GS1 Industry & Standards Event March 26-30, 2012 Brooklyn, NY

GS1 Industry & Standards Event

March 26
-
30, 2012
–

Brooklyn, NY


Building Standards to Deliver Business Value

Public Policy Update

March 26, 2012
9:00 am
–

10:15 am


Elizabeth Board, GS1 GO

©
2012
GS1

Anti
-
Trust Caution

2

GS1 and the GSMP operate under the GS1 anti
-
trust caution. Strict
compliance with anti
-
trust laws is and always has been the policy of GS1.


The best way to avoid problems is to remember that the purpose of the
committee is to enhance the ability of all industry members to compete more
efficiently.


This means:

•
There shall be no discussion of prices, allocation of customers, or
products, etc.


•
If any participant believes the group is drifting towards an impermissible
discussion, the topic shall be tabled until the opinion of counsel can be
obtained.

•
The full anti
-
trust caution is available in the Community Room if you
would like to read it in its entirety


©
2012
GS1

Meeting Etiquette

Meetings will begin promptly at
designated start times


Avoid distracting
behavior
:

•
Place all mobile devices on silent mode

•
Avoid cell phones

•
Avoid sidebar conversations


Speak in turn and be respectful of others


Be collaborative in support of the meeting
objectives



©
2012
GS1

Agenda

4

•
US State Government Relations Update

•
European Union (EU) Update

•
Asia Pacific Update

•
Privacy Impact Assessment Tool Update & Review




©
2012
GS1

US RFID Draft Legislation
Update

5

©
2012
GS1

US Government Relations Update

6


•
New Hampshire state RFID “no tracking” bill, likely to be
passed by full House

•

B
est opportunity to kill bill is in Senate


•
Interest remains high in various US House and Senate
privacy protection bills but none expected to move this
year


•
Federal Trade Commission privacy paper not yet
released; White House privacy paper released with
focus on online privacy











©
2012
GS1

US Government Relations Update

7

•
White House Standards Memo released

•
http://www.whitehouse.gov/sites/default/files/omb/memoranda/2012
/m
-
12
-
08.pdf


•
Reinforced US Government emphasis on industry consensus
standards reinforced
with acknowledgment that when national
priority is identified, the Federal Government may need to
accelerate standards development and implementation by “active
engagement or a convening role”


•
Examples given: electronic medical records and smart grid


•
Meetings being scheduled with agencies authoring memo to
determine any opportunities for GS1


©
2012
GS1

5 States With
Proposed

RFID Legislation
In 2012

8

Recurring States


•
New York

•
New Hampshire

•
Massachusetts


Mostly reintroductions or
variations on past
legislation; legislators with
an interest in RFID.


New States


•
California

•
Oklahoma


Relates to
student
monitoring, Drivers
Licenses

©
2012
GS1

States
With
Proposed

RFID Legislation
In 2012

9

New York


Carry
-
over bills that failed in House last year.


•
SB 1821
–

Establishes a Privacy Task Force that
would report on existing state law, regulations,
policies, and practices related to the use of technology,
including RFID. Companion bill AB 1032 failed in
House. Unlikely to pass Senate.

•
SB 1168
-

Radio Frequency Right to Know Act,
requires retail establishments to label and disclose the
use of RFID devices, and deactivation at point of sale
.
Companion bill AB
1033
failed in House
.
Unlikely to
pass Senate
.

©
2012
GS1

States
With
Proposed

RFID Legislation
In 2012

10

Massachusetts


SB 1850
–

Regulates radio frequency identification
devices in the Commonwealth; provides that a
commercial entity that uses an RFID system in their
normal course of commerce shall display a sign which
shall be readable by a consumer before the consumer
comes in contact with the RFID system
.

As of 3/20/12
-

In Joint
Committee on
Consumer
Protection and Professional Licensure:
Set aside for
Study.






©
2012
GS1

States
With
Proposed

RFID Legislation
In 2012

11

New Hampshire


•
HB 445
–

Prohibits tracking individuals through
electronic means.


Bill recommended for Interim Study by both House
Commerce & House Criminal Justice Committees
–

pending full House vote.

©
2012
GS1

States With Proposed RFID Legislation

12

California




AB
1362 Prevents using RFID or GPS to monitor student
attendance at school.
Failed. Status as of 02/01/2012
Died
pursuant to Art. IV, Sec. 10(c) of the Constitution.

From
Committee: Filed with the Chief Clerk pursuant to
Joint Rule
56.






©
2012
GS1

States With Proposed RFID Legislation

13

Oklahoma


•
HB 1399 Prohibits RFID in Drivers Licenses.


Pending
-

Carryover






©
2012
GS1

European Commission (EC)
Update

14

©
2012
GS1

European Commission Conference on
PIA Implementation

15


•
Only France, Germany represented on Industry Panel


•
GS1, METRO and
Decalthon

participated


•
Key message: Commission wants more industry PIA
implementation


•
http://ec.europa.eu/information_society/policy/rfid/docum
ents/piaconferencesummary.pdf





©
2012
GS1

EU Standardisation
Mandate:
Signage
and PIA

16

•
Work on phase 2 of RFID Mandate to CEN (EU
standards
organisation
) to
define standards
for
RFID signage
and PIA
started March
2012; completion by June
2014


•
GS1 represented in relevant Technical Committee and two
of the external experts contracted by CEN to draft discussion
documents come from M0s (DE, CZ)


•
Key GS1
issues

•
R
elationship
between
common
EU
RFID signage and symbol
requirements (RFID
Recommendation) and EPC
symbol

•
Need to
ensure no additional requirements are introduced relative
to PIA
Framework and that GS1 PIA tool
remains complaint with
final standard


©
2012
GS1

EU Commission IoT
Experts Group

17

•
February meeting discussed public
consultation
questions to be addressed
by citizens

•
Topics:
privacy, security, ethics, identifiers
, governance

•
Key issues
for GS1

•
Privacy: relationship between PIA as introduced
in
the
RFID
Recommendation and PIA in the proposals
to reform Data
Protection l
egislation

•
Identifiers
:
will all be freely accessible? Interoperability
questions between
different sets of
identifiers/platforms

•
Governance: option of establishing a new international
platform (UN IGF
-
type or alternative);
possible
that
governance of resolution services may be included



©
2012
GS1

EU Commission IoT
Expert
Group

18

•
Next Steps

•
Public consultation published March/April
and open
for
three
months


•
Consultation results
plus additional work of the
Expert Group
to feed into Commission policy impact
assessment
presented
by end
2012


•
Recommendation on IoT policy to be published first
half of
2013 in parallel with gap analysis on IoT
standardisation needed by CEN/CENELEC and
ETSI


©
2012
GS1

EU Commission Data Protection
Legislation Reform Proposals

19

•
EU Commission published
comprehensive
legislative
reform
proposals on Data Protection in January 2012


•
The Proposed Regulation
will enter
the EU legislative process,
a
politically
-
charged undertaking
likely to take 1
-
2 years
and will
require approval by the Council of the European Union and the
European Parliament.
There are likely to be changes, potentially
major
ones.


•
U
nder
the Proposed Regulation,
there
would no longer be national
data protection laws to comply with, and the provisions of the
Proposed Regulation would apply
EU
-
wide


©
2012
GS1

Additional EU Developments

•
Product safety

•
EC
Expert Group
meeting 8 Feb discussed
child’s carriage
Traceability
Paper

•
Healthcare

•
GS1 nominated to the EC
eHealth

Stakeholder Group: Christian Hay (GS1 CH),
Ulrike
Kreisa

(alternate)

•
eProcurement

•
GS1
Mos

appointed to EC Expert Group on
eTendering

and Multi
-
stakeholder Forum
on
eInvoicing

•
R
esponse to EC public consultation
on draft guidelines for procuring standards based
ICT (+ additional response from
eProcurement

Project Team
-

Natascha Rossner)

•
EU
Standardisation policy reform
proposals

•
P
roposed
provisions on direct referencing and recognition of ICT technical
specifications from global ICT For a and Consortia still tabled

•
In advance of the formal adoption of legislative package EC
formed a
Multi
-
stakeholder Platform on ICT Standardisation to
advise
on all matters related to
European ICT standardisation policy and its effective implementation

•
GS1 nominated as member: Henri Barthel, Massimiliano Minisci (alternate)


©
2012
GS1

Asia Pacific

21

©
2012
GS1

New Commitment to Public Policy in
Asia Pacific

Plan and Strategy to be discussed at April GS1 Advisory Council meeting


Objective: Increase the visibility of GS1 and the adoption of GS1 standards in the AP
region


Strategy

•
Inform
and maintain an ongoing dialogue with key policy decision
-
makers in
government, industry groups,
NGOs
and consumer
organizations, with primary
focus on APEC/ABAC

•
Asia Pacific Economic Cooperation

•
APEC Business Advisory Council


Objectives

•
Communicate and coordinate among MOs and industry users to ensure a
coherent
strategy and messaging


•
We will be looking for your input as we go forward; MO and member
company collaboration will be critical for success!



©
2012
GS1

GS1 Privacy Impact
Assessment (PIA)

23

©
2012
GS1

What is a Privacy Impact
Assessment (PIA)?

