Title: RFID TECHNOLOGY AND THE NOTION OF PERSONAL DATA

In this section, we will provide guidelines for which cases legal privacy provisions as discussed in the next section have to be taken into consideration. In order to decide upon the application of the data protection legislation, it is crucial to define whether personal data are involved in the RFID application or in the RFID system in question. As it is illustrated in scheme Figure 4 below, when the information does not relate to an individual, then the information does not qualify as personal data. In the opposite case, when the information related to an individual, the following options shall take place: (a) when the information relates to an identified natural person, e.g. via an RFID implant, then it is personal data; (b) when the information is anonymous and it can not be linked with a natural person, then it is not personal data; (c) when the information relates to an identifiable natural person, the following distinction has to be made, as already discussed under Chapter : (c.1) when the information can be linked to an individual with means reasonably to be used, such as via an RFID tagged access card, it is considered as personal data; (c.2) when the means to be used in order to finally link some information to a natural person, are excessive, then the information does not qualify as personal data.

Figure 4: The process of defining whether there is personal data involved in an RFID application