Slashdot Mirror
U.S.-E.U. Data Privacy Deal Near
Duckie01 writes: "There's an
interesting report
about a deal being made between the European Union and the U.S. concerning companies collecting customer information on the Web. Right now privacy protection under EU laws is much stricter than under U.S. laws. With this 'Safe Harbor' deal, companies that choose to comply are to police themselves. Can you say 'sellout' and 'conflict of interest'?" In other words, says
EPIC,
"the fox guarding the hens." The pact must still be approved by the European Parliament.
Within the current situation - yes.
As you have observed, it's basically related to urbanisation. Within a small, local community there is very little *need* for privacy. Anyone who makes a pest of themself to other people is quickly hauled into line by the social pressure of the other members of the local community.
This breaks down in the urban environment where you can move around amongst large numbers of people. Essentially it means that you can act like a jerk in one place on the other side of the city and people have their work cut out for them tracking you down.
The internet takes this to an absurd degree.
Some would argue that the solution is transparency - the end of all privacy so that accountability for ones actions is restored.
Where this argument fails is that there are ( and arguably allways will be ) holes in the system that can be used by a minority ( ie; the ones with the money and the resources to find them ) to escape from scrutiny.
So essentially transparency boils down to the formation of a "privacy underclass" while the rich and powerful continue to do pretty much whatever they want.
This is why privacy must be maintained at all cost at this point in time and why people must be educated to maximise their privacy even if it means giving up a few freebies. Once a "privacy underclass" forms, it's going to be even harder to stop the "privacy elite", since they can just steal someone else's identity for their own use.
Hence, we must not only fight for our own privacy, we must insist that it is a "right" that everyone is entitled to. Privacy must be universal and it must be egalitarian.
You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.
A question for the (European) lawyers out there. I can take my national government to court for failing to protect my rights. Can I take the European Union to court for failing to protect my right to privacy (as enshrined in the European Bill of Human Rights)?
If so, then this might not fly for very long
Please moderate all of these down.
I see somebody is playing with Cross Site Scripting (well, same site really).
Welcome to the Cross Site Scripting Vulnerability. Demonstrated by somebody with nothing better to do. This site has lots of nasty Javascript. Please do not go there (if you really don't believe me, wget the link)
Moderators: please moderate the parent down and any that have links to http://hobbiton.org/~zk65/wow.cgi
Thanks very much
You cannot "ask for cookie". Cookies are sent by *your* browser, when you tell him to go to some page. Too bad you can't control this function, but this is not DClick's fault. That's your browser maker fault - so sue the right person.
-- Si hoc legere scis nimium eruditionis habes.
This is more informative
This is more informative
"One would presume that the European Parliament is in some fasion amenable to public pressure"
HA HA ha ha ha ha ha ha Ohhh ho ho ho ho ho tee hee heee heee *splutter* Oh my sides Ho ho ho ho ha Ha ha ha ha ha.
You don't live in Europe do you? The European Parliament is in some fashion amenable to corruption, large expense accounts, glorying in its own power and self importance and congratulating itself on being the driving force of the amazing new wonderful federal Europe.
That said, they sure don't like the U.S. because the EU to some extent defines itself as being not American. So yes, they may well put up a fight, and I hope they do, but don't for one moment think that it's because they listen to public opinion!
-----
To extend the idea a little further, maybe there are other ways to flood DoubleClick and collectors of private information with fake data. Maybe some kind of distributed system where people set up little daemons that run in the background, pretend to be surfing, but are really just sending cookies designed to destory the integrity of their data. Would this be legal? hmmm...
OFCOURSE this would be legal! It's the data miner that asks the little daemon for its cookies without the owner's permission, and the daemon happily hands out those cookies - it's not at all illegal to give false information. How can it possibly be illegal to broadcast garbage information across the internet for semi-legal data miners to choke on? What could they do about it? Whine that the data they collect in such a controvercial way is false?
Doing this is rather similar to leaving a car unlocked as bait to catch car thieves, or putting up a box with a few juicy security holes and back doors as bait for script kiddies and other crackers.
)O(
the Gods have a sense of humour,
Never underestimate the power of stupidity
To err is human, to moo bovine
That's not entirely true. First, it also has impact on companies in the USA doing business with consumers in the EU via the web.
