European institutions have a range of initiatives in store which could lead to the imposition of clearer limits for the conservation of personal information by useful but occasionally privacy-breaching Internet technologies such as search engines.
A range of privacy issues related to web usage are currently being investigated by data protection agencies across Europe (see our Links Dossier on internet security).
In December last year, the Spanish Data Protection Agency demanded a tougher stance against potential abuses in private data management. “It is necessary to limit the use and conservation of personal data,” reads a statement issued by the agency, which also defines the filtering of information for purposes other than virus and spam protection as “not in conformity with Spanish law”.
Google, the biggest worldwide search engine, filters its users’ emails to provide them with targeted ads. To show restraint, the IT giant recently announced plans to partially delete IP addresses from its database after 18 months and create automatically expiring cookies with a duration of just two years, instead of the current 30 years.
Search engines in the spotlight
At its next meeting on 18 February, the EU body which brings together the 27 national data protection agencies, the Article 29 Working Party, will examine the issue and possibly approve an opinion on privacy and search engines.
The debate raised by the proposed merger between two of the biggest Internet data controllers, Google and DoubleClick, and the recent tougher positions of some national authorities, particularly in Spain, may lead to a proposal for new restrictive measures.
Low awareness among citizens
In the coming weeks, the Commission will publish the results of a new EU-wide survey to monitor citizens’ attitudes toward privacy and data management. According to preliminary findings, an overwhelming majority consider public awareness about the issues to be low, but at the same time almost 75% of respondents say they are worried about leaving personal information on the Internet.
The Commission is well aware of the problems posed by citizens’ scanty knowledge of data protection laws and personal rights. Indeed, Brussels is aiming to increase funding for awareness-raising campaigns and technologies which improve privacy protection (see EURACTIV 5/12/2007).
Moreover, the traditional Internet is not the only sphere in which data protection issues are emerging. The so-called ‘Internet of things’ created by Radio Frequency Identification technologies (RFID) also raises privacy-related concerns (see EURACTIV 11/10/2006, and our Links Dossier on RFID).
By March, the Commission will issue a document on the specific implications of RFID development. At the moment, discussions are underway as to whether it will be a binding regulation or recommendation. In addition, the European institutions will this year discuss the proposal issued by the Commission in November 2007 to review the e-Privacy Directive. The European Data Protection Supervisor, an EU advisory body, issued a position on RFID in December.