Affiliations: Chair in European Information Policy & Technology Law, Faculty of Law, University of Groningen, The Netherlands, Head of Department of Information Policy & Governance, Faculty of Media & Knowledge Sciences, University of Malta, Adjunct Professor at the Security Research Centre, School of Computer and Security Science, Edith Cowan University, Australia
Note: [] Corresponding author: Chair in European Information Policy & Technology Law, Faculty of Law, University of Groningen, The Netherlands, Head of Department of Information Policy & Governance, Faculty of Media & Knowledge Sciences, University of Malta, Adjunct Professor at the Security Research Centre, School of Computer and Security Science, Edith Cowan University, Australia. Tel.: +356 99 42 61 33; Fax: +356 2134 5655; E-mails: [email protected]; [email protected] and [email protected]
Abstract: This paper traces the impact of six major RFID-relevant events in Europe since May 2009. It outlines the findings relevant to RFID and privacy in healthcare as published in the June 2009 RAND report and relates them to subsequent developments including the explicit inclusion in November 2009 of RFID in the E-Privacy Directive of 2002. The paper focuses on the process of implementation of the European Commission's May 2009 Recommendation of Privacy and RFID and especially the implications for healthcare providers in the form of the new requirement (in Europe) for Privacy Impact Assessments (PIAs). The paper indicates three main areas of concern highlighted by the July 2010 Opinion of the EU's Art 29 Working Party which may be relevant to healthcare providers considering deployment of RFID. Following a comparison with the situation obtaining in North America, the paper concludes that PIAs will form part of the likely scenario for legal requirements or at the very least impact the actual design of RFID deployed in the healthcare sector in both Europe and North America.