Evan Schuman's StorefrontBacktalk

Warning consumers about anything presupposes that there is something bad with that item, something that should be avoided. This might be a self-fulfilling prophesy.

The commissioner for Information and Privacy in Ontario unveiled on June 19 a series of tips and guidelines for using RFID within her part of Canada.

First of all, the fact that a major Canadian province even has an information and privacy commissioner makes me look longingly to the North. But I believe bacon should be served in long narrow strips and that a rectangle is a terrible shape for any food, so we’re probably even.

But the guidelines themselves certainly need to be examined seriously because North American products can ill-afford to accommodate two different standards and, besides, neither Mexico nor the U.S. have any material privacy RFID rules at the moment.

Current U.S. views on RFID privacy pretty much comes down to a modified monetary laisez faire policy (“leave campaign contributors alone and the market will take care of itself”), while Mexico’s position is closer to “You can capture anything about our citizens that you want as long as you pay a living wage. OK, one-fourth a living wage, but we want a break after 18 hours of work.”

The Ontario approach is a bit different. One example: “Organizations should only collect, use or disclose RFID-linked personal information for purposes that a ‘reasonable person’ would consider appropriate in the circumstances.”

It then lists two things that Ontario believes would be unreasonable: “price discrimination” and “tracking and profiling individuals without their informed, written consent.”

Both sound frightening for retailers and consumer goods manufacturers?and with good reason. The “price discrimination” is aimed at applications that will charge lower prices to customers they want to attract and higher prices for those they want to repel, such as aggressive bargain hunters. There have been unsubstantiated allegations about this on some Web sites, but those allegations involved cookies, not RFID.

Still, the potential exists for RFID to enable the same kind of capability. But isn’t this simply a continuation of the time-honored discounts for those with a frequent shopper loyalty card? Aren’t those card programs offering discriminatory pricing, in the sense that some customers are being charged different prices than others?

That gets into that second reference: ” tracking and profiling individuals without their informed, written consent.” Is this to be interpreted to mean that such tracking/profiling is permitted in Ontario, as long as it doesn’t involve RFID? It would seem silly to permit it for CRM programs as long as they used barcodes, but to somehow find the privacy invasion reprehensible if it involves RFID.

Tracking/profiling are fighting words. Is it profiling to offer discounts on one brand of peanut butter only for people who regularly purchase a particular competing brand? Is it tracking to note that one consumer spends more than $900/month typically and then to send them E-mail invitations to some event? The wording in the Canadian material doesn’t exclude aggregate data, but isn’t that based on tracking individuals? Is that prohibited as well?

For retailers, Canada has rolled out a series of “notice” guidelines: “organizations should notify consumers if products contain an RFID tag, through clear and conspicuous labeling on the product itself”; “Organizations should notify consumers of RFID readers on their premises, using clearly written signage, prominently displayed at the perimeters”; “signs at the perimeter should identify someone who can answer questions about the RFID system, and include their contact information”; and “consumers should always know when, where, and why an RFID tag is being read. Visual or audio indicators should be built into the operation of the RFID system for these purposes.”

Somehow, I think the immediately prior draft wanted skull and crossbones on those signs and perhaps some imagery representing Satan (I guess for P&G, their old logo would suffice.)

Those are quite subtle notification suggestions. My favorite is the part about identifying someone who can answers about the RFID system. I can see Wal-Mart directing people to an 800 number and instructing them to hit #Sand.

The serious problem with such notification requirements is that, without proper consumer education, the sign won’t mean anything to many consumers. I can see Costco trying to turn the displays into marketing promotions: “Now including the miracle ingredient RFID at no extra cost!”

There’s also that wonderful part about audio indicators on RFID readers. What did Ontario have in mind? Sirens? Maybe the Darth Vader theme music? Or possible just a clip of someone saying “I see you”?

Here’s a well-intentioned one: “Organizations should not use or disclose RFID-linked consumer information for any purpose to which the individual has not consented.” The only problem is that retailers will likely throw such language into the fineprint on the back of every loyalty card, check-cashing card or anything else, including credit card slips. As long as fineprint exists on unrelated documents, such consumer consent will have little value.

It’s certainly a good thing that some government officials are thinking through where RFID could go in terms of consumer protections. But government edicts without industry support won’t help much. Remember those strange commercials that touted the benefits of a particular prescription drug? For years, the government gave the pharmas two choices: either describe the drug and not mention its name or mention the drug’s name but do not say what it does.

I’m no advocate of giving pharmas cart blanche to advertise to consumers however they want, but those particular U.S. government rules did little protect consumers. It just resulted in some very bizarre commercials. I fear the same thing happening with RFID. Through the use of highly technical terms and fineprint, I doubt many consumers would internalize the information that Ontario wants them to have. Will they think it has something to do with pacemaker interference? Is it to get discounts? Does it have something to do with store’s WiFi or maybe Bluetooth?

Back in December 2004, U.S. Senator Chuck Schumer called a news conference to promise legislation to regulate how retailers handle return policies. That legislation was never introduced. Although Schumer’s office has never officially explained what happened, some who were working on the legislation said that it became quite difficult to legislate wording and policy on something so customizable and also so proprietary.

In other words, the exact methodology to determine excessive returns could be thwarted if fraudsters knew the particulars. While Schumer gets credit for ultimately never introducing the legislation, he gets debits for holding a news conference to announce that he would.

There is a common thread between the two. On a surface level, forcing return policies and RFID tracking policies to be public sounds like a good thing, but digging down deeper, it’s very complicated to do it in a meaningful way that will actually advance the public cause. Will government leaders score points by announcing rules and then abandon their efforts without enforcement? I’m not surprised when it happens in the U.S., but I had higher hopes for Canada.