EU consumer commissioner calls for user profile security standards
In a speech on the eve of an important Consumers' Summit to take place in Brussels, European Commissioner for Consumer Affairs Meglena Kuneva told a roundtable convened to discuss data security policy that personally identifiable data (PID) -- the stuff advocacy groups fear could end up in the wrong hands -- may not be the biggest privacy problem Internet users face. As long as Web services maintain profiles of their users, even without associating those profiles with names or addresses, the misuse or misappropriation of that data, Comm. Kuneva said, may still endanger Internet users.
"No one in the digital space really cares about our actual names or exact physical addresses. What traders want is a description of who we are and a way to reach us," Kuneva told the roundtable (PDF of speech transcript available here). "They want to know that the person behind the number 1234 is young, sporty, drives fast cars and travels frequently and that as a trader you can show up on his screen at your convenience. This is fine. But what about the person behind number 456, unemployed, in debt and about to lose his home? He is a target for predatory loans and fraudulent financial and yes, personal, advice."
A commercial site need not know who a person is any more, but rather what that person is: "For example, can the knowledge of some of your personal circumstances, say your financial status or your health condition, ever translate into 'pressure'? Assume for a second you receive an unsolicited message that your cholesterol is up alongside a recommended treatment," she continued. "Is this help or pressure? What if the message is about your weight? Is it enough to signal the commercial nature of the message?"
It all harks back to the days of "Eliza," the text-based pseudo-psychoanalyst featured in demonstrations of the first microcomputers 30 years ago. When Eliza was first featured on the Radio Shack TRS-80, asking customers their personal problems and merely parsing their responses, feigning interest, people ended up telling their life stories to something that couldn't care more or less. More recently, a study cited by Kuneva shows that people would be more willing to ignore their own fears and concerns about privacy or safety and follow the advice of someone...or something...who spills a few personal statistics or data facts. So conceivably, a Web site wouldn't need to know whether a user is John Q. Public, but rather whether user JQP3401 is overweight, or whether that user is, say, a Webkinz subscriber.
"Young people and even children are being particularly targeted as conduits for advertisement. If a toy company incites a little girl to share with her friends she got a brand new doll, is the message she sends an advertisement? Does receiving a sponsored message that your best friend got a doll amount to pressure selling if you are seven years old?" asked Comm. Kuneva.
Contrary to reports, the Commissioner did not call upon Google, Facebook, or any other company specifically to tighten its security policies regarding profiling. But her call to action centered on the need for existing policies -- many of which she said are not being thoroughly enforced -- to adapt to changing circumstances, specifically the ability of databases to adequately draw conclusions about users and enable advertising and other services to act on those conclusions, without the need for their personal data.