The Office of the Information Commissioner has published
Data Protection Technical Guidance Radio Frequency Identification (.pdf - 7 pages)
There is an important reminder in the document:
The Data Protection Act 1998 concerns the processing of personal data. Any electronically held information relating to an identified or identifiable individual is personal data. It is not easy to define exactly when an individual is identified, but identifying someone does not necessarily mean being able to ascribe a name and address to them. If a person is uniquely distinguished from all others within a relevant group, he will be identified.
Without going into much detail, the document mentions "biometric" contactless chip ICAO standard passports, EPC Global RFID tags for the retail goods and warehouse logistics, so called "ubiquitous computing", and travel smartcards like the London Transport Oyster Card.
There is specific mention of retail RFID tags being used
However this combination of surveillance technologies is especially true of the Oyster Card, and of ICAO standard "contactless chip" boiometric Passports.
Is the Information Commissioner saying that the current data mining practices and of Transport for London, are illegal, because they do not ask for specific, informed consent ?
Travel smartcards such as the Oystercard collect information about people's journeys which is then stored on a linked database. This information is used to tie together the journeys made on an individual travel card and improve journey planning. People's movements should not be tracked in this manner without a legitimate reason: for example, the personal data collected from a travel card should be relevant and proportionate to the needs of journey planning and customer service. Anyone who is subject to such tracking with RFID should be informed of this, and consent will be needed for any tracking that goes beyond what people would expect for a given legitimate purpose.
Or do the usual "coach and horses" overbroad exemptions to the Data Protection Act apply ?
Remeber that this linked travel data, and, in many cases, nme and address data is being routinely handed over to the Police, and possibly other agencies.
c.f. "Oyster Card data use by the Police"