24

•
PIAs help organizations to assess the privacy risks
-

and
identify the measures to be taken to address them
-

before a new applications are introduced to the market


•
The PIA is a tool to generate and communicate
confidence that organizational privacy objectives have
been defined and addressed


•

Working through a PIA will promote a more fully
informed policy decision
-
making process for operations
and system design choices

©
2012
GS1

PIAs are not new!

25

•
Term started being used in the US in the 1970s

•
1990s when PIAs became important globally (especially
Canada, New Zealand, Australia, Norway and US)

•
E
-
Government Act of 2002 requires US Government
agencies to conduct PIAs

•
PIA tool has not been used as much in Europe because
a stronger legal framework exists for privacy (e.g.
EU
Data Protection Directive)

©
2012
GS1

Background
–

The EC Recommendation on
Privacy & Data Protection for RFID Applications

•
European Commission
RFID Recommendation
issued May 2009

•
http://ec.europa.eu/information_society/policy/rfid/documents/rec
ommendationonrfid2009.pdf


•
All RFID “Application Operators” should
conduct a PIA of their RFID Application




•
Industry in collaboration with stakeholders
should develop a framework for Privacy
Impact Assessments (PIAs) endorsed by
Article 29 Data Protection Working Party


©
2012
GS1

Background
-

RFID PIA Framework

•
Serves as a common approach to conducting Privacy
Impact Assessments on RFID Applications

•
http://ec.europa.eu/information_society/policy/rfid/documents/infso
-
2011
-
00068.pdf


•
PIA Framework

identifies

•
objectives of RFID Application PIAs

•
components of RFID Applications to be considered during PIAs

•
process for conducting a PIA and the common structure and content of
RFID
Application PIA Reports


•
Based on a privacy and data protection risk management
approach


©
2012
GS1

RFID PIA History

•
2009
–

RFID Recommendation

published

•
2010
–

Drafting of
PIA Framework

•
February 2011
–

Framework

formally endorsement by
the Article 29 Working Party (Data Protection
Commissioners from EU Member States)

•
April 2011
-

Framework

endorsed by the European
Commission (EC)

•
http://ec.europa.eu/information_society/policy/rfid/documents/infso
-
2011
-
00068.pdf

•
Nov 2011 GS1 publishes
EPC RFID PIA Tool

•

http://www.gs1.org/epcglobal/pia/


©
2012
GS1

Bert has it right!



“Why perform a PIA? The
easy answer is, "Because
we do business in Europe".
A better answer is,
"It's the
right thing to do".

The
more detailed answer is
that it will help you define
all relevant aspects of an
RFID implementation and
identify potential risks
—

whether it's a risk to
customers, employees or
the company itself.”


29

http://www.aimglobal.org/members/news/te
mplates/template.aspx?articleid=3977&zon
eid=26


©
2012
GS1

Initial Assessment:
PIA Framework

Decision Tree on PIA levels

©
2012
GS1

Check Out The GS1 EPC RFID Tool


http://www.gs1.org/epcglobal/pia/


31

©
2012
GS1

Questions?

32

•
Check out the
Frequently Asked Questions
document on
the GS1 website:

http://www.gs1.org/docs/epcglobal/pia/GS1_%20EPC_RFID_PIA_
FAQ.pdf


•
Question not answered?
Contact your local Member
Organisation at:
www.gs1.org/contact

or send an email
to

PIA@GS1.org


•
Have suggestions or problems with the tool?
Write

PIA@GS1.org



PIA Tool Demo



33

©
2012
GS1

Assessment Set Up

©
2012
GS1

Initial Assessment

©
2012
GS1

Level One Assessment

36

©
2012
GS1

Level Two Assessment

37

©
2012
GS1

Pop
-
up Privacy Guidance

©
2012
GS1

Describe Privacy Protection Control

©
2012
GS1

Community feedback drives our
continual improvement!



1. Individual Session Surveys
-

A satisfaction survey for
EACH working group session you attend will be emailed
to you during the sessions.



It is very important that everyone completes a survey for
each Work Group session attended so that Group
Leaders can improve !


•
You might win an ipod Nano!


2. Overall Event Survey
–

all attendees will receive an
email on Friday to rate your
overall
satisfaction of the
event.

•
You might with a Kindle eReader!



There are 2 types of event surveys:

40

©
2012
GS1

Mark the date for the next

Industry & Standards Autumn Event!

Hosted by

Sponsored by

Contact Details


Elizabeth Board

GS1 Global Public Policy

elizabeth.board@gs1.org


Massimiliano Minisci

GS1 Public Policy Europe

massimiliano.minisci@gs1.org