Most of us know we have to be very cautious about the security of our personal data when using the web so I wasn’t surprised when web inventor Sir Tim Berners-Lee recently expressed his concerns about systems that can track web users activity when using the Internet.
Sir Tim’s words where not merely a general comment on Internet security but were clearly targeted at a system that allows Internet service providers (ISPs) to track an individuals web activity. The idea is that the information gained by this can be used to bombard hapless Internet users with advertisements that relate to their recent surfing patterns.
The system acquires keywords used by surfers in search engines and uses these to identify their interests. Supporters of these systems claim it replaces any user identifying details with random codes that cannot be traced back to a specific user. Sure they do. Also, in a recent attempt to reassure concerns regarding user privacy, a chief executive of a company providing such tracking services claimed the system couldn’t know who you are or where you have surfed. Can that really be true? I don’t think so. My problem with that dubious reassurance is how do they get the web advertisements to you if they don’t know who you are? One way or another your data details are in that system whether you like it or not
Sir Tim’s thinking is unequivocal on the subject of privacy. He would not use any ISP that implemented such a tracking system. His point is, and I agree with him, that the surfing history web users create is private and should not be accessible to any organisation unless the documented permission of the surfer is given.
The commercial conflict here is obvious. Such user data has tremendous financial value and if the rewards are large enough companies are going to push the data protection laws as far as they can to grab some of the profit.
Here in the United Kingdom the Regulation of Investigatory Powers Act makes the interception of any transmission across a public telecommunication system illegal without the explicit consent of users. So ISP’s would have to have the consent of the surfer prior to snooping into their Internet usage.
Predictably this has prompted the well worn Opt-In or Opt-Out arguments. ISPs appear split on this question and to date only one in the UK has made a clear statement that it will implement an Opt-In policy. This in my view is the correct policy and also a clever decision by the ISP concerned. Not only does it reassure its existing and future customers regarding their data security but it also means it wont find itself on the wrong end of expensive privacy-infringement legal actions. ISPs need to tread very carefully with this. The United Kingdom is pretty hot on data privacy but positively when mild compared to the ferocity of German data protection law.
Make no mistake, the EU Commission doesn’t mind taking on any corporation, large or small, where it thinks the company is behaving inappropriately, a point that both Microsoft and Google will vouch for. And the financial penalties it inflicts are not peanuts. ISPs beware.