Transcript Data Protection Conference CONSUMER PROTECTION AND PERSONAL DATA PROTECTION Prof.dr. Paul De Hert Vrije Universiteit Brussel (LSTS) & University of Tilburg (TILT) [email protected] 20 May 2009

Data Protection Conference
CONSUMER PROTECTION
AND PERSONAL
DATA PROTECTION
Prof.dr. Paul De Hert
Vrije Universiteit Brussel (LSTS) &
University of Tilburg (TILT)
[email protected]
20 May 2009
1
Where do we start?
• On Radio Frequency Identification
(RFID): They will only realise their
economic potential "if they are used
by the consumer and not on the
consumer. No European should carry
a chip in one of their possessions
without being informed precisely what
they are used for, with the choice to
remove or switch it off at any time."
(Viviane Reding)
20 May 2009
2
A EU framework that is solid
• The Electronic Commerce
Directive, adopted in 2000, sets
up an Internal Market framework
for electronic commerce, which
provides legal certainty for
business and consumers alike. It
establishes harmonised rules on
issues such as the transparency
and information requirements
for online service providers,
rights to withdrawal
20 May 2009
3
Article 6 Information to be
provided
(…) Member States shall ensure that
commercial communications which are
part of, or constitute, an information
society service comply at least with
the following conditions:
(a) the commercial communication shall
be clearly identifiable as such;
(b) the natural or legal person on whose
behalf the commercial communication
is made shall be clearly identifiable;
(c) (…)
20 May 2009
4
Article 7 Unsolicited
commercial communication
• 1. In addition to other requirements established by
Community law, Member States which permit
unsolicited commercial communication by
electronic mail shall ensure that such commercial
communication by a service provider established in
their territory shall be identifiable clearly and
unambiguously as such as soon as it is received by
the recipient.
• 2. Without prejudice to Directive 97/7/EC and
Directive 97/66/EC, Member States shall take
measures to ensure that service providers
undertaking unsolicited commercial
communications by electronic mail consult
regularly and respect the opt-out registers in which
natural persons not wishing to receive such
commercial communications can register
themselves.
20 May 2009
5
A EU framework that is
dynamic
• 8 October 2008,
COM (2008) 614 def
• Creates coherent frame
work
• Attention to new
technologies used for selling
goods & more rights than off
line
20 May 2009
6
Unloyal business practices
• Move from a framework that
obliges to give information
to a framework that allows a
check on the quality of the
information given
20 May 2009
7
eYouGuide
Privacy is one of the keywords on
the eYouGuide site
Many of the other keywords
strenghten data protection
concerns
http://ec.europa.eu/information_s
ociety/eyouguide/index_en.htm
20 May 2009
8
Dutch Consumer Organisation
• 2006: safety needs to be
standard of internet services
provided by operators
• 2006: consumer critics on
biometrics safety and privacy
public transportation system
• 2009: E Health action against E
patient record system
http://www.consumentenbond.nl/
20 May 2009
9
Things to learn from
consumer protection law
• Idea of collective action as
opposed to data protection
rights as individual rights
• Generous compensation as
opposed to find damage when
breaching data protection
• Security and PET as a service
• General: pragmatism
20 May 2009
10
However 1
• When reviewing the acquis
on consumer protection and
when drafting the new
directive consumer rights no
separate attention was paid
to privacy. The matter was
left to existing directives
20 May 2009
11
However 2 Behavioral
targetting
The Netherlands:
• 180.000.000 euro on line
advertisement
• BT will grow from 5 to 20 %
20 May 2009
12
LSTS Response to EU Paper on Data
Collection, Targeting and Profiling
of Consumers
• “The problem here is not just what
happens to your own personal data,
but how the trivial or personal data
that you leak or provide match with
group profiles that are used to
categorise you as a specific type of
(potential) customer. These group
profiles can be mined from
anonymised data and do not
constitute personal data; in fact they
are protected as trade secrets or by
means of intellectual rights such as
copyright, database or patent”.
20 May 2009
13
LSTS Response (continuation)
• “For individual citizens it seems
practically impossible to counter the
persuasive market pressures to leak
and provide data, for instance in
return for free access. The knowledge
asymmetry between an individual
citizen and a commercial enterprise
that has access to sophisticated
personalised profiles, creates a
market failure with regard to the –
implicit – trading with personal data.
For this reason consumer protection
could be a potent instrument to reempower citizens as consumers”.
20 May 2009
14
LSTS Response (continuation)
“We think that the reiterant focus on
data minimisation should be extended
with a focus on minimisation of
knowledge asymmetry between
profilers and profiled. To
operationalise this a novel type of
transparency enhancing tools (TETs)
must urgently be developed that
inscribe legal transparency rights as a
default into the technical
infrastructure of online profiling“
20 May 2009
15
LSTS Response (continuation)
• “Regulation should preferably be very
simply, for instance requiring an icon
with the ad, confirming that this ad
comes to you on the basis of
behavioural advertising. This should
allow consumers to compare prices,
services etc. before deciding. It
should, for instance, also allow them
to click on the icon to find out which
personalised group profile is the basis
of the targeted ad”.
20 May 2009
16
Sunstein on public forum
doctrine and generalinterest intermediairies
• “Rather than seeking to
allow people to filter what
they would see and hear,
they attempted to create
institutions that would filter
popular desires so as to
ensure policies that would
promote the public good”
20 May 2009
17
Critical note
• Can we entrust consumer
protection law with the task
to re-create in the
information society a public
forum and general-interest
intermediairies comparable
with street-corners, limited
choice television and
traditional journals?
20 May 2009
18
Read More
•
•
•
•
GONZÁLEZ FUSTER & DE HERT, ‘PNR and
compensation: how to bring back the proportionality
criterion’, in LODGE, J. (ed.) (2007), Are You Who
You Say You Are? The EU and Biometric Borders,
Nijmegen: Wolf Legal Publishers. Pp. 101-109.
HILDEBRANDT & GUTWIRTH, LSTS Response to the NonPaper on ‘Data Collection, Targeting and Profiling of
Consumers for Commercial Purposes in Online
Environments Brussels, 10th May, 2009
Cass R. SUNSTEIN, Republic.com 2.0. (Princeton)
DE HERT P. & S. GUTWIRTH, ‘Privacy, data protection
and law enforcement. Opacity of the individual and
transparency of power’ in E. CLAES, A. DUFF & S.
GUTWIRTH (eds..), Privacy and the criminal law,
Antwerp/Oxford, Intersentia, 2006, 61-104
20 May 2009
19