GS1 Industry & Standards Event
March 26
-
30, 2012
–
Brooklyn, NY
Building Standards to Deliver Business Value
Public Policy Update
March 26, 2012
9:00 am
–
10:15 am
Elizabeth Board, GS1 GO
©
2012
GS1
Anti
-
Trust Caution
2
GS1 and the GSMP operate under the GS1 anti
-
trust caution. Strict
compliance with anti
-
trust laws is and always has been the policy of GS1.
The best way to avoid problems is to remember that the purpose of the
committee is to enhance the ability of all industry members to compete more
efficiently.
This means:
•
There shall be no discussion of prices, allocation of customers, or
products, etc.
•
If any participant believes the group is drifting towards an impermissible
discussion, the topic shall be tabled until the opinion of counsel can be
obtained.
•
The full anti
-
trust caution is available in the Community Room if you
would like to read it in its entirety
©
2012
GS1
Meeting Etiquette
Meetings will begin promptly at
designated start times
Avoid distracting
behavior
:
•
Place all mobile devices on silent mode
•
Avoid cell phones
•
Avoid sidebar conversations
Speak in turn and be respectful of others
Be collaborative in support of the meeting
objectives
©
2012
GS1
Agenda
4
•
US State Government Relations Update
•
European Union (EU) Update
•
Asia Pacific Update
•
Privacy Impact Assessment Tool Update & Review
©
2012
GS1
US RFID Draft Legislation
Update
5
©
2012
GS1
US Government Relations Update
6
•
New Hampshire state RFID “no tracking” bill, likely to be
passed by full House
•
B
est opportunity to kill bill is in Senate
•
Interest remains high in various US House and Senate
privacy protection bills but none expected to move this
year
•
Federal Trade Commission privacy paper not yet
released; White House privacy paper released with
focus on online privacy
©
2012
GS1
US Government Relations Update
7
•
White House Standards Memo released
•
http://www.whitehouse.gov/sites/default/files/omb/memoranda/2012
/m
-
12
-
08.pdf
•
Reinforced US Government emphasis on industry consensus
standards reinforced
with acknowledgment that when national
priority is identified, the Federal Government may need to
accelerate standards development and implementation by “active
engagement or a convening role”
•
Examples given: electronic medical records and smart grid
•
Meetings being scheduled with agencies authoring memo to
determine any opportunities for GS1
©
2012
GS1
5 States With
Proposed
RFID Legislation
In 2012
8
Recurring States
•
New York
•
New Hampshire
•
Massachusetts
Mostly reintroductions or
variations on past
legislation; legislators with
an interest in RFID.
New States
•
California
•
Oklahoma
Relates to
student
monitoring, Drivers
Licenses
©
2012
GS1
States
With
Proposed
RFID Legislation
In 2012
9
New York
Carry
-
over bills that failed in House last year.
•
SB 1821
–
Establishes a Privacy Task Force that
would report on existing state law, regulations,
policies, and practices related to the use of technology,
including RFID. Companion bill AB 1032 failed in
House. Unlikely to pass Senate.
•
SB 1168
-
Radio Frequency Right to Know Act,
requires retail establishments to label and disclose the
use of RFID devices, and deactivation at point of sale
.
Companion bill AB
1033
failed in House
.
Unlikely to
pass Senate
.
©
2012
GS1
States
With
Proposed
RFID Legislation
In 2012
10
Massachusetts
SB 1850
–
Regulates radio frequency identification
devices in the Commonwealth; provides that a
commercial entity that uses an RFID system in their
normal course of commerce shall display a sign which
shall be readable by a consumer before the consumer
comes in contact with the RFID system
.
As of 3/20/12
-
In Joint
Committee on
Consumer
Protection and Professional Licensure:
Set aside for
Study.
©
2012
GS1
States
With
Proposed
RFID Legislation
In 2012
11
New Hampshire
•
HB 445
–
Prohibits tracking individuals through
electronic means.
Bill recommended for Interim Study by both House
Commerce & House Criminal Justice Committees
–
pending full House vote.
©
2012
GS1
States With Proposed RFID Legislation
12
California
AB
1362 Prevents using RFID or GPS to monitor student
attendance at school.
Failed. Status as of 02/01/2012
Died
pursuant to Art. IV, Sec. 10(c) of the Constitution.
From
Committee: Filed with the Chief Clerk pursuant to
Joint Rule
56.
©
2012
GS1
States With Proposed RFID Legislation
13
Oklahoma
•
HB 1399 Prohibits RFID in Drivers Licenses.
Pending
-
Carryover
©
2012
GS1
European Commission (EC)
Update
14
©
2012
GS1
European Commission Conference on
PIA Implementation
15
•
Only France, Germany represented on Industry Panel
•
GS1, METRO and
Decalthon
participated
•
Key message: Commission wants more industry PIA
implementation
•
http://ec.europa.eu/information_society/policy/rfid/docum
ents/piaconferencesummary.pdf
©
2012
GS1
EU Standardisation
Mandate:
Signage
and PIA
16
•
Work on phase 2 of RFID Mandate to CEN (EU
standards
organisation
) to
define standards
for
RFID signage
and PIA
started March
2012; completion by June
2014
•
GS1 represented in relevant Technical Committee and two
of the external experts contracted by CEN to draft discussion
documents come from M0s (DE, CZ)
•
Key GS1
issues
•
R
elationship
between
common
EU
RFID signage and symbol
requirements (RFID
Recommendation) and EPC
symbol
•
Need to
ensure no additional requirements are introduced relative
to PIA
Framework and that GS1 PIA tool
remains complaint with
final standard
©
2012
GS1
EU Commission IoT
Experts Group
17
•
February meeting discussed public
consultation
questions to be addressed
by citizens
•
Topics:
privacy, security, ethics, identifiers
, governance
•
Key issues
for GS1
•
Privacy: relationship between PIA as introduced
in
the
RFID
Recommendation and PIA in the proposals
to reform Data
Protection l
egislation
•
Identifiers
:
will all be freely accessible? Interoperability
questions between
different sets of
identifiers/platforms
•
Governance: option of establishing a new international
platform (UN IGF
-
type or alternative);
possible
that
governance of resolution services may be included
©
2012
GS1
EU Commission IoT
Expert
Group
18
•
Next Steps
•
Public consultation published March/April
and open
for
three
months
•
Consultation results
plus additional work of the
Expert Group
to feed into Commission policy impact
assessment
presented
by end
2012
•
Recommendation on IoT policy to be published first
half of
2013 in parallel with gap analysis on IoT
standardisation needed by CEN/CENELEC and
ETSI
©
2012
GS1
EU Commission Data Protection
Legislation Reform Proposals
19
•
EU Commission published
comprehensive
legislative
reform
proposals on Data Protection in January 2012
•
The Proposed Regulation
will enter
the EU legislative process,
a
politically
-
charged undertaking
likely to take 1
-
2 years
and will
require approval by the Council of the European Union and the
European Parliament.
There are likely to be changes, potentially
major
ones.
•
U
nder
the Proposed Regulation,
there
would no longer be national
data protection laws to comply with, and the provisions of the
Proposed Regulation would apply
EU
-
wide
©
2012
GS1
Additional EU Developments
•
Product safety
•
EC
Expert Group
meeting 8 Feb discussed
child’s carriage
Traceability
Paper
•
Healthcare
•
GS1 nominated to the EC
eHealth
Stakeholder Group: Christian Hay (GS1 CH),
Ulrike
Kreisa
(alternate)
•
eProcurement
•
GS1
Mos
appointed to EC Expert Group on
eTendering
and Multi
-
stakeholder Forum
on
eInvoicing
•
R
esponse to EC public consultation
on draft guidelines for procuring standards based
ICT (+ additional response from
eProcurement
Project Team
-
Natascha Rossner)
•
EU
Standardisation policy reform
proposals
•
P
roposed
provisions on direct referencing and recognition of ICT technical
specifications from global ICT For a and Consortia still tabled
•
In advance of the formal adoption of legislative package EC
formed a
Multi
-
stakeholder Platform on ICT Standardisation to
advise
on all matters related to
European ICT standardisation policy and its effective implementation
•
GS1 nominated as member: Henri Barthel, Massimiliano Minisci (alternate)
©
2012
GS1
Asia Pacific
21
©
2012
GS1
New Commitment to Public Policy in
Asia Pacific
Plan and Strategy to be discussed at April GS1 Advisory Council meeting
Objective: Increase the visibility of GS1 and the adoption of GS1 standards in the AP
region
Strategy
•
Inform
and maintain an ongoing dialogue with key policy decision
-
makers in
government, industry groups,
NGOs
and consumer
organizations, with primary
focus on APEC/ABAC
•
Asia Pacific Economic Cooperation
•
APEC Business Advisory Council
Objectives
•
Communicate and coordinate among MOs and industry users to ensure a
coherent
strategy and messaging
•
We will be looking for your input as we go forward; MO and member
company collaboration will be critical for success!
©
2012
GS1
GS1 Privacy Impact
Assessment (PIA)
23
©
2012
GS1
What is a Privacy Impact
Assessment (PIA)?
24
•
PIAs help organizations to assess the privacy risks
-
and
identify the measures to be taken to address them
-
before a new applications are introduced to the market
•
The PIA is a tool to generate and communicate
confidence that organizational privacy objectives have
been defined and addressed
•
Working through a PIA will promote a more fully
informed policy decision
-
making process for operations
and system design choices
©
2012
GS1
PIAs are not new!
