Radio Frequency Identification and Privacy Law: An Integrative Approach

American Business Law Journal, Vol. 46, No. 1, Spring 2009

45 Pages Posted: 1 Mar 2009

See all articles by Julie Manning Magid

Julie Manning Magid

Indiana University - Kelley School of Business - Department of Business Law

Mohan V. Tatikonda

Indiana University - Kelley School of Business - Department of Operation & Decision Technologies

Philip L. Cochran

Indiana University - Kelley School of Business - Management & Entrepreneurship

Date Written: February, 22 2009

Abstract

The indiscriminate nature of Radio Frequency Identification (RFID) technology creates unique privacy issues. RFID holds great promise as a disruptive technology that will reshape the way individuals live. However, the undeniable privacy concerns, not only of data collected by RFID in particular, but also other indiscriminate technologies that are similarly disruptive, have received inadequate focus. The Fair Information Practice Principles (FIPP) is an outdated view of privacy for advanced technology such as RFID. A future challenge is to develop privacy standards that go beyond the narrow understanding of privacy evidenced in FIPP, while allowing increased efficiency and effectiveness through the use of RFID. We address this challenge by integrating several theoretical lenses of privacy in this paper and applying an integrative approach to data collected using RFID. The intent of this article is twofold. First we provide a baseline definition of privacy beyond the legal precedents and understanding, by incorporating other theoretical perspectives so as to frame broadly our discussion of RFID data collection. Second, we begin the discussion of potential solutions to managing private data obtained through RFID technology with an emphasis on data expiration policies as an important component of data retention practices. In Part II of this paper, we provide the relevant background for our discussion, including the capabilities of RFID and related technologies that raise issues of privacy protection. The current regulation of technology and attempts to legislate RFID technology is highlighted.

In the first portion of Part III, we examine the law and economics underpinnings of privacy law as an important base for the specific concerns raised by RFID. The second portion of Part III outlines legal models for further expansion of individual privacy rights in light of expanding technological capabilities. We argue that current legal scholarship often fails in two crucial aspects when considering regulation of technology with privacy implications. The first demands limiting the operational use of the technology and discouraging developing the full potential of technological advances. The second is that the legal theory does not incorporate adequately a range of important understandings about privacy gleaned from economic, behavioral, and sociological research. In Part IV we discuss three theoretical lenses concerning privacy: behavioral economics, communications privacy management, and social networks. Each lens offers relevant insight for evaluating privacy law and constructing privacy rights while permitting technological advancement. We advocate in Part V for an integrative privacy approach utilizing the three crucial Integrative Considerations gleaned from our integrative theoretical research: 1) individuals expect to own, control, and share personal information even after disclosing it; 2) advancing technologies raise concerns about individuals' bounded rationality and ineffective analysis of the costs and benefits of disclosing personal information; and 3) the significant threat to personal privacy comes not from the initial disclosure of personal information but from the subsequent re-use, transfer to third parties, and aggregation of that information. This Part concludes by applying the Integrative Considerations to data collected by RFID. This integrative approach requires limits on information obtained through RFID, including the types of information gathered, the time frame in which the information is used and then expired, and the re-use and transfer of information.

Keywords: privacy, privacy law, Radio Frequency Identification, RFID, Fair Information Practice Principles, FIPP, law and economics, behavioral economics, communications privacy management, social networks

Suggested Citation

Magid, Julie Manning and Tatikonda, Mohan V. and Cochran, Philip L., Radio Frequency Identification and Privacy Law: An Integrative Approach (February, 22 2009). American Business Law Journal, Vol. 46, No. 1, Spring 2009, Available at SSRN: https://ssrn.com/abstract=1347762

Julie Manning Magid (Contact Author)

Indiana University - Kelley School of Business - Department of Business Law ( email )

Bloomington, IN 47405
United States
317-274-2275 (Phone)
317-274-3312 (Fax)

Mohan V. Tatikonda

Indiana University - Kelley School of Business - Department of Operation & Decision Technologies ( email )

Business 670
1309 E. Tenth Street
Bloomington, IN 47401
United States

Philip L. Cochran

Indiana University - Kelley School of Business - Management & Entrepreneurship ( email )

Bloomington, IN 47405
United States
317-274-2481 (Phone)
317-274-2482 (Fax)

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
192
Abstract Views
1,935
Rank
285,122
PlumX Metrics