e-business: your privacy on the line

It is not only on social networks that we are giving away our privacy. Most companies on the internet now collect and process our personal data, and sometimes they also sell them.
 
Names, phone numbers, e-mail addresses: to make purchases or access services online, users have to give this information.
 
Euronews spoke to Katarzyna Szymielewicz who runs a Polish NGO defending liberties on the internet. Poles are increasingly focused on these issues; Warsaw saw the first demonstrations against the anti-counterfeiting trade agreement, ACTA. She advocates stricter legislation to protect internet users’ right to privacy against corporate power. She told us:
 
“Information means power and we really have to explain to people that whoever has your information has some kind of power over you.
 
“Companies definitely can and do use our data for manipulation, for creating desires, creating needs that we don’t have. You can say it is only money but you can also see it as a problem of freedom.”
 
Through Online Behavioural Advertising - or profiling - companies target more consumers according to their interests. Practitioners use and sometimes abuse our data without our knowledge.
 
 
Jean-Paul Lieux is associate director of email-marketing service dolist.net. He claims to have seen colleagues who have used some rather underhand methods, but now this is changing.
  
“We’re seeing that today there’s a radical change in practices. There will always be hard sellers, people who sell the promotion and put pressure on customers. But on the internet, users can turn off the screen at any time and go elsewhere,” he says.
 
Those working within online commerce and e-business stress that adhering to a code of conduct, is in their own interests and insist that they put a strong emphasis on self-regulation. Claiming to be among that group is Georges-Edouard Dias, the E-business director of L’Oreal group who told euronews: 
 
“To betray the trust they’ve given us by giving away their data and using it is disrespectful to our customers‘ privacy, I believe it’s serious for a brand, and we can not do that.  
 
“There must be a number of rules in place, but they must be created by insiders. So I think it’s our role as a big company to participate in the construction of these rules, and not those on the outside who may not know the subject, who’ll say ‘well here are the rules, that’s what we’re going to do to protect the consumer.’ Because that way it’ll need 15 signatures to authorise, it’ll distance the customer from the brand, it’ll be too complicated and require so much red tape, and so many signatures.”
 
Efforts to strengthen European legislation are under-way. First, the European Commission intends to harmonise the regulations of all 27 EU countries, making things easier for companies. Secondly they hope to improve best practices on techniques like profiling.
 
Katarzyna Szymielewicz believes there is a definite need for such legislation.
 
“Profiling is no longer something that companies can do simply because they want to,” she says. “Now it is sort of a grey zone. They argue ‘No, we are not processing data, we are only creating anonymous profiles.’ What they do with this profile is completely left out of our sight.
 
“You can imagine refusal of service for certain people on the basis of certain profiles, like insurance companies that might refuse services to people who present higher risks.”
 

In each country, an authority is responsible for data protection. It is often not widely known, yet it guarantees the right to privacy for its citizens. 
 
With the revision of European legislation, data protection authorities will have more power. In particular, they may impose heavy fines on companies (up to 1 million euros or 2% of sales) in case of offense. This is far from the case today.
 
Dr Wojciech R. Wiewiorowski is the head of Polish data protection authority, Giodo, and welcomes a European harmonisation of laws:
 
“Not all the authorities in the EU, not all the data protection authorities on a national level have the same enforcement rights,” he told us. “While, as the inspector general for personal data protection, I have a right to issue the decision and to forbid processing the data or changing the way data is processed, I do not have the right to issue a fine as they can for example in the UK, Italy or Spain.”
 
In France we met another man who is increasingly concerned by data protection: Lt. Col. Eric Freyssinet, who leads a police unit specialising in cyber-crime. He runs the project “Signal Spam“ which brings together private companies and public authorities in the fight against spam. A website allows internet users to report spam, and expose scams. He said:
 
“Today the most concerning are scams which trick internet users into giving away their banking information on fake sites. Both cardholders and websites fall victim to this.
 
“But also there are scams designed to divert money, and in a more advanced way to steal personal data, and use it to allow further scams. For example, by getting in touch with all your friends through your email account and social network account. And then pass on scams posing as you.”
 
 
Hackers are on the lookout for all kinds of personal data. If companies need to guard against possible attacks, they must also know how to react in case of a leak.
 
“The businesses that handle personal data - sensitive data - should be aware that there is no 100% security, and be prepared to respond to incidents, be able to detect and warn their customers about data that was specifically compromised and the risks they face, and then give them specific advice on how to protect themselves. To monitor their bank accounts, or change their passwords when this information has been compromised for example,” says Lt. Col. Freyssinet.
 
 
Around 50 percent of Europeans now shop online, and not leaving yourself exposed when you surf the net is proving an increasingly difficult challenge.
 
 
 
 
 
 
 

Copyright © 2012 euronews