EU Privacy Mandate growing teeth? BIC’s response to EN16570 & 16571
The second half of 2014 saw the first signs that its mandate on RFID privacy M436 might be gaining some teeth with the issue of two new standards EN 16570 and EN 16571 – respectively defining the display of warning signs in RFID-enabled establishments and the process by which Privacy Impact Assessments (PIAs) should be completed. The second of these documents, created under the direction of its Project Editor, Paul Chartier, gives details of the process to be followed in creating a Privacy Impact Statement (PIS) to be displayed alongside signs warning that RFID is being used in an establishment – a library for example.
Paul’s company – Convergent Technologies – has been quick to alert librarians and their suppliers of the requirements of EN 16571 and has partnered with the French RFID organisation – CNRFID – to produce software that enables what the standard refers to as “Operators” to complete a PIS. This software can be purchased from either Convergent or CNRFID.
EN 16571 applies to any business using RFID but singles out libraries for special attention its Project Editor having a special interest in the sector having previously been PE for a number of other standards, most notably the somewhat over-engineered ISO 28560. Some of the requirements of EN 16571 would have profound implications for libraries. The need to label every single item that contains an RFID tag for example. Signing up to complete a PIS might therefore commit a library to more expenditure than simply buying the software.
So how should librarians respond to this new challenge? Convergent’s answer would probably be – “show us the money!” and that’s certainly one option. However the standard is not (yet) legally binding and may be enforced – or not – quite differently in different member states. The standard – like ISO 28560 before it – suggests to me that its creators may have been more familiar with the needs of the book supply chain than with running a library service and it is to be hoped that wiser counsels will prevail if it ever becomes the subject of legislation.
Book Industry Communication (BIC) – a charity funded by both the book trade and libraries – is an organisation that seeks to advise and inform its members on issues such as standards adoption. Its various committees and task-oriented working groups are populated by both suppliers and their clients (librarians) working in the sector. It liaises with other concerned parties (like the UK’s Information Commissioner’s Office (ICO)) to try and ensure that legislation is informed by those who work in the library sector rather than by EU experts who may have little experience of the day to day problems of running a library service.
BIC today issued an advisory notice to UK librarians about M436 seeking to reassure them that precipitate action is not necessary and detailing the approach it is taking on behalf of its members (and UK libraries in general). This might be summarised as “Don’t Panic” – but this should not seen as a call for complacency so much as a call to arms for librarians to be aware of the issue.
As a part-time BIC consultant I will be working with them to represent the interests of libraries in these cash-strapped times. I hope I can count on your support?