STFbreadcrumb separatorSTFsbreadcrumb separatorSTF Homepagesbreadcrumb separatorSTF396

Specialist Task Force 396:
Response to Phase 1 of EC mandate M/436 (RFID) - SA/ETSI/ENTR/436/2009-02

Who we are:

Team Leader: Scott Cadzow
Team Members:

Christian Schenk

Gabriela Bodea

Josef Preishuber-Pflügl

Paloma Llaneza-Gonzales

Paul Chartier

Peter Eisenegger

Siv-Hilde Houmb

Trevor Peirce

Voluntary team members:

Athena Bourka

Georg Ramsch

Jacques Hulshof

Why we do it:

Mandate M/436 is a European Commission request, backed by the member states, that the European Standards Organizations (ESOs) deliver a coordinated response on the subject of Radio Frequency Identification Devices (RFID) in relation to data protection, information security and privacy. This STF is composed of experts from the 3 ESOs (CEN, CENELEC and ETSI) who have come together with a view to developing, promoting, and delivering the coordinated response of the ESOs to Phase 1 of the mandate.

The aim of M/436 is to identify and provide adequate relevant standards as a solid foundation to consistent and rigorous compliance and enforcement of the Recommendation (adopted by the EC on the 11th May 2009) across Europe that has laid out a number of principles for protecting privacy and data protection in the use of RFID devices such as those below aimed at the retail industry:

Check mark symbol Consumers should be in control whether products they buy in shops use smart chips or not. When consumers buy products with smart chips, these should be deactivated automatically, immediately and free of charge at the point of sale, unless the consumer explicitly opts-in by asking to keep the chip operational. Exceptions can be granted to avoid an unnecessary burden on retailers, for example, but only after an assessment of the chip's impact on privacy.

Check mark symbol Companies or public authorities using smart chips should give consumers clear and simple information so that they understand if their personal data will be used, the type of collected data (such as name, address and date of birth) and for what purpose. They should also provide clear labelling to identify the devices that read the information stored in smart chips, and provide a contact point for citizens to obtain more information.

Check mark symbol Retail associations and organizations should promote consumer awareness on products containing smart chips through a common European sign to indicate whenever a smart chip is used by a product.

Check mark symbol Companies and public authorities should conduct privacy and data protection impact assessments before using smart chips. These assessments, reviewed by national data protection authorities, should ensure that personal data is secure and well protected.

With over two billion RFID tags sold worldwide in 2008 and growth in the market this is thought to be an increasingly important element of market and consumer acceptance of the technology. In the wider context RFID devices will be seen as a contributing technology in the Internet of Things so will move beyond the retail and logistics sectors into a set of new sectors in banking, identity, authorisation and so on. It is possible therefore that closed vertical market use of RFID will be replaced by a new matrix form of technology penetration and thus greater need to look beyond the RF for matters of privacy and security. The aim of the STF and the ESO response to the mandate is to ensure that when and if such a world evolves that standards will be there to secure it.

For more details, see our Terms of Reference

How we do it:

In common with the general STF model at ETSI, STF396 is comprised of a group of domain and field experts that together have the necessary capabilities of addressing the issues specified in the Terms of Reference. The STF applies a number of working methods, including brainstorming, scenario building, analysis, and testing, to produce the relevant standards and contribution to standardization. These contributions and standards text are then verified as being acceptable through a formal approval procedure including all affected technical bodies and additional open meetings with stakeholders. For STF396 the affected technical bodies are: ETSI TC TISPAN, ETSI TC M2M, ETSI TC ERM TG34 (and other sub groups of ERM), CEN TC225, the Workshop on Data Protection and Privacy (WS/DPP) (and other working groups in CEN) and the CENELEC TC106 x (electromagnetic fields in the human environment). The formal procedure concludes with a contribution that is ready to be endorsed as a published response by the 3 ESOs together. 

The STF will build on the work done in the GRIFS and CASAGRAS projects that ETSI the ESOs have contributed to in 2008 through to the present.

Furthermore, the STF and its members will link to international standardization groups including ISO/IEC JTC1 SC31.

Time plan for the work:

The work is to start in March 2010 and to complete as soon as possible thereafter. Realistically the STF will complete its activity towards the end of Q3-2010.

How to contact us:

By email:


This information is based upon STF working assumptions.
The views expressed do not necessarily represent the position of ETSI in this context.

Last updated: 2013-04-13 17:33:05