The agreement makes the company responsible while they would gain "safe harbor" from prosecution or lawsuits by EU governments.
I read that as: "You can do what you want with my personal data and I can't do a damn thing about it". If they're responsible, give me the right to file a complaint. That's not too weird, is it?
Yes, you can.
If you live in the union.
It's called new wave but it's just the same.
Junkbuster already does this. It calls them wafers. You can configure it in all kinds of cool ways.
Switch the . and the @ to email me.
If so can I sue doubleclick.com & friends? :-)
Ah well, maybe turning off cookies helps a lot too...
Every expression is true, for a given value of 'true'
I oppose the Safe harbor proposal, and the FTC seens to agree that American companies deserve an overwhelmingly failing grade.
.com doesn't mean "American", and many foreign TLDs may actually point to servers in the US and other "non-private" jurisdictions.
Ordinarily, I'd hope that the European users, having a clear choice between privacy in Europe and blatant abuse in the US, would avoid American sites, and send a strong message that American companies might understand. I tend to favor free market solutions, and this might stand as a backup if we don't succeed in regulating US companies in their use of a commodity that does not truly beling to them: our personal info and patterns.
However, as a practical matter, it's not always easy to know when you're dealing with an American company:
I suppose that a privacy leak anywhere is a threat to privacy everywhere.
The fact that far too few people fully appreciate their privacy, or personal info protections, can only make things worse. It would hardly be the first time a right ot privilege was not appreciated until it wa attenuated or gone.
However, I must say that, privacy advocate that I am, I am still troubled by a paradox I've never been able to resolve: is privacy fundamental? Keep in mind that "urbanization" is a relatively ne phenomenon -- until the Great Depression (or a little later) most Americans lived in small towns or rural environments (I presume Europe was similar) and people rarely moved, compared to today. In a small town, a lot of what we now consider basic privacy was impossible. "Everyone knew your business": your salary, work history, the embarrassing things you did in third grade. Perhaps this is why our Founding Fathers did not address 'privacy' in the Constitution, though they seem to have a prescient awareness of other crtitical issues
Perhaps the key is that the companies buy, sell, and use *our* information anonymously. They do not tell us exactly what they do, nor do we have any right of consent. Once the information is 'out', it is considered "their" property, not ours.
Still, "privacy" is an important concept, if only because it is a major legal tool (in the American system) for defending and arguing for rights that were not mentioned in the Constitution, partly because wholesale violation was unthinkable before today's mindless technology evolved.
------------------
"Dum spiro, spero. Dum vivimus, vivamus."
(While I breathe, let me hope. While I live, let me live)
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
As part of society, privacy in relation to commerce should be EXTREMELY important, so much that I bet the founding fathers would have insisted on it had they envisioned the world as it is today. Such information sharing was not possible in the past.
Privacy/Commerce laws seek to ensure that people's personal information does not become a negotiable item, a commoddity. It's not supposed to be. It's wrong.
If you give your name at Blockbuster.. they have the right to know some things about you. Specifically, your name and address and other proof of identification so they can find you when you dont' return their property. This is fine.. nboody disputes this.
But.. when you give them this information, you naturally assume that this is the only reason you are giving them this information. (well.. today people assume other things.. but they have been brainwashed into thinking this is acceptable).
Under EU privacy laws, such information gathered in order to complete a business transaction may *not* be used in *any* way other than to complete the sale at hand. This is great.
I encourage you to use cash for your transactions. I try to do this, and it is becoming increasingly difficult.
When the electric company guy comes to the door saying that it's time to pay the bill on the spot or get disconnected, he informs me that he 'cannot accept cash, only cheque or credit card'.
The telephone company office is the same way.. they won't accept cash at their head office.
Many hotels and motels, especially (strangely) some cheap ones won't let you stay without a credit card. You can't rent a car without a credit card.
Let's look at the hotel too... I find it funny.
If you stay at the hotel.... they get your credit card presumably so they can 'charge' you for things you might otherwise not pay for. Well.. surprise surprise.... they can't really do this ultimately. Whether it's cash or charge, your agreement is absolutely *required* in order to pay. Just like fine print on porn sites.. if they have deceptive agreements, you can dispute it at the credit company.
And this is why we make laws. to better people!
