EU wants tighter online privacy
2010-11-04 21:19
Brussels - The European Union wants companies like Google or Facebook to give people more control over how their online habits are tracked, requirements that could crimp internet firms' ability to target advertising.
The EU said on Thursday in a new strategy paper that "people should be able to give their informed consent to the processing of their personal data," but didn't give details on what this "informed consent" would look like in practice.
The document doesn't say whether the EU intends to require users to specifically "opt in" to having their data collected, or whether it is enough to allow them to "opt out".
It says internet users "need to know what their rights are if they want to access, rectify or delete their data".
The document will form the basis for an overhaul of the EU's 15-year-old laws on data protection scheduled for next year.
Thursday's strategy is open for public consultation until January, and the commission aims to propose legislation by mid-2011. Any new laws would have to be approved by the European Parliament and national governments.
Using an individual's search history to target online advertising is a key revenue source for companies such as Yahoo! and Google. Other sites use cookies - small files placed on a user's computer - or pop-up windows to collect data entered online on whatever websites a user has visited in the past.
User's interestsMost websites - from newspapers to blogs to social networking sites - today rely on advertising to fund their services.
The more closely ads can be linked to a user's interests, the more likely they are to be successful. But privacy watchdogs have raised concerns over whether this information can be linked to an individual's name or address, what it could be used for, and how long it can be stored.
"The protection of personal data is a fundamental right," Viviane Reding, the EU's justice commissioner, said in a statement.
"To guarantee this right, we need clear and consistent data protection rules. We also need to bring our laws up to date with the challenges raised by new technologies and globalisation."
Google and its rivals have argued that internet companies can regulate themselves, and some already allow users to "opt out" of having their information stored.
They also say that they never link an individual's data to his name or address.
However, privacy activists say that recent breaches of companies' own policies show that self-regulation is not enough.
Facebook data-gatherers
Google has come under fire after vans collecting data for its Street View application also scooped up sensitive information from unprotected wireless networks.
Facebook last month acknowledged that 10 of its most popular "apps" transmitted information about its users to advertisers and data-gathering firms.
The commission also wants countries to implement rules more consistently, which could make it easier for companies to operate across borders.
"The lack of harmonisation of data protection rules creates enormous challenges for entrepreneurs who are trying to use emerging technologies to expand into new markets," Jonathan Zuck, president of the Association for Competitive Technology, a lobbying group for technology companies, said in a statement.
Technology companies are racing to establish themselves in the business of "cloud computing," where they provide server space and software to companies or governments over the internet.
A user might be in one country, the server in a second country and the service provider in a third country, creating a tangle of different rules and regulation without clarity on which ones should apply where.
In addition, the commission also seeks to regulate how police and other law enforcement agencies can use and retain data, but hasn't yet set out specific proposals.
- AP
