News Item

Agency Position on the Industry Proposal re: a Privacy Impact Assessment for RFID

Agency Position on the Industry Proposal re: a Privacy and Data Protection Impact Assessment Framework for RFID Applications

Published on July 14, 2010

The Agency recommendations are focused on methodology, risk management and impact assessment

A framework for privacy and data protection impact assessments (PIA)

 In the European Commission recommendation “on the implementation of privacy and data protection principles in applications supported by radio‐frequency identification” (12 May 2009), it is considered that member stated should ensure that Industry develops a framework for privacy and data protection impact assessments (PIA). On 31st of March, the industry published a draft proposal on  Privacy and Data Protection Impact Assessment Framework, sending it also to the Article 29 Working Party for endorsement.

Role of the Agency

According to Recital 17 of the RFID Recommendation, the development of the PIA Framework should build on existing practices also in the work conducted by ENISA. Given also ENISA’s expertise and experience in the field of risk management and developing a risk assessment framework on identifying emerging and future risks, the Agency has been asked by the European Commission to provide comments and recommendations on the draft of the PIA framework.

“Privacy by design”

 ENISA considers this as a very important initiative, especially since such a framework would enhance and further promote solutions of “privacy‐by‐design”. The importance of “privacy-by-design” has already been highlighted in many ENISA reports and studies. In view of the above and considering the great effort already invested in the draft, ENISA reviewed and submitted its position to the Article 29 Working Party.

Agency Position

In its position, ENISA identified certain issues and areas for improvement. Based on these, the Agency makes some recommendations, which could substantially improve the current PIA draft. It is noted that given our experience and expertise, our comments are mainly related to the methodological part used (particularly regarding risk management and impact assessment) and not on legal issues.


For full Agency position.


Stay tuned - subscribe to RSS feeds of ENISA news items

and for PRs:

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more