People come first. Business exists to serve people.
Laws exist for the betterment of society, not for the betterment of business.
Privacy isn't important in the world of e-commerce, unless it is a product unto itself.
Yep.
Companies will sell you software to help violate someone else's privacy, and software to protect your privacy, which means that privacy itself is for sale.
Nope. Just because tools for for invasion/protection of privacy are being sold, does not mean privacy itself is being sold. I could download some, say, nasty sniffer software, and I could download some military-strength encryption software. Does this mean privacy is being downloaded?
Unless protecting my privacy becomes profitable, companies will sell my details to the highest bidder.
They most certainly will.
This leads to the question: is there a way to guarantee that it is in Company X's best interest to protect my privacy?
Why should that be so? Why should company X be concerned about your privacy? You are not in the business of protecting the privacy of your next-door neighbor, and company X is not in the business of protecting your privacy. Your privacy is your own concern -- if you care about it, you can protect it.
I don't want anybody to protect my privacy -- but I want tools and rights to do the job on my own.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
In a small town, a lot of what we now consider basic privacy was impossible. "Everyone knew your business": your salary, work history, the embarrassing things you did in third grade.
That's a common objection to privacy as a right -- "we didn't have any before urbanization". It has a bit of validity, but not much. Some problems with it:
(1) Just because something hasn't always been a right does not mean it's not what we consider a "natural right". For example in ancient Greece personal freedom was not a basic right -- you could become a slave by being captured, by not paying your debts, etc. In medieval Europe (and in the Soviet Union until early 90s, that's 1990's) people could not freely change their place of living, though most American consider the right to settle anywhere to be a "natural right".
(2) Even if you had no privacy against other inhabitants of your village, you had privacy against the world. A stranger coming into the village and asking about you would gain little information. Compare to contemporary situation where anybody with the right tools and access can get what's available.
(3) The village's information-gathering system was highly imperfect. Some information was known by all, some by few, some by nobody. Yes, everybody knew what you did and how much you made, but goings-on inside the house were generally private. Nowaday the ability to concentrate information in one place is much higher.
(4) The village's storage of information was short-term. Human memory is selective and lossy. Nobody remembers your third-grade grades or the fact that you were expelled from the class five times for being disrespectful to a teacher. Compare to now -- databases never forget.
(5) The villagers would not generalize about you because they had too little information about people like you (and too little processing capability, too). Today it's perfectly feasible to make the following chain of connections: "This guy buys a lot of red meat and butter and we see no gym payments anywhere -- we know that statistically such people die early from heart disease -- so let's target this guy for cholesterol-lowering medication and raise his life insurance rates".
So, no, "we all lived in villages with no privacy" is not a good argument.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
Make that :-)
(!USA && !Canada)
then
In effect this privatises the enforcement side. All it takes is a few lawyers who make a practice of signing up for things under false names and tracking the resulting spam. When they find a violation they can sue and pocket a fee.
This leaves open two issues:
Paul.
You are lost in a twisty maze of little standards, all different.
There's another version of the story on cNet> - and, unlike the cgi script, it's a real story.
Luckily, under the proposed regulations congress is looking at, the cgi script kiddie would be locked up for 20 years.
Oh, you don't think that's lucky? Well, since noone is complaining to their elected officials (and they screen you out if you don't gave name, address, and phone) you don't get any say in the matter. We already sold your privacy rights in the US, and now we're going to sell the privacy rights of all EU citizens.
What ya gonna do about it, cypherpunk?
Will in Seattle
And a complete history of everything you've brought using that card, how often, wether you prefer coke/pepsi/perrier etc.. And possibly your credit card number, (but I'm not sure if they are allowed to keep that). This is still usefull to them, even if they cannot tie it to a name, it still gives them useful demographics.
EZ
-'Press Ctrl + Alt + Delete to log on..'
"Oops, I always forget the purpose of competition is to divide people into winners and losers." - Hobbes
Loyalty Marketing does have some drawbacks for protecting privacy, but industry/government has come up with a few controls. First, many companies will use "trusted" processors to filter information to the smallest amount needed to running the program according to terms. Many will specifically contract with the consumer to limit the use of the information to implementing the program, and promise not to use the information for any other purpose.