25
•
Term started being used in the US in the 1970s
•
1990s when PIAs became important globally (especially
Canada, New Zealand, Australia, Norway and US)
•
E
-
Government Act of 2002 requires US Government
agencies to conduct PIAs
•
PIA tool has not been used as much in Europe because
a stronger legal framework exists for privacy (e.g.
EU
Data Protection Directive)
©
2012
GS1
Background
–
The EC Recommendation on
Privacy & Data Protection for RFID Applications
•
European Commission
RFID Recommendation
issued May 2009
•
http://ec.europa.eu/information_society/policy/rfid/documents/rec
ommendationonrfid2009.pdf
•
All RFID “Application Operators” should
conduct a PIA of their RFID Application
•
Industry in collaboration with stakeholders
should develop a framework for Privacy
Impact Assessments (PIAs) endorsed by
Article 29 Data Protection Working Party
©
2012
GS1
Background
-
RFID PIA Framework
•
Serves as a common approach to conducting Privacy
Impact Assessments on RFID Applications
•
http://ec.europa.eu/information_society/policy/rfid/documents/infso
-
2011
-
00068.pdf
•
PIA Framework
identifies
•
objectives of RFID Application PIAs
•
components of RFID Applications to be considered during PIAs
•
process for conducting a PIA and the common structure and content of
RFID
Application PIA Reports
•
Based on a privacy and data protection risk management
approach
©
2012
GS1
RFID PIA History
•
2009
–
RFID Recommendation
published
•
2010
–
Drafting of
PIA Framework
•
February 2011
–
Framework
formally endorsement by
the Article 29 Working Party (Data Protection
Commissioners from EU Member States)
•
April 2011
-
Framework
endorsed by the European
Commission (EC)
•
http://ec.europa.eu/information_society/policy/rfid/documents/infso
-
2011
-
00068.pdf
•
Nov 2011 GS1 publishes
EPC RFID PIA Tool
•
http://www.gs1.org/epcglobal/pia/
©
2012
GS1
Bert has it right!
“Why perform a PIA? The
easy answer is, "Because
we do business in Europe".
A better answer is,
"It's the
right thing to do".
The
more detailed answer is
that it will help you define
all relevant aspects of an
RFID implementation and
identify potential risks
—
whether it's a risk to
customers, employees or
the company itself.”
29
http://www.aimglobal.org/members/news/te
mplates/template.aspx?articleid=3977&zon
eid=26
©
2012
GS1
Initial Assessment:
PIA Framework
Decision Tree on PIA levels
©
2012
GS1
Check Out The GS1 EPC RFID Tool
http://www.gs1.org/epcglobal/pia/
31
©
2012
GS1
Questions?
32
•
Check out the
Frequently Asked Questions
document on
the GS1 website:
http://www.gs1.org/docs/epcglobal/pia/GS1_%20EPC_RFID_PIA_
FAQ.pdf
•
Question not answered?
Contact your local Member
Organisation at:
www.gs1.org/contact
or send an email
to
PIA@GS1.org
•
Have suggestions or problems with the tool?
Write
PIA@GS1.org
PIA Tool Demo
33
©
2012
GS1
Assessment Set Up
©
2012
GS1
Initial Assessment
©
2012
GS1
Level One Assessment
36
©
2012
GS1
Level Two Assessment
37
©
2012
GS1
Pop
-
up Privacy Guidance
©
2012
GS1
Describe Privacy Protection Control
©
2012
GS1
Community feedback drives our
continual improvement!
1. Individual Session Surveys
-
A satisfaction survey for
EACH working group session you attend will be emailed
to you during the sessions.
It is very important that everyone completes a survey for
each Work Group session attended so that Group
Leaders can improve !
•
You might win an ipod Nano!
2. Overall Event Survey
–
all attendees will receive an
email on Friday to rate your
overall
satisfaction of the
event.
•
You might with a Kindle eReader!
There are 2 types of event surveys:
40
©
2012
GS1
Mark the date for the next
Industry & Standards Autumn Event!
Hosted by
Sponsored by
Contact Details
Elizabeth Board
GS1 Global Public Policy
elizabeth.board@gs1.org
Massimiliano Minisci
GS1 Public Policy Europe
massimiliano.minisci@gs1.org
Enter the password to open this PDF file:
File name:
-
File size:
-
Title:
-
Author:
-
Subject:
-
Keywords:
-
Creation Date:
-
Modification Date:
-
Creator:
-
PDF Producer:
-
PDF Version:
-
Page Count:
-
Preparing document for printing…
0%
Comments 0
Log in to post a comment