“The risks to personal privacy must be addressed,” say the authors of a new London School of Economics report examining NFC privacy and regulation issues. “This is not only to protect against surveillance, but it is essential to ensure that there is confidence in the marketplaces that may yet emerge with widespread use of NFC.”
A new report produced under a research collaboration between the London School of Economics and Nokia has found that organisations introducing NFC services must find ways to “inform users about the manner in which their information is used that [are] clear and unobtrusive, and in turn to ensure that information is only processed accordingly.”
“The risks to personal privacy must be addressed,” say the authors of Near Field Communications; Privacy, Regulation & Business Models. “This is not only to protect against surveillance, but it is essential to ensure that there is confidence in the marketplaces that may yet emerge with widespread use of NFC.
“The potential for NFC is immense and may yet challenge some of the well-established market participants and provide new and fertile grounds for business and trade. NFC, if deployed well, like many innovations, has much to offer,” they continue.
“However, the key danger is that the discussion of privacy in this domain will degenerate into debates over ‘regulation’ versus ‘innovation’, as we have seen in so many other technology policy debates. For NFC to thrive, privacy must be considered in the design of the technology, the platforms, and the services. The key questions raised throughout this report must be answerable by all stakeholders in the emerging system: How are you informing and involving citizens and consumers, protecting their information from unnecessary collection and use, and ensuring that any arising risks are mitigated?”
The authors conclude that:
- Many consumer concerns have not yet been addressed by the current providers of NFC services. “Clear guidelines need to be provided about the procedures for registering complaints and for rectifying violations.”
- Too little serious debate is in evidence about cases of fraud or unlawful use of personal information by others. Clarifying and embedding preventive measures for accountability will have a strong positive effect upon the development of business models. Unless properly designed and deployed, NFC could very well make matters worse in this regard.
- Coherence and consistency are required as users become familiar with new ways of deploying NFC. If one NFC interaction varies significantly from another, while hiding the levels of protections and invasiveness, then the entire system is poorly served and the technology can become maligned “much as RFID was”.
- Greater cooperation is required amongst stakeholders to resolve practices for interfaces, minimise legal ambiguities, and to come to agreement on best practices in the issuance and validation of cards. “While the industry pays considerable attention to this at hardware and software levels they have not taken into account the business significance of it in relation to how to handle the multiple identities and models of services.”
- Information that is recorded and stored by different NFC stakeholders ought to be bounded by a contractual obligation of a “last use by date for data”. Certain NFC services require storing data for shorter periods of time than others, or they might not require stored data at all, say the researchers. “By establishing a maximum time for storage of data that is economically sustainable within the business model there will likely be benefits in reducing potential fraud and violations of the privacy rights of consumers,” they explain. “This must not only be done in the form of a policy principle. Rather, auditable statements must be provided, backed up by technological design, with serious penalties applied for failing to adhere to their claims.”
The report is available to download free of charge from the LSE’s website.