GS1 Industry & Standards Event March 21-25, 2011 – Brooklyn, NY Creating value together with global standards Public Policy Panel March 21, a.m. – 10:45 a.m. Sponsored by

© 2011 GS1 Creating value together with global standards 2 Agenda Introduction Elizabeth Board, GS1 GO Food Safety: Changes in US Laws and Customs Initiatives Steve Arens, GS1 US Using GS1 Standards to Manage Product Safety Requirements Al Garton, GS1 US Privacy Impact Assessments Going Forward in Europe Andreas Füßler, GS1 Germany US RFID Legislative Initiatives Matt McBride, GS1 GO

© 2011 GS1 Creating value together with global standards 3 Anti-Trust Caution GS1 and the GSMP operate under the GS1 anti-trust caution. Strict compliance with anti-trust laws is and always has been the policy of GS1. The best way to avoid problems is to remember that the purpose of the committee is to enhance the ability of all industry members to compete more efficiently. This means: – There shall be no discussion of prices, allocation of customers, or products, etc. – If any participant believes the group is drifting towards an impermissible discussion, the topic shall be tabled until the opinion of counsel can be obtained. –The full anti-trust caution is available in the Community Room if you would like to read it in its entirety.

Food Safety: Changes in US Laws and Customs Initiatives Steve Arens – GS1 US

© 2011 GS1 Creating value together with global standards U.S. Food Safety Modernization Act Most expansive changes since 1938 Act Sweeping new enforcement authority for US Food and Drug Administration (FDA) Exacting new food import requirements Major new program activities for FDA Ambitious schedule for increased inspections FDA working on specific industry guidance and regulatory documents FDA required to perform product tracing pilots with produce and processed foods (details to be determined) Funding to be determined

© 2011 GS1 Creating value together with global standards FDA Public Hearings RE Imported Goods First FDA Public Hearing concerning the Food Safety Modernization Act (FSMA) March 30 and March 31 Discussion of FDA's efforts to gather information from regulators in other countries regarding the regulatory policies, practices and programs used to ensure the safety of foods and animal feed imported into their countries Discussion of the implementation of the imports provisions found in the Food Safety Modernization Act GS1 US will attend hearings and will provide a recap GS1 US will submit comments to FDA for consideration 6

© 2011 GS1 Creating value together with global standards US Customs Activities US Customs’ International Trade Data System’s (ITDS) Product Information Committee (PIC) concluded in April 2009 that:  Harmonized Tariff System (HTS) codes provide insufficient information about most products for accurate admissibility assessment  Electronic commerce data used by businesses can be leveraged by governments to create a “smarter” cargo admission process

© 2011 GS1 Creating value together with global standards Why Use eCommerce Data? Based on global public voluntary consensus standards Broadly used by industry sectors Provides globally unique identification for products in the supply chain Provides structured, internationally recognized, multilingual product categorization and description Uses commonly available technology.

© 2011 GS1 Creating value together with global standards If catalog data indicate low risk product, government can release without inspection; if high-risk, can better plan for inspection efforts One Concept Global Catalog (GDSN) Product Supplier Customs Data Product supplier authoritatively publishes product information Government downloads published product information from catalog Government matches GTIN with catalog info and makes admission decision, ideally in advance, using rich global data from catalog Importer places the GTIN for the product in the entry record and sends to Customs =Dolls/Soft Toys (Powered); Consumer Lifestage = >3 YEARS & UP; Power Source = BATTERY; Target Gender = FEMALE; Type of Doll/Soft Toy = BABY DOLL Government Agency Inspection Importer GPC = GPC DESCRIPTORS GTIN= ENTRY # Line N GTIN=

© 2011 GS1 Creating value together with global standards Work Underway Product Information Committee currently conducting three pilots for high-risk products: Meat and Poultry Products (Public Health) Toys (Public Safety) Cut Floral Products (Environmental Safety) Pilots will document the business case for using e-commerce data for industry and government ITDS will report on business case value determined by pilots - final report to be issued in 2011 World Customs Organization following work closely

