It's been a busy few days for the future of data protection at a European level. However, the celebrations and commiserations are well and truly over for policy wonks, internet businesses and watchdogs who have all been eagerly poring over the Justice Commissioner's freshly-tabled draft Data Protection (DP) bill. Now the real …
Who are these "individuals who seek to protect us from harm" that Blunt is talking about, and "whose hands would be tied"? Anyone who genuinely cares about privacy is fighting powerful corporate interests, and can therefore only rejoice at the prospect of the law coming to their aid at last. This is the sort of gibberish you might expect from someone ideologically opposed to regulation.
A "regulatory straightjacket" sounds like exactly what I want to protect my data.
Indeed! Big Business has way too much power in Gubberment these days!
Freedom vs Rights?
Freedoms and rights do not always go hand in hand, sometimes they can be exclusive. One person's right to privacy for example can abridge freedom of information, e.g. the recent High Court super-injunctions attempting to cover up the affairs of people in the public eye.
I can understand the idea of DP (data protection not double penetration!) being applied to official databases and the like but not to the likes of Facebook. Some things have always been a permanent record, for example although someone may have their details of a conviction removed from a police database the details are still in the public domain for anyone willing to trawl the microfiche (can't be bothered checking spelling, sue me if it's wrong) in public libraries. I'm not sure how far reaching these proposals are but, like many laws aimed at governing the Internet, care should be taken to ground them in what is actually feasible and not to place too onerous a burden on owners, admins and Webmasters of small Web sites, etc.
for the most part. However, there are already laws in place for libel, slander etc. These should be moved to an Internation / Internet level.
The right to be forgotten, when leaving a service, like Facebook, is another matter. If I close my account on a network, I should have the option to have all my posts deleted - although that shouldn't affect people who have posted stories about me from their accounts or pictures they've posted, I would have to ask them to take them down, and possibly try and take them to court / tribunal if they were slanderous...
But on sites like Amazon, if I delete my account, I cannot ask Amazon to delete all references to me - they have to legally keep all transaction information for 10 years, for tax purposes. They might be able to delete my reviews, but they couldn't expunge me from the system.
While Ms. Reding's general idea is commendable, it hasn't been thought through and is currently dangerous.
It is a shame, that she didn't prune that area, instead of the more important areas, like exporting data outside the EU...
Confusing the issue a bit there...
In the case of Amazon, we are not actually talking about deleting their sales record, but about their ability to use that record for advertising purposes. If you delete your account, it should be perfectly possible for them to delete your records, not from the actual sales record, but from the data that is actively being analysed to make "suggestions", consumer profiles, etc.
Right now, the bookkeeping data is identical to the profiling data, the latter a perfect copy of the former; they just need to separate the two. Considering that most people will not ever be deleting their accounts (assuming no disaster strikes Amazon, obviously), this would not fatally impair the profiling and marketing data, just shrink it somewhat.
And, very obviously, if somebody has stopped being a customer, what is the point of all the profiling?
I know that, over the years, my book-buying habits have changed. Look at how some writers have changed: there is a huge difference between <i>The Hunt For Red October</i> and <i>Against All Enemies</i>. I do wonder if a retailer can get anything useful from ten-year-old data. There are few books that last that long in the market.
That is the problem, Reding's current propossal doesn't make that distinction.
@Drew V, @Dave Bell
Given the lousy jobs Google and Amazon do at "profiling" me currently and making suggestions, I don't see why they need any profiling data at all, random suggestions would probably be more useful than the "profiled" information.
How typical of our conservative led government to side with big business over the rights of it's own people. I could understand their position a little more if this legislation would have profound affects on British companies and profits but pandering to the needs of Google, facebook and the more sleezy side of advertising as a whole makes my blood boil.
I have one simple question for Google and their ilk
If someone deletes a Google account, do Google delete the data, or do they keep it somehow?
OK, two questions... I assume they keep it. How long do they keep it for?
OK, three.... If they do eventually delete it, do they really delete it, or could they recover it?
As time goes by and my life gets more complicated, I can see how "this stuff matters" - do I really want them knowing all about my marital break up, my redundancy, my mental health, my children's mental health, my children's relationship problems, my children's dalliance with drugs as teenagers.... Is it right that they can use those facts to try and sell me things? It feels wrong. It never seemed to matter much when life was simple. None of the above are true, but sure as mustard similarly important stuff happens in people's lives.
and the answer to your question....
Is that depending on where your data is, it may never be deleted.
In my opinion *"opinion alert!"* we, as individuals, should have a legal right to ask a company for any and all records pertaining to us (individually).
If we no longer have any business dealings with said company, we should also have the right to get that company to remove said information.
I don't know about anyone else, but I am sick to death of being contacted by companies I dealt with 10 years ago who still have my mobile or email addy in their database, alongside another indicator that says 'mug' or something. I'd love to have a legal right to get them to remove me, because otherwise the conversation goes something like:
Me: Can you remove my details from your system, I haven't bought a product or service from you for 10 years, and am not likely to do so whilst I keep getting aggravating calls.
Droid: Of course Sir, can I just take some details?
Me: No, I'd like to remove details from your system, not add them
Droid: Ok <clickety click> Done.
Two minutes later...
What a tangled web ....
Here's a scenario ...
Person A, has an account with a free, public service in their own name. They enter into a number of forums on that service, and engage with other posters. As a part of this engagement, other posters quote (with attribution) Person A. These other posters then get quoted, including their quote of person A, and so on.
Person A then asks the service to "delete their account".
What happens to all those embedded, quoted posts ?
Ahh, Data Protection
I see. I wasn't sure about that acronym/abbv.
Certainly a dangerous thing to search without a filter
if you search text-only, you're less likely to be scarred for life
I, on the other hand, know what it means and got a good laugh out of it.
One thought: the current data protection principles seem to require a good back-up policy. So there are going to be archived copies of the personal data.
Can you reasonably expect an individual's data to be deleted from those back-ups, maybe write-once media in off-site secure storage?
It isn't so hard to envisage a system which keeps a list of data subjects whose data is no longer permitted to be accessed. But if the politicians get it wrong, the law is going to require impractical deletion of data from archives.
I suspect a similar argument covers some of the copyright boiler-plate I see, involving those irrevocable licences to copy all your data.
Good point, but the backups aren't necessarily placed in "write-once", difficult to access storage. In fact, I would expect profiling companies to try and get around any superficial DP rules by using the backups in a more active way (a legal loophole that would have to be addressed in the legislation).
But it's certainly true that the proposed legislation is going to clash with the two-year data retention rule. That contradiction is going to have to be sorted out first.
Oh noes, my right to privacy might concievably "hamper" the ability of some less than pristine "business" monitise me.
Sorry Mr Blunt, but if such a business relies for it's livelyhood on trampling all over my privacy I don't see that I really want them protected, and having them "hampered" is not only something I'm not worried about, but is in fact, not nearly enough.
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...