On the 13 of August 2012, the updated version of the European Directive 2012/19/EU on waste electrical and electronic equipment (WEEE Directive) entered into force1. By setting key objectives regarding environmental management of WEEE, the text aims at improving the collection, treatment and recycling of electronics at the end of their life.
With the support of Eurosmart and in order to take the necessary measures, industry and customers (such as banks and MNOs) have raised the issue whether smart cards and smart card based products (e.g payment cards, electronic passports, electronic ID cards, SIM cards, health insurance cards) would fall under the scope of the updated WEEE Directive, since they were not covered by the 2002 legislation.
Despite this call for clarification, the situation remains very unclear for all actors of our value chain. Divergences of interpretation within the EU lead to legal uncertainty for economic actors and to potential serious risks for privacy and data protection.
Reaffirming our industry position, expressed in a position paper published in October 2014, Eurosmart’s President, Oyvind Rastad considers that smart cards cannot be included in the WEEE Directive’s scope as it raises serious issues with regard to privacy and data protection for EU citizens:
“First of all, our industry pointed out that smart cards were not included in the scope of the first WEEE directive from 2002, either when considering electrical or electronic parts of smart cards as mere components of the cards or when considering electrical and electronic parts of smart cards EEE themselves. With the entry into force of the new directive, which became the new legal reference until April 2018, our understanding is that the situation remains unchanged since the new text does not extend the scope.”
Oyvind Rastad added: “In addition to this legal argument, further inclusion of smart cards within the scope of the WEEE directive would cause severe data privacy and security risks. Do EU consumers really want to see piles of their health and credit cards at public waste collection points? As an industry, we are striving to protect privacy and reduce fraud and our efforts should not be made obsolete by opening new security and privacy gaps, which would bring more risk of unlawful usage of waste cards.”
“Moreover, including smart cards within the scope would not bring forward the initial environmental goals of WEEE. Indeed, because cards contain sensitive information they cannot be treated like any other WEEE. The special treatment imposed by security (for banks especially but not only) makes the whole process too heavy from an environmental stand point, given the small carbon footprint of the end of life of the card considering the whole lifecycle.”
“Besides accounting for a negligible amount of electronic waste, would consumers be willing to give away their waste smart cards if they understand that it causes a strong risk for their security and privacy?”
Eurosmart calls for a clear and consistent legislation for all smart cards, in order to ensure data protection and privacy for the interest of EU citizens. We are convinced that the task to define EU-wide prerequisites for the disposal of highly sensitive products will be carefully assessed by the European Commission – taking into consideration full data protection and benefit for the environment – although an official and final feedback is still awaited.