© 2011 GS1 Creating value together with global standards Contact Details 11 Steve Arens

Using GS1 Standards to Manage Product Safety Requirements Al Garton – GS1 US

© 2011 GS1 Creating value together with global standards Using GS1 Standards to Manage Product Safety Requirements Preliminary work has commenced as a result of GS1 US member inquiries with regards to using GS1 Standards to manage data associated with product safety compliance Retailers asking for data in multiple formats Suppliers struggling to meet those demands Inquiries by the International Regulator Group The need to educate Government Agencies at the international and local level European Union Organization for Economic Cooperation & Development U.S. Government Agencies (CPSC, FDA, USDA, EPA, Dept of Commerce) 13

© 2011 GS1 Creating value together with global standards The U.S. Consumer Product Safety Improvement Act Legislation includes a broad range of requirements Strong emphasis on Children’s Products but has expanded to include multiple categories of household products (literally thousands of products) About the U.S. Consumer Product Safety Commission Charged with protecting the public from unreasonable risks of injury or death from thousands of types of consumer products under the agency's jurisdiction 14

© 2011 GS1 Creating value together with global standards How to Address the Challenge Need to understand the key issues and where GS1 Standards can be applied effectively The Consumer Element Mobile Commerce Link? Permanent Tracking Labels at the item level Presents challenges to industry Not our typical supply chain initiative 15

© 2011 GS1 Creating value together with global standards Focus of Current Work Gain an understanding of the U.S. CPSC Office of Inter-Governmental Relations and International Programs Consumer Data Base Requirements Customs Understanding the new legislation Potential Transatlantic pilot for baby strollers Focus is on a tracking label at the item level Trade Association Collaboration TA’s have a firm grasp on legislative issues and how they impact the industry Retailer/Supplier collaboration How is product data information managed? Identify where GS1 Standards are most relevant Use of GDSN GS1 Standards on General Certificates of Conformity 16

© 2011 GS1 Creating value together with global standards Contact Details 17 Al Garton

RFID Privacy Impact Assessment Framework Andreas Füßler – GS1 Germany

© 2011 GS1 Creating value together with global standards 19 Background 2007 Communication on RFID in Europe: Steps towards a policy framework Creation by EC of an RFID Expert Group: intensive dialogue, shared experiences, multi-stakeholders’ process, leading to… May 2009 Recommendation on data protection for RFID applications: European Standardisation Organisations to develop a common European sign to indicate the presence of readers Industry to ‘develop a framework for privacy and data protection impact assessments’ This ‘PIA Framework’ is of great relevance, not least for retailers vis-a-vis deactivation at point of sale

© 2011 GS1 Creating value together with global standards 20 PIA Roadmap Jul 09 Mar 10 Jul 10 Dec 10 Feb 11 May 09 EC Commission releases the RFID Recommendation on Privacy Stakeholders group set up in order to draft PIA Framework. Endorsement of Article 29 WP is required Industry presents draft to the EC. EC (JLS and INFSO) submit the draft to the Article 29 WP Technology Subcommittee. Opinion of Article 29 WP. Industry is asked to make some revisions Inclusion of Article 29 WP comments and submission of final proposal from the Industry Endorsement of the Article 29 WP Signing Ceremony organised on 6 April 2011 for Formal endorsement of the European Commission

© 2011 GS1 Creating value together with global standards What is a PIA Framework for RFID Applications? Designed to help RFID Application Operators uncover the privacy risks associated with an RFID Application Identifies the objectives of RFID Application PIAs, the components of RFID Applications to be considered during PIAs, the process for conducting a PIA and the common structure and content of RFID Application PIA Reports Serves a common approach to conducting Privacy Impact Assessments on RFID Applications Based on a privacy and data protection risk management approach 21

© 2011 GS1 Creating value together with global standards Content of PIA Framework Introduction Key concepts Internal procedures PIA Process Initial Analysis Phase Risk Assessment Phase Annexes Information needed in the PIA report Privacy targets Privacy risks 22

© 2011 GS1 Creating value together with global standards Initial Analysis: Decision Tree on PIA levels 23

© 2011 GS1 Creating value together with global standards Risk Assessment Phase: Characterisation of applications 24 Planned RFID Application Design Step 1: Characterisation of Application Step 2: Identification of Relevant Risks Step 3: Identification of Current and Proposed Controls Step 4: Documentation of Resolution and Residual Risks Threat Exploitation Likelihood, Impact Magnitude, Control Adequacy Comprehensive Application Description List of Risks and Associated Likelihood of Risks List of Current and Planned Controls PIA Report

© 2011 GS1 Creating value together with global standards Next Steps RFID PIA Framework will take effect 6 months after publication of the opinion of the Article 29 WP : October 2011 Living document: Clarification of the RFID PIA Framework and/or guidance on practices may be required based on the practical experience; the Article 29 WP will continue dialogue with industry. RFID PIA Framework and the 2009 Recommendation should ensure a common implementation and interpretation of the data protection rules for RFID applications within the 27 EU Member States – Mutual Recognition Development of industry-based template, sector-based, and/or application-based PIA templates (e.g. retail, logistics, pharmaceutical sectors; SME template) GS1 will develop a template for EPC applications 25

© 2011 GS1 Creating value together with global standards Further information PIA Framework is accessible at: x_en.htm 26

© 2011 GS1 Creating value together with global standards Contact Details 27 Andreas Fuessler

US RFID Proposed Legislative Initiatives Matt McBride – GS1 GO

© 2011 GS1 Creating value together with global standards States With Proposed RFID Legislation In states in 2011 have introduced RFID legislation 11 states in 2009 introduced RFID legislation States focused on budget issues

© 2011 GS1 Creating value together with global standards States With Proposed RFID Legislation In Recurring States New York New Hampshire Massachusetts Mostly reintroductions or variations on past legislation; legislators with an interest in RFID. New States Utah Florida Bills require deactivation; legislators misinformed on technology.

© 2011 GS1 Creating value together with global standards States With Proposed RFID Legislation In New York All are introductions of bills that failed last year. None have been heard in committee. AB 894 – Requires notice of retail products or packages contain RFID tags; sets injunctions and civil penalties for violations AB 1032/SB 1821 – Establishes a Privacy Task Force that would report on existing state law, regulations, policies, and practices related to the use of technology, including RFID AB 1033/SB Radio Frequency Right to Know Act, requires retail establishments to label and disclose the use of RFID devices, and deactivation at point of sale.

© 2011 GS1 Creating value together with global standards States With Proposed RFID Legislation In Massachusetts SB 1850 – Act further regulating radio frequency devices in the Commonwealth. As of last week, the bill language has not been reintroduced. Expected to be a re-introduction of legislation that failed last year.

© 2011 GS1 Creating value together with global standards States With Proposed RFID Legislation In New Hampshire HB 445 – Prohibits tracking individuals through electronic means. After the hearing, the bill has been retained in committee, to be voted on later in the year. NH 455 – Requires individuals applying for Enhanced Drivers Licenses to sign statement acknowledging that they are understand the RFID technology being used in the license. Retained in committee for action in second year of session.

© 2011 GS1 Creating value together with global standards States With Proposed RFID Legislation 34 Utah HB 224 – Originally introduced to require deactivation of RFID tags, and prohibit surreptitious reading of the tags. Original version of the bill died in committee by a vote of 10 to 1. Bill revised to prohibit implantation of RFID tags without an individual's consent.

© 2011 GS1 Creating value together with global standards States With Proposed RFID Legislation 35 Florida S – Requires deactivation of RFID tags. Bill was not expected to go anywhere, but sponsor managed to get a hearing. Bill passed first committee and must be heard by a second committee in order to pass. Sponsor has agreed to be informed on RFID prior to second committee hearing. GS1 is working with the Florida Retailers Federation and industry stakeholders to provide this education.

© 2011 GS1 Creating value together with global standards Contact Details 36 Matt McBride

Questions?