The EC Strikes Back

April 8, 2008 at 11:00 pm Leave a comment

It goes by the rather bureaucratic name of “Working Party set up under Article 29 of Directive 95/46/EC.” Its suggestions don’t have the force of law. But anyone ignoring its Opinion does so at their own peril.

“A key conclusion of this Opinion is that the Data Protection Directive generally applies to the processing of personal data by search engines, even when their headquarters are outside the EEA…” means that the EC is likely to impose the provisions of the Data Protection Directive on even the US-based search engines such as Google and Yahoo and hold them to the responsibilities of data controllers.

The Working Party refers to its earlier Opinion of June 2007 to re-affirm that “unless the Internet Service Provider is in a position to distinguish with absolute certainty that the data correspond to users that cannot be identified, it will have to treat all IP information as personal data, to be on the safe side.” In other words, IP addresses are personal information and therefore the full weight of data protection laws applies. Google was, as one would expect, quick to defend its practices.

The Working Party covered a broad swath of issues, saying it expects search engines, among other things, to:

  • Use personal data- ranging from search query histories to IP addresses and unique cookie identifiers- only for “legitimate purposes”
  • Destroy and anonymise that data when it’s no longer legitimately useful
  • Inform users about data collection and storage practices
  • Set cookies to have a lifetime “no longer than demonstrably necessary”
  • Dissociate a user’s IP address or other identifier from his or her stored search queries
  • Allow users to see whatever “personal data” is being stored about them, whether it be their past search queries or other data “revealing their behaviour or origin”
  • Respect Web site operators’ desires to opt out of having their properties crawled, indexed, and cached through use of mechanisms like the robots.txt file or the Noindex/NoArchive tags
  • Do more to prevent personally identifiable information- such as Social Security numbers, credit card numbers, telephone numbers, and e-mail addresses- from creeping into search results

This could become a big deal…with huge implications for both search engines and people.

Entry filed under: personal_info, privacy, report.

Privacy and government as a Justifiable Party Me, My Spouse and the Internet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter


%d bloggers like this: