarding RFID activities, obtain customer consent, and adopt appropriate mechanisms to enforce these policies. However, current research on RFID typically focuses on enforcement mechanisms to protect personal data stored in RFID tags and prevent organizations from tracking user activity through information emitted by specific RFID tags. A missing piece is how organizations can obtain customers' consent efficiently and flexibly. This study recommends that organizations obtain licenses automatically or semi-automatically before collecting personal data via RFID technologies rather than deal with written consents. Such digitalized and standard licenses can be checked automatically to ensure that collection and use of personal data is based on user consent. While individuals can easily control who has licenses and license content, the proposed framework provides an efficient and flexible way to overcome the deficiencies in current privacy protection technologies for RFID systems.