Protecting our personal data has never been more important, amid the growing threat of cybercrime and identity theft.
Many feel we have lost control over who knows what about us online. Our exact location can even now be tracked.
The notion of a private life has changed, as hundreds of millions connect on social networking sites.
But what happens to all that information? Austrian law student Max Schrems tried to find out.
He was surprised when Facebook agreed to send him more than 1200 pages of data it had about him, even stuff he had long deleted.
Schrems made 22 complaints to the data protection commissioner in Dublin, where Facebook in Europe is based, and where an audit was already planned.
“A lot of very sensitive information was in there,” said Schrems. “So, for example, there were all my deleted messages in there. And by just searching individual words – you can type in for example all the political parties that exist in Austria – and within a blink of a second you know what I was voting for, or which I’m in favour of, because of course I was discussing in private chats with other people about, I don’t know, recent political developments.
“But all that is retained for three, four, five years, or probably 10 years in the end,” he added. “And that is something that is really new, that one individual company holds that much information about one individual user. And I do think that a lot of it is not very transparent and communicated to the user in a way that they really understand that.”
Euronews’ Seamus Kearney reports that as a result of the investigation carried out in Dublin, Facebook has agreed to a number of changes on its website to meet privacy rules.
Richard Allan, the Director of Policy at Facebook told euronews: “We are a service where people come and voluntarily disclose information to the service. They post it on the service in full knowledge of what they’re doing, because we have a very comprehensive data use policy and very clear information actually on the site about what you’re going to be sharing and who you’re going to be sharing it with.
“And we do have facilities … we’ve always had facilities … for people to be able to remove the data once they no longer want it to be on their profile,” he added. “So we feel the service was absolutely in compliance with the principles that the European Union data protection framework is based on. But what the Irish have done is come in and suggest areas where we can make that even more effective than today.”
But the case goes on. Both sides are in face-to-face talks, with Irish officials under pressure to formally rule on the complaints.
Surveys show that more than 70 per cent of Europeans are worried about what happens to their data online.
Brussels is proposing a reform of regulations drawn up 17 years ago, sparking widespread debate.
Main privacy reform proposals:
- Easier access for users to their own personal data
- Easier transfer of data from one service provider to another
- A ‘right to be forgotten’, making it easier to delete data
- A requirement for websites to have “privacy by default”
- One set of rules across EU and tougher fines for breaches
The changes would include one set of EU rules, bigger fines for breaches, more informed consent and greater delete options with a so-called right to be forgotten. Users would also have easier access to their data, with the right to transfer it from one service provider to another.
User groups cautiously welcome the plan.
Falk Lueke from the group Digital Society in Germany said: “In principle I would always approve the rules because they’re highly necessary. The crucial question of course is how will it take shape, and there are also a few smaller problems, where it is not yet clear how they could be regulated in detail. But this is something that will be dealt with in the consultation that’s planned.”
The Director of Privacy International, Simon Davies, said: “Well, some of the changes are long awaited and they’re much needed. They fall short in some respects, because it’s still the case that privacy in Europe is based on trust. And it doesn’t matter how hard the commission tries to enforce privacy, while the willingness is not there from industry and government, we’re still going to end up in a surveillance society.”
But officials in Brussels say national data agencies would have more powers and citizens would expect them to act.
Paul Nemitz, the Fundamental Rights Director at the European Commission, told euronews: “And if the laws are not enforced, then the natural ally of European integration, of European law, namely the national judge, comes into play. Because the national authorities, if they don’t act, they can be made to act by citizens who turn to the courts and say ‘Here is European law, I want my right, I want this authority to act’.”
Google is also caught up in big controversy over its privacy policies. The company was not available for an interview, but its Global Privacy Counsel, Peter Fleischer, did give euronews the following statement:
“We support simplifying privacy rules in Europe to both protect consumers online and stimulate economic growth. It is possible to have simple rules that do both. We look forward to debating the proposals.”
And what about automatic profiling, the collecting of data for targeted advertising, for example? Or profiling used to track down people suspected of breaking the law?
Jörg Polakiewicz, the head of the human rights department at the Council of Europe, said: “Some people say it’s only about wrong decisions, because it’s based on automatically generated profiles, that the risk of course is mistaken identity, that you’re taken for a terrorist, arrested, maybe even tortured in extreme cases. But in the Council of Europe we think it’s not only about these extreme cases of discrimination but also it’s really a human right, that you have the right to control your data.”
But one company whose products are used for profiling reckons the technology itself is not the issue.
John Boswell, the Vice President of SAS data analysis, said: “Where I think the EU should be focused is on making sure that only appropriate decisions are made, not focusing on how those decisions are made, what technology is used. No one is in favour of discrimination, no one is in favour of making bad decisions. Whether those are made personally or through the use of a computer shouldn’t matter, and so I think the focus on automated profiling is misdirected.”
Euronews’ Seamus Kearney reported that some experts believe the greatest threat to privacy in the future is the rapid development of location tracking systems, via mobile devices that pinpoint and memorise our exact location.
For now questions over consent and who can access, share and store the localisation data remain unanswered. And experts are looking into whether some kind of private zones can be established. User options are also very complex.
Maria Luisa Damiani, a computer scientist at the University of Milan said: “A fundamental problem is trying to understand what mechanisms we can use to make protection of privacy technology easy to use. Because we can’t imagine users constantly having to reset the privacy settings on their smartphone or ipad every time they use an application. There are so many applications.”
But to worry about internet privacy does not mean staying in the shadows. Max Schrems, for example, still logs on to Facebook.
“The thing is, what we wanted to do is improve Facebook and not just abandon it somehow,” he said. “So we’re kind of having the idea that data protection makes you trust more in the services and therefore you can use them more. And so what was very important to us was to have this positive attitude, improving the things, instead of just ignoring them.”