Presentation on theme: "20 May 20091 Data Protection Conference CONSUMER PROTECTION AND PERSONAL DATA PROTECTION Prof.dr. Paul De Hert Vrije Universiteit Brussel (LSTS) & University."— Presentation transcript:
20 May 20091 Data Protection Conference CONSUMER PROTECTION AND PERSONAL DATA PROTECTION Prof.dr. Paul De Hert Vrije Universiteit Brussel (LSTS) & University of Tilburg (TILT) firstname.lastname@example.org
20 May 20092 Where do we start? On Radio Frequency Identification (RFID): They will only realise their economic potential "if they are used by the consumer and not on the consumer. No European should carry a chip in one of their possessions without being informed precisely what they are used for, with the choice to remove or switch it off at any time." (Viviane Reding)
20 May 20093 A EU framework that is solid The Electronic Commerce Directive, adopted in 2000, sets up an Internal Market framework for electronic commerce, which provides legal certainty for business and consumers alike. It establishes harmonised rules on issues such as the transparency and information requirements for online service providers, rights to withdrawal
20 May 20094 Article 6 Information to be provided (…) Member States shall ensure that commercial communications which are part of, or constitute, an information society service comply at least with the following conditions: (a) the commercial communication shall be clearly identifiable as such; (b) the natural or legal person on whose behalf the commercial communication is made shall be clearly identifiable; (c) (…)
20 May 20095 Article 7 Unsolicited commercial communication 1. In addition to other requirements established by Community law, Member States which permit unsolicited commercial communication by electronic mail shall ensure that such commercial communication by a service provider established in their territory shall be identifiable clearly and unambiguously as such as soon as it is received by the recipient. 2. Without prejudice to Directive 97/7/EC and Directive 97/66/EC, Member States shall take measures to ensure that service providers undertaking unsolicited commercial communications by electronic mail consult regularly and respect the opt-out registers in which natural persons not wishing to receive such commercial communications can register themselves.
20 May 20096 A EU framework that is dynamic 8 October 2008, COM (2008) 614 def Creates coherent frame work Attention to new technologies used for selling goods & more rights than off line
20 May 20097 Unloyal business practices Move from a framework that obliges to give information to a framework that allows a check on the quality of the information given
20 May 20098 eYouGuide Privacy is one of the keywords on the eYouGuide site Many of the other keywords strenghten data protection concerns http://ec.europa.eu/information_s ociety/eyouguide/index_en.htm
20 May 20099 Dutch Consumer Organisation 2006: safety needs to be standard of internet services provided by operators 2006: consumer critics on biometrics safety and privacy public transportation system 2009: E Health action against E patient record system http://www.consumentenbond.nl/
20 May 200910 Things to learn from consumer protection law Idea of collective action as opposed to data protection rights as individual rights Generous compensation as opposed to find damage when breaching data protection Security and PET as a service General: pragmatism
20 May 200911 However 1 When reviewing the acquis on consumer protection and when drafting the new directive consumer rights no separate attention was paid to privacy. The matter was left to existing directives
20 May 200912 However 2 Behavioral targetting The Netherlands: 180.000.000 euro on line advertisement BT will grow from 5 to 20 %
20 May 200913 LSTS Response to EU Paper on Data Collection, Targeting and Profiling of Consumers The problem here is not just what happens to your own personal data, but how the trivial or personal data that you leak or provide match with group profiles that are used to categorise you as a specific type of (potential) customer. These group profiles can be mined from anonymised data and do not constitute personal data; in fact they are protected as trade secrets or by means of intellectual rights such as copyright, database or patent.
20 May 200914 LSTS Response (continuation) For individual citizens it seems practically impossible to counter the persuasive market pressures to leak and provide data, for instance in return for free access. The knowledge asymmetry between an individual citizen and a commercial enterprise that has access to sophisticated personalised profiles, creates a market failure with regard to the – implicit – trading with personal data. For this reason consumer protection could be a potent instrument to re- empower citizens as consumers.
20 May 200915 LSTS Response (continuation) We think that the reiterant focus on data minimisation should be extended with a focus on minimisation of knowledge asymmetry between profilers and profiled. To operationalise this a novel type of transparency enhancing tools (TETs) must urgently be developed that inscribe legal transparency rights as a default into the technical infrastructure of online profiling
20 May 200916 LSTS Response (continuation) Regulation should preferably be very simply, for instance requiring an icon with the ad, confirming that this ad comes to you on the basis of behavioural advertising. This should allow consumers to compare prices, services etc. before deciding. It should, for instance, also allow them to click on the icon to find out which personalised group profile is the basis of the targeted ad.
20 May 200917 Sunstein on public forum doctrine and general- interest intermediairies Rather than seeking to allow people to filter what they would see and hear, they attempted to create institutions that would filter popular desires so as to ensure policies that would promote the public good
20 May 200918 Critical note Can we entrust consumer protection law with the task to re-create in the information society a public forum and general-interest intermediairies comparable with street-corners, limited choice television and traditional journals?
20 May 200919 Read More GONZÁLEZ FUSTER & DE HERT, PNR and compensation: how to bring back the proportionality criterion, in LODGE, J. (ed.) (2007), Are You Who You Say You Are? The EU and Biometric Borders, Nijmegen: Wolf Legal Publishers. Pp. 101-109. HILDEBRANDT & GUTWIRTH, LSTS Response to the Non- Paper on Data Collection, Targeting and Profiling of Consumers for Commercial Purposes in Online Environments Brussels, 10th May, 2009 Cass R. SUNSTEIN, Republic.com 2.0. (Princeton) DE HERT P. & S. GUTWIRTH, Privacy, data protection and law enforcement. Opacity of the individual and transparency of power in E. CLAES, A. DUFF & S. GUTWIRTH (eds..), Privacy and the criminal law, Antwerp/Oxford, Intersentia, 2006, 61-104