Advertisers and e-mail: a personal data shield issue

Jan 22, 2008, 15:37 GMT

Brussels - It may seem relatively innocuous at first. Search the internet for a sushi restaurant in Brussels and you will immediately receive an advertisement for a Brussels sushi restaurant.

Peter Fleischer, Global Privacy Counsel for Google, told a European Parliament hearing on online data protection that this minor miracle could occur without the user's personal details being accessed.

The computer's location and its Internet Protocol (IP) address are all that are identifiable and this, according to Fleischer, is not a problem.

Not everyone agrees. Many feel that IP addresses should be treated as personal data and claims that big internet companies, such as Google or Yahoo, track the online behaviour of millions of users in order to sell the data to online advertisers were srutinised at a public hearing by the European Parliament's Civil Liberties Committee on Monday.

Data protection, industry and consumer protection bodies represented at the hearing questioned whether the data could also be used for purposes violating personal privacy.

In response to MEP's questions about the practice, Fleisher said that Google did scan e-mails for security reasons to counteract the proliferation of Spam and viruses.

Fleischer also conceded that e-mail was filtered for key words for advertisers. Therefore, if a person e-mailed a friend enquiring about a Japanese fish specialist in Brussels, then he or she could become the target of advertising.

Sophia in 't Veld, Dutch Liberal MEP and Civil Liberties Committee member, said that consumers had to be very careful with their e-mail use and the 'fact that privacy laws differ markedly from country to country, whilse internet use knows no borders, complicates any attempt at a definitive answer...'

She stressed the need for 'a common EU, or even transatlantic approach on how to protect internet users' data.'

On the other hand, internet companies were unlikely to give up on their activities: on-line advertising is a 27 billion dollar market, which is expected to double in four years, in 't Veld pointed out.

European Data Protection Supervisor Peter Hustinx said that community law on data protection did apply to the internet. It 'applies to both online and offline realities ... Existing rules do apply and do provide safeguards.'

However, he stressed the need for IP addresses to be treated as personal data.

Executive Director of the Electronic Privacy Information Centre (EPIC), a Washington-based research institute, Marc Rotenberg warned that that IP addresses would be increasingly identifiable.

He said that business operations such as the acquisition of Doubleclick by Google in April 2007 'underscore the need to bring data protection into account when the responsible authorities review the merger.'

The Google-Doubleclick merger is currently being examined by the European Commission.

'The confidentiality and security of internet exchanges are not guaranteed and it is doubtful whether targeted advertising broadens consumer choice,' said Cornelia Kutterer, representing the European conumer rights association, BEUC.

Speakers discussed the possibility of strengthening existing EU legislation, with European Commission representative Achim Klabunde stressing the need to inform users 'particularly when abuses are uncovered, or data are lost.'

Sanctions 'should be proportionate' to any abuses, he said.