If you do not trust the programs to abide by their bargain, their are safe guards that you can seek. First, are third party seals that guarentee privacy policies. You can investigate into the seal programs as well:
- Some only collect complaints
- Some only seek a promise of compliance
- Some perform periodic audits and report either:
(1) Transgressions from promise
AND/OR
(2) Potential security violations
Their are some regulatory standards as well. Programs that are tied to a financial instrument or involve banking institutions are going to be affected by Gramm-Leach-Bliley, and some provisions of the Fair Credit Reporting Act (particularly regulation E).
The FTC has recently tried to position itself to do oversight, but that has met with "big brother" style flames.
As for the mini-disclaimer, I do have two clients that participate in this space. I do not think nor intend to market their services. I have spent some time collecting information for online privacy, particularly consumer rights. This has been both for business and academic purposes.
Actually, I don't think this is off topic. I have been reading a lot of arguments that places privacy in this commodity barrier; however, I think that honesty and oversight are the primary concerns in the EU "Safe Harbor".
If Company A offers me a $##load of money to track my spending habits, explains to me that they will use this information to develop an XYZ profile, will not use this data for any other purpose, and will destroy the data at X period of time, then it becomes my choice as to whether I want to enter into a contract. This is not very different than what Nielsen does to compile ratings, and is how most market research companies operate.
Consumers major fears are that Company A will breach their agreement, or worse yet, assume that they have this right implicitly without disclosure. Consumers lack an oversight mechanism, and it would be very costly and timely to pursue a claim. IMHO, the mechanism that protects the consumers will be one of the major policy questions of the next few years.
The EU clearly codifies that the later right does not exist, and demands disclosure. The "safe harbor" debate mainly was EU protecting their consumers against businesses gaining this right through common law. (Per other post, the US has codified the rights and responsibilities for financial institutions and using information for credit reporting; however, all other businesses could claim that it was the other parties duty to create limitations/rights in the contracting language).
Privacy will be/is a commodity, much the same as speech is a commodity. You can freely negotiate "gag" provisions. I doubt the US government will ever restrict the freedom to disallow a user from being able to contract away this priveledge. Selling your Pokemon purchase may never be as dangerous as selling a kidney. IMHO, it would be more advantageous to have more Gramm-Leach-Bliley/FCRA style legislation that require disclosure, or prohibit businesses from seeking this right as a mandatory contract provision.
>>>If a US company does not become a member of this 'Safe Harbor' then it is vulnerable to litigation in Europe by almost anyone
I'm not sure that I totally agree. You could use a third-party to process the data. The third-party could maintain the "safe-harbor" status as its certain to evolve and create about the same type (although maybe not magnitude) of cost as maintaining banking regulations. The third-party could disclose the information it would reveal to the US company, and mask all other data.
The US company could be insulated from direct action under certain circumstances. If they didn't have privity of contract with the person whose data was being released, and they were not negligent in choosing the company/processor any claim against them would be tenuous. They wouldn't be liable under respondeant superior, and they have not breached any contract with the consumer. If their actions were deplorable, they might get "third-party" contract status, but this would be an exception rather than a "deep pockets" rule.
I am interested if you have alternative thoughts. I am trying to explore this further for professtional and academic reasons.
I absolutely agree, but the FTC did go after Double Click. I believe it has occurred to governments, but it takes them some time to react. Wiretapping was done by the government and everyone else, before the SC decided it was an invasion of privacy, the penumbra right. Cellular phone receivers were once widely used. The EU was quick to react with their guidelines, the US government has left a great deal to the private sector and limited legislation to financial companies and the reporting of information for credit. The latter provision being abused even before recent technological advancements.
Why would you ever think that it hasn't?
Of course it has. Licensing commercial entities to bypass the Bill of Rights, and then granting Law Enforcement the ability to access such "public" information, is part of a strategy to bypass constitutional protections which limit police powers.
After all, the US Constitution only applies to restrict the actions of certain governments. If the Feds can't do it, get the states to; if the states can't, get the feds or a private corporation to do it; if all else fails, rely on "anonymous" tips (that is, do the illegal wiretaps, as in the decades-long illegal wiretap system in Los Angeles). Any surveillance target that complains has clearly got something to hide, and likely less money than any govt or corporation to throw into the legal system ...
The US has police state tendancies, which are increasingly showing clear and strong. J. Edgar Freeh is watching, be careful.
Isn't that the goal of Libertarians and Lassez-faire Capitalists? If safety and health can be bought and sold, why not privacy too? For that matter, why not freedom of speech or freedom from slavery. (If you say something someone doesn't like, and your free speech insurance has run out, they'll sue you far enough into debt that you become their indentured servant?)
OK, so maybe its a little off-topic, but I think that it is a natural progression when one thing after another becomes a product instead of a legally protected right...
Intolerant people should be shot.
These kind of cards also exist in europe, but they HAVE to tell you what they do with your data, and you can refuse to give it, and still get the card. then you get the few pennies, but all the shops have is a number. no name, age, sex, whatever.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
and how would they get my (non-existing) creditcard number? sure.. they have a history of what someone bought. but they don't have any info on that someone. credit cards are not very big in the Netherlands. They're not needed since there are lots of way to pay for stuff in the Netherlands. There's cash (my preferred form of money), there's PIN if you like to pay electronically and there's the 'chipknip' if you're really feeling funny. (the chipknip was invented by banks as an easy way to pay for small amounts. it holds some (electronic) money, and is anonymous. a lot like real money. it's also insecure like real money: anyone can spend it, and it's easier to loose a bank-card than it is to loose some bank-notes. people just aren't buying it, and it adds nothing to existing possibilities)
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
there is a VERY clear distinction: ask the one whose data you want to use. It's clear, it's simple, and it's fair. If I want book recommendations, I'll ask for it. Some legal framework to prevent spam would be nice too. Opt-in ofcourse.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
So you're saying you can't sell any stuff if you can't use personal customer data for marketing? that's bullshit. Pure and simple. Take my local game-shop. It's small. It doesn't collect personal information. It exists, and has existed for years.
So we're just damned if we don't.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
If you would like to receive several offers, that each have an infinitesimal chance of ever interesting anyone with more braincells than the average brussel sprout, please give us your name, age, adress, number of pets, type of pets, name of pets, dieases they've had/they've been inoculated against and your creditcard number (so we can bill you for conveniently storing these data) in the form below.
There. simple, isn't it.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Hmm... off to Africa I go!
Yes! There is some very 'out of the box' thinking going on in Africa these days!
======
"Rex unto my cleeb, and thou shalt have everlasting blort." - Zorp 3:16
Sacred cows make the best burgers.
A quote from the article:
The U.S. Commerce Department favors this type of industry self-regulation, and President Clinton, together with EU officials, lauds the accord as a milestone in international e-commerce that will encourage economic growth.
The words e-commerce and economic growth should be emblazoned in red. Note that the word privacy does not appear in this paragraph. Privacy isn't important in the world of e-commerce, unless it is a product unto itself. Companies will sell you software to help violate someone else's privacy, and software to protect your privacy, which means that privacy itself is for sale.
The only interest of a commercial company is self-interest. Self-interest equals profit. Unless protecting my privacy becomes profitable, companies will sell my details to the highest bidder.
This leads to the question: is there a way to guarantee that it is in Company X's best interest to protect my privacy? Can public pressure and the threat of diminishing sales make all companies champions of privacy, hypocritically or otherwise?
If not, I see privacy crumbling before our eyes.
Neopets - the best free game on the Int
The EP is a fairly liberal institution, as there is a high correlation with liberalism and support of spreading the European integration project. The EP, of any institution at the EU or US level is most likely to be concerned about the privacy ramifications.
So Euros, call your MEP!!!!!!!!
ostiguy
FTC Calls for Privacy Legislation to Protect Internet Users. On May 22, the Federal Trade Commission (FTC) released a report (PDF) on the results of its latest survey of website privacy policies. The survey documented that only 20% of a random sample of websites addressed basic elements of Fair Information Practices. Based on the findings of the survey, a majority of the FTC Commissioners have recommended that legislation is needed. On Thursday, the FTC will formally present its findings and recommendations in front of the Senate Commerce Committee. EPIC's latest survey, "Surfer Beware 3: Privacy Policies without Privacy Protection", also found that self-regulation provided an inadequate level of online privacy protection.
I just hope the EU doesn't fall for the same bait as did TrustE. Self-regulation isn't.
Sreeram.
----------------------------------
Observation is the essence of art.
Without this agreement, companies in the EU would have some difficulties in doing ebusiness with the US. This agreement just allows US companies in the EU to export data from the EU, even tho they are recognised not to meet EU standards.
In effect, they are saying 'what you are doing does not meet our minimum requirements, and normally we would prosecute you, but since you're a US company, we'll let you off if you promise to be good'
It was noted in another article that other countries, like Japan and Australia, would not get safe harbour status so easily. I'm not sure if their standards meet the EU laws anyway, but it would be interesting how their gov'ts react if they don't get a similar exemption quickly.
---
Can you? Whenever you shop with the card, they have the list of items you bought. From the number of condoms, they can figure out how often you get laid. And if you buy hemorrhoid medication, they can draw their conclusion as well. And don't forget what kind of information they can infer from your book purchases.
no name, age, sex, whatever.
Well, as soon as you use your rebate card together with your credit card, they have your name too. It's a lot like cookies actually. Cookies are also just a number. But as soon as you fill in your personal data into an online form on the Web which leads to a page with a doubleclick ad, then doubleclick has the data too, and can now put a name on the number.
Say no to software patents.
I just had a thought regarding DoubleClick. Right now most of us just block their cookies. Instead it might be interesting if false information would be returned instead. Over time, if enough people were returning false data, it would pollute their databases badly enough that they'd be useless.
To extend the idea a little further, maybe there are other ways to flood DoubleClick and collectors of private information with fake data. Maybe some kind of distributed system where people set up little daemons that run in the background, pretend to be surfing, but are really just sending cookies designed to destory the integrity of their data. Would this be legal? hmmm...
numb
Read this week that loyalty cards are (here in the Netherlands) topping out at 20% of the population - more growth is not expected. Still, hell of a lot of folks indeed don't care.
Maybe it's time to fight this privacy thing with bad data. Both my wife and I give out a wrong phone number without even thinking about it. I don't use my real e-mail address on any commerce related sites (unless I order something), and feel more and more like using cash for all my transactions.
Of course, the day may come where giving out false information may be illegal in nearly every case.
I'd hope that the European users, having a clear choice between privacy in Europe and blatant abuse in the US, would avoid American sites,
I'm a UK-based eCommerce developer. How should I develop my site ("Orinoco.com") when my main US-based competitor can do sophisticated CRM to up-sell related products and offer recommendations, but I can't ?
I don't think there's any hope of a boycott. We don't (most of us) boycott Outlook, despite Melissa, and we don't boycott Amazon over patent issues. Very few users will support a boycott when the most obvious effect is to reduce their apparent functionality
I'm in favour of privacy, but I also like good CRM systems that recommend useful books to me. The UK DPA (Data Protection Act) is far too blunt to distinguish between "helpful" CRM and intrusive "snooping" (mainly because those subjective terms are just that, subjective). We don't just need another legal framework for controlling personalised data and its security, we need some mechanism that allows the identified person to specify, at time of collection, how much data may be collected and what may be done with it in the future. This is an issue as complex as inherited rights management....
Have you seen the complexity of P3P and APPEL ? Now those are privacy issue implementations by smart geeks, not by lawyers. If we ever produce a workable legal framework that can distinguish between "good" and "bad" data, then it will be hugely complex.
Nothing wrong with demographics....I'm happy for people to collect general info from my shopping (for one thing it makes sure they don't run out of what I want) but it's when they tie it to me personally I would be worried. And as someone here said, in the UK the Data Protection Act stops them doing that without explicit permission from me. And I haven't given it...so I feel fairly safe.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
All of the grocery chains in my town have the little "club" card. A few months ago, they even showed how much you've spent total at that chain. And your name appears on the reciept. kinda creepy if you ask me.. i stopped using them. every time i see someone signing up for them, i tell them about the ramifications of it(tracking you, snail mail spam, etc) its amazing how once you explain this to people they don't want the card anymore..
------------------------------------------
If God Droppd Acid, Would he see People???
What are we going to do tonight Brain?
I guess this means that it's time to move to Sealand!
Stay up hacking each weekend. Sleep is for the week.
DATA MINING ON THE INTERNET WORKS AND IT WORKS WELL.
Okay, I realise that using doubleclick type methods results in accurate data, but what are they doing with this data? Nobody is being particularly choosy about who to send spam to, and nobody is making their web pages dynamically adjust to target me. The only useful purpose is to draw correlations so that they know who to target. For this they don't actually need to know who I am.
Well, as soon as you use your rebate card together with your credit card, they have your name too.
The data protection laws prevent them from doing this without your permission. European laws on this are really quite strict.
A little personal information helps for demographics too. An example (From Tesco) they discovered that on Fridays, men are more likely to buy nappies. They decided to put beer near nappies. They also found once or twice that sometime people on one side of the road visit much more often than people on the other side of the road on certain very busy roads, with a different supermarket in the opposite direction.
Its not really that easy to corrupt the EU. The EU parliament consists of a large number of MP's, who already get paid a huge salary (Plus expenses and really not an awful lot of work), and would be sorry to give it up.
To summarize, the European parliament is too corrupted to be corrupted.
So, without this 'Safe Harbor,' the EU is going to do what to the US companies gathering information? I think the the US needs to make sure privacy is guarded (FCC?) before we start making deals with Europe.
One would presume that the European Parliament is in some fasion amenable to public pressure, especially when an issue like this is likely to to generate a considerable outcry. But then again, a quick check gives me the suspicion that the Parliament is mostly controlled by (admittedly, European) business concerns. After all, in the last couple of months, we've had major decisions that relieve agribusinesses of liability related to genetically modified foods, and another ordering EU member nations to lower their trade barriers (to British chocolate products, in this case).
Now, this could go either way, in my view. (Mind you, I'm hardly an expert in European politics.) On the one side, you've got the big companies with American counterparts, arguing for this policy. On the other side, there are European companies who don't want to be at a disadvantage relative to the partnered companies. So, who knows which way this could go ... though I'd tend to suspect inertia and American pressure will probably push this one through.
Too bad, I was kinda looking forward to the Europeans cracking down on American companies with European partners and lax privacy policies.
Quantum mechanics: the dreams that stuff is made of.
In both cases it seems like the slightly more well thought out European standards are trying to be dragged down to US level, most probably by corporate interests.
Fortunately it seems like there is some resistance building both in Europe and in America. One can only hope that common sense will prevail.
I think what might ultimately ensure our privacy is the sheer lack of value of these kinds of data. I don't think direct marketing on the internet is particularly effective; I think that like me most people just filter those intrusions out without really thinking about it.
Self or Government Regulation?
Self regulation equates to: if it's going to cost me (the business owner) money, then it's going to be cheap as hell; Customers will have to pay for increased privacy.
Government regulation: add 5 parts red tape with 1 heaping tablespoon of buearocratic non-sense and beat until e-commerce is dead.
We're damned if we do...damned if we don't!
dc!
--
Wooden armaments to battle your imaginary foes!
An October 1998 EU law prohibits the transfer of data to the United States and other non-EU countries that don't meet EU standards for protecting personal information.
/.ers. This shows the high regard corporate America has for my privacy elections.
...
For the time being, the EU is letting U.S. companies continue to export personal data from Europe. But in an effort to avert a potential trade war, the two sides began negotiating the issue two years ago.
...
The accord offers privacy protection deemed adequate but not equivalent to current EU law.
Okay, so the EU has certain standards that they have been ignoring until better guidelines came along. Now they are passing guidelines which are admittedly not up to standards, but they are lauding them as the panacea. Moreover, they will be trusting corporations like we do here in the U.S. And of course the article goes on to list companies who are already trying to exploit the situation...
IMHO, privacy in the hands of corporate America is a sad joke. If it were not, people would not have to put NO SPAM obfuscations in their email addresses. Every online transaction I personally do, I elect against all spam (you know the ubiquitous "don't spam me" checkboxes). Despite that, I am spammed mercilessly, probably like other
I see no way in which this action by the EU is not a sellout. Just my two coppers.
-L
Starring:a se. Surely a worldwide model of Justice... U S-gov.
- The US gov, the one-which-cannot-finish-the-Microsoft-antitrust-c
- The EU gov, the one-willing-to-be-"protected"-by-the-overhelming-
Do EU representatives really need so much money as they are talking about such silly thoughts ?
Now privacy, perhaps tomorrow military affairs and ASAP selling childrens to The States ?
An angry EU citizen.
----------------
----------------
If Internet is Freedom, Linux is Democraty
Information "mining" by DoubleClick et al is the moral equivalent of physical wire tapping of one's telephone. It seems amazing that this has never occured to any government entity. If it it is illegal to make a physical wire tap on a telephone to intercept messages, why ought it be legal to intercept other's messages or information through a legal physical messaging connection? No telephone subscriber would ever allow these people to "listen" to voice communations for the purpose of information mining. One may only record voice communication with permission of the sender. Data communication should be held to a like test.
That with the passage of this, an EU citizen will have more privacy in the US than a US citizen?
Wow, I thought Linux users were clever than that...
doh... posted to the wrong story... this is an article about the Principality of Sealand... which is the previous story.
Somebody seems to have made a clever cgi script that reposts that message under your username. Congradulations to them for the hack value of it, but it's getting fscking annoying.
Joe Sixpack isn't generally thinking about this sort of thing enough to figure out why this might be bad. Sure, if he reads something like Database Nation it'll be crystal clear, but that's not going to happen.
The only way to get this message out is if the mass media breaks it in a big way (yeah, the same ones who get paid by big marketing firms), or via some really embarrassing guerrilla action.
For example, a website screaming: "Congressman Albertson has hemmrhoids, and gets laid about 1 time a month at home, but 3 times a week when on the road (who's the woman? come clean!)" Of course, the data miners would never do this, and would probably try damned hard to make sure that it never got out like this.
Still, anyone with enough money can poison the well, by "accidentally" leaking selected data they've purchased from these data whores.
Hear, hear...
Not quite the terminology I would have used but a point well put across
May all spammers be infected with the Ebola virus so they will crack and bleed out.
I Eat (Ctrl+V)
The only interest of a commercial company is self-interest. Self-interest equals profit. Unless protecting my privacy becomes profitable, companies will sell my details to the highest bidder.
Protecting people's privacy is profitible for a lot of companies. If it doesn't declare that it will protect your personal details, simply don't give them away.
I think the biggest danger with self regulation is motivation for security - not honesty. Companies might promise not to give away details, but often there's no real way to guarantee that they're actually taking reasonable steps to protect it.
As the general population gets more net-experience and starts to realise that one of the main sources of unwanted spam is themselves giving away their details so easily (especially email addresses), they'll become more conscious of actually checking the privacy policy.
Voluntary privacy declarations will probably turn into a major marketing strategy over time.
Given the new laws the scumfuck government in the UK are planning (the RIP Act), any data held by any company in the UK can be requested for the purposes of anyone the Home Secretary decides can have it.
The real reason for RIP is tax collection. Since the big stores here told the Inland Revnue to go fuck itself when it asked for the "lifestyle" details from their loyalty cards, it has been itching to get at those data.
And now it will have a free hand.
If that doesn't scare the shit out of you, then I don't know what will.
It seems clear to me that we're watching the growth of false needs. It's one of the engines of the market in relationship with the man of the street. I'm not saying anything new.
What annoys me, though, is that now PRIVACY itself is being packed like a need, like a new product. The next step in dealing with privacy is selling it to its respective owners. I don't want to BUY something I already own. I don't want to be forced to copyright or TM my private life.
To better people - we make laws - why is this?
First come people. People serve to existing business.
The betterment of business makes laws for the betterment of society. The sad truth.
It seems that the drafters of this agreement do not view privacy as a "legal right" as they should, but rather as another service that companies may offer, through the signing of the agreement.
However the main problem I have with the proposed agreement is not this, but the apparent lack of recourse for consumers who have complaints against copmanies who are signatories of the agreement. There seems to be no independent watch-dog proposed to ensure that signatories are complying with the regulations (I suppose, because of the self-regulatory nature of the agreement), and moreover, the regulatory groups are funded by the industry (conflict of interest, anyone?).
On top of this, "no self-regulatory group has ever referred a member company for investigation and the FTC has never provided remedies for any of the companies with which they have reached settlements" (from article cited below).
Does it really sound like the EU is looking after its citizens' interests or bowing down to pressure by the US?
For more arguments against the proposal, see TACD Statement on U.S. Department of Commerce Draft International Safe Harbor Privacