Privacy - more uncertainty and confusion
Jinfo Blog

By Tim Buckley Owen

Item

Privacy experts in Britain seem set for a clash with the European Union over the right to be forgotten – while the internet industry is haltingly starting to address “Do Not Track” demands. Affecting both compliance and research, it all makes for continuing uncertainty which information managers can ill afford.

EU Justice Commissioner Viviane Reding and German Consumer Protection Minister Ilse Aigner have recently joined forces to discuss reform of the EU Data Protection Directive. Dating back to 1995, the Directive predates cloud computing (a classic case of the law trailing technology – see LiveWire comment) so one proposed revision is that EU citizens’ data should be protected regardless of the country in which the company that processes it is established.

Reding’s partnership with Aigner is significant; for historical reasons, Germany has a very strong privacy culture (LiveWire comment here) and a Eurobarometer survey cited in the report of their meeting suggests that three quarters of Europeans want the right to delete information about themselves whenever they choose (earlier LiveWire background here). But word coming out of one perennially troublesome EU member state – Britain – is that that’s simply impracticable.

In a speech to the Internet Advertising Bureau, a few days before Reding’s announcement, Britain’s Culture Secretary Ed Vaizey questioned the logic of trying to make firms outside the EU subject to EU law, when that could jeopardise the ability of European firms to make full use of the cloud. And he also pointed out that, when data could be copied and transferred across the globe instantly, the right to be forgotten was unenforceable.

Now Vaizey is a politician, trying not to fall between the two stools of civil liberties and barriers to business. But his views are backed up by a respected official; Britain’s privacy watchdog the Information Commissioner has also said in a briefing on the future of data protection in the EU (follow link to November 2011) that it should not introduce a standalone right to be forgotten because, besides being impossible to implement, it also raises false expectations.

Meanwhile, the World Wide Web Consortium (W3C) is conscientiously pressing on with an attempt to comply with any Do Not Track legislation that may emerge. It’s recently released a draft document to define the meaning of a Do Not Track preference and set out practices for websites to comply with it.

At the moment, though, the draft poses more questions than it answers – including ones as fundamental as “Why are we doing this? What are people afraid of?” and “What is the definition of tracking?” Right now this all seems to be a case of technology following the law following technology, with neither side knowing what the other is capable of.

« Blog