Squaring the Circle with RFID and Privacy

The introduction of retail RFID comes with many challenges: technological capability, the adoption of appropriate software architectures and the production of cohesive standards, to name but a few. Not the least of these challenges is finding ways to address the concerns of consumer privacy groups.

The ability to uniquely identify an item and to do this without requiring contact or line-of-sight opens up a whole realm of possibilities in the supply chain and the retail store. Labor costs can be trimmed and out-of-stock situations reduced. In the store, with the benefit of item-level tagging, a slew of opportunities arise. Smart shelving will determine stock levels and advise when they are running low. In-store displays will use the tags to provide greater product information and opportunities for cross-selling, showing complementary products and offerings.

At the checkout, tags may enable a consumer to check out much more quickly with readers identifying the goods the consumer is purchasing and also potentially identifying him/her and debiting an authorized credit card. The returns process will also be eased with returned goods being accurately identified and, where applicable, guarantees and warranties validated. The customer will receive improved service and the retailer will benefit from a smoother reverse logistics operation.

Consumer Spies

At the same time, a more shadowy, potentially controversial application of RFID may be the tracking of customers as they move around the store. Gaining accurate and informative footfall data will allow retailers to provide improved store layout and to increase the effectiveness of their in-store merchandising efforts. However, while the customer stands to benefit from a long list of store efficiency improvements, there will be some who will feel uncomfortable with the prospect of a retailer gaining the ability to peer into their shopping baskets to discover exactly what they are carrying.

The ability to track a customer around a store may be viewed with disdain, and further issues may arise once the customer actually leaves the store: Will the tags attached to the goods they have purchased still be readable?

If this is the case then anybody with a standard reader may be able to identify the tag-ids of the products that are held. Could this be a handy method for would-be muggers to identify their prime targets? What data will a store or retailer gather about individuals? How complicit will the individuals be with this process?

These are the areas around which the debate will rage, and failure to address them could create difficulties in your RFID implementation programs, generate bad publicity and ultimately affect your bottom line. How should you address these issues and assuage consumer reluctance? There are a number of strategies that need to be adopted and a number of RFID features that must be used.

Honesty Best Policy

First, do not implement trials surreptitiously. Be open and upfront about them. A surreptitious trial is very difficult to conceal and the effect of it being discovered after the fact will only add to any sense of mistrust that a customer may have. If the objective is to make customers feel comfortable and happy to be in your store, then do not try to hoodwink them.

Provide flyers detailing what the trial entails, what data will be captured and what you will be doing with it. Ensure that you are complying with the Data Protection Act, including the principles that the data held is fairly and lawfully processed, adequate, relevant, not excessive and that it is not kept longer than necessary.

If tracking of individuals around a store is what you want to do then this needs be an opt-in process. Loyalty cards with an RFID chip built in would be an ideal way to obtain these footfall and dwelling time statistics. In order to assuage some of the concerns around multiple stores being able to identify individuals from the details stored on a single store card, the store card can simply hold a unique ID which will only make sense to the retailer that has issued it. In this way you would ensure that if a customer entered another retail store, the retailer may be able to read the tag, but would have no access to the holder’s personal data.

Tracking Ends with Exit

The concerns about tags continuing to be readable once a customer leaves the store are valid and should be easily rectifiable with efficient application of technology. The newer standard of generation-two, class-one RFID tags has a mandated “kill-switch” built into the standard. This is a 32-bit pass code that can be sent to the tag and which render it inoperable. The activation of the kill-switch should be performed at the checkout or, failing that, a facility, such as a “Tag Killer” kiosk, whereby customers can choose to deactivate the tags themselves.

With a bit of thinking (and some systems integration), the customer could use their loyalty card preferences to specify whether they are happy for tags to remain active or whether they would like them to be killed. The default for customers without loyalty cards ought to be for them to be killed.

One of the issues that is not being addressed by the RFID hardware community is that of intra-store privacy. The tags deployed in a retail environment are designed to be simple in order to keep the cost per tag as low as possible. One side effect of this simplicity is that tags have no encryption or access control mechanism; therefore standard tags from one retailer are likely to be readable at another retailer.

Tread Softly

While customers may be prepared to accept a retailer tracking their own goods as they travel around their own store, there is likely to be far more resistance to a retailer “accidentally” reading all of the contents of a customers shopping bag regardless of whether they were purchased at that outlet. Although it would be possible for the retailer to disregard tags that did not originate from them, it would still be the case that the tags would have been read and would have been compared to a list of tags owned by the retailer.

This offers challenges to the IT department, but the problem should not be insurmountable. Despite the invasiveness of this problem, ensuring that foreign tag readers are not committed to storage will negate them. It may be trickier to answer the question of how you prove your intentions to the skeptical.

By adopting common sense, customer information and honesty measures, enabling opt-out of customer tracking, killing tags at checkout by default and adhering to good data collection practice, RFID implementations should be eased considerably. Ultimately there may be a core of people who will be unwilling to tolerate RFID and will simply refuse to shop at a store implementing an RFID solution.

It has to be hoped that the number of these people will be commercially insignificant and any effect they produce will be short lived. As with the introduction of many new technologies, the theory is far more frightening to the consumer than the reality. Educate your consumers, tread softly, and everybody will be far happier with the result.