The following aspects of policy formation have to be given critical review by the policy framers and law makers while framing the RFID policy, along with the additional concerns which are listed below:

Policy questions

1. Who has a stake in establishing a responsible policy regarding access to and disclosure of repository’s data? How will the policy affect the consumers, retailers, manufacturers, third parties, law enforcement authorities, data connectivity and data repository service providers?
2. What baseline legal rights and duties constrain any policy?
3. What operational features of RFID and data collection, storage and dissemination systems should affect any policy on access, use and disclosure?
4. What analogies can be used to help formulate a consistent set of policies?
5. What criteria should be used to evaluate a proposed policy?
6. Has your policy been disclosed in advance to all concerned?

Additional concerns

1. Who from the commercial organization, privacy advocates and Government agencies should participate in the development of the policy?
2. What corporate resources in terms of cost and time and personnel should be considered in formulating overall RFID privacy policies?
3. What information will you want to gather in advance or during the course of formulating your policy?
4. What kind of research methods would the policy makers use while eliciting and analyzing public opinion and till what confidence level?

The most important concept is development of an RFID privacy policy with procedures for implementation and communication to all the parties whose stakes are involved in full-scale RFID implementation. The reason, according to privacy advocates, is that commercial firms and the governments all over the world in the information intensive society often use public opinions as an alibi to frame their arguments in support of or in opposition to specific privacy policies.

One of the most important stakeholders is the consumer and for getting his/her views, perception and opinion research studies must be done by independent and neutral bodies.

Formation of privacy policies on public opinions

The consumer research brings consumers together on a single platform and gives policy makers a handle to understand consumer psyche. The research is important to find out how consumers think and more importantly why they think that way. Correctly gathering, analyzing and disseminating public opinion would go a long way towards framing more widely acceptable privacy policies.

The flip side of relying on public opinion is that the laws which consumers obey from their childhood condition the boundaries that separate the public from the private spheres and finally help in shaping expectations of privacy. This turns out to be a kind of circular loop where both public opinion and privacy policy reinforce each other. Also, the expectations from the privacy policies which are yet to be framed are culture and country specific. This is due to different economic and social conditions (recession, unemployment, socialist or capitalist economy etc.), and the level of trust that the public places in Government policies, i.e. whether it believes the government would look after them and create laws to protect them.

Also, commercial firms have been the major sponsors for professionally administered public surveys, which according to privacy advocates skew these research reports in favor of them, and often introduce them into testimony as the will of the public. To avoid skewness, consumer research must be done by an independent and respected body and must cover the following points:

• Major expectations (both implicit and explicit) regarding the privacy of personal information.
• Major concerns (both rational and emotional).
• Rules regarding consumer’s control of information provided.
• Rules governing the access of personal information.
• Rules governing the collection of personal information.
• Rules governing the use of information.
• Rules governing the exchange of information.

When public opinion is collected, filtered for relevant information, analyzed and finally interpreted, the issues involved in implemention must also be analyzed. A few issues which may arise while incorporating public opinion into privacy policy are:

1. Cost of implementation of the recommendations of the public survey.
2. Implementation scope in terms of number of man days.
3. Level of acceptability among different players involved in RFID imbroglio.
4. Competition among the commercial firms who accept and don’t accept the recommendation.

Branding RFID right

Public backlash against RFID, cloning, virtual reality, biometrics and other commonplace concepts today is partly due to representations of the technologies in film, print media and science-fiction literature. Artists are generally very good at reflecting human nature in the tenor of their times and sometimes that leads to very valuable insights, according to Dr. Dean Economou, Chief Technologist, CSIRO. Symbiotically, scientists take many cues from what they see take place on screen and try to replicate it in real world.

Steven Spielberg, in his movie ‘Minority Report’ has accomplished with his team of MIT futurists, a form of technology assessment, that is, a holistic look at the impacts of technology on all aspects of societal behavior in the not-so-distant future. It is just this sort of analysis that so far has been missing in the public policy arena regarding the deployment of RFID at product level and consequent privacy concerns.

It is imperative that what serves as technology assessment today comes from the public policy realm and not from paranoid versions of Hollywood movies so that policy makers can frame correct privacy policies.

Commercial organizations propounding and using RFID have the responsibility of putting public relations in proper order to avoid backlash from the privacy activists and consumers in general. Organizations must have clearly stated guidelines educating the consumers how RFID implementation is going to benefit them and the industry in general. The guidelines must state any drawbacks customers might face. The organizations must invite privacy activists, retailers, suppliers, policy makers and all other parties involved in the issue to answer and pre-empt any query pre rollout. They must be prepared to answer all questions posed by media pre and post RFID implementation.

Same sentiments are reflected in the documents prepared by Fleishman-Hillard, a communications consultancy. The document suggests that one method of doing this is through the creation of a Privacy Advisory Council made up of ‘well known, credible, and credentialed experts’ who may be ‘potentially adversarial advocates’ having varied backgrounds viz. political, legal and technology. All these would lead to increase in trust in RFID technology and wider acceptance among consumers.