Smartphone use changes debate on data protection


This article is part of our special report Data protection.

Consumer organisations and industry are squaring for battle over how far smartphone users’ personal data can be used under the European Union’s proposed data protection regime.

Large institutions and tiny app-makers alike have been accused in recent months of mishandling personal data.

Last week the Wall Street Journal alleged that internet giant Google and advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s internet browser on their iPhones and computers, allowing them to track the Web-browsing habits of people who intended this surveillance to be blocked.

The companies used special computer code that tricks Apple's Safari Web-browsing software into letting them monitor many users, the Journal reported.

Consent required under draft rules

Draft rules proposed by Justice Commissioner Viviane Reding would require some form of consent from smartphone users before companies could use the personal information contained in applications.

Although the rules cover ordinary computer users, their effects will be keenly felt in the booming smartphone sector, in which there is fierce competition amongst companies creating ‘apps’ for phone users.

Such tech companies frequently offer products for free and get income from online ads that are customised using data about customers.

Reding’s draft rules would enable protection of personal information and ban companies from data-mining, said Jérémie Zimmerman, a spokesman for civil liberty group Squaring the Net.

Fears the regulation may not stick

There are doubts as to how strong the final data protection rules will be, however, amid fears a proposed regulation to rein in the private sector might eventually be watered down to a directive, giving rise to nuanced interpretations across the EU’s member states.

Kimon Zorbas, the vice president of IAB Europe, which represents the online advertisers, told EURACTIV the ability of companies to analyse and collect data “affects innovation”, and the productivity of such companies was not be taken into account by the draft data protection rules.

“The reality is the world is moving into data analysis and our economies will not compete without being able to collect, store and analyse data,” Zorbas said.

The debate over privacy is raging in the US as well, where lawmakers trying to reassure a worried public have introduced more than a dozen privacy bills in Congress. The Obama administration has called for a Privacy Bill of Rights to encourage companies to adopt better practices.

In a statement relating to the allegations in the Wall Street Journal, Google said: “The Journal mischaracterises what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information.”

“Research shows that Europe will have a lack of data analysts as things stand and the Commission’s response [the proposed data protection rules] will have the effect of decreasing the capacity to collect data, so there will be even fewer analysts,” said  Kimon Zorbas, vice president with IAB Europe, which represents the on-line advertising sector in Europe.

He said that the new regulations “have some positives”, but added: “They introduce more red tape, requiring specific consents from consumers and require these to be stored by companies which will make things much more bureaucratic.”

“The fact that more and more services - especially in the digital environment – are processing different kinds of personal data makes it more important to ensure the consent of users,” said German MEP Jan Philipp Albrecht (Greens). In particular, the matching of different kinds of information to profiles needs a higher level of transparency and consent by consumers. In general the new data protection rules will cover all services analysing and monitoring the personal data of European citizens."

Existing European Union rules on data protection were adopted in 1995, when the full potential of the internet had not yet been fully exploited. In 1993 the internet carried only 1% of all electronic information, while by 2007 the figure was more than 97%, EU data show.

While rising numbers of tailored products and services offer increased benefits for consumers, they also rely enormously on the use of personal data.

Private information can range from financial data to sensitive information concerning health conditions or sexual and political orientation. Many also consider location data or online identifiers, such as cookies, as personal data.

The possibilities for misusing or abusing this information are infinite. And EU citizens are becoming increasingly aware of it. In a recent Eurobarometer poll, 70% of those surveyed were concerned that personal information is used by companies for purposes other than for what it was collected, while 64% feel that information on how their data is processed is unsatisfactory.

  • 2012-2014: Commission proposals to be discussed in European Parliament and EU Council of Ministers prior to adoption.

Subscribe to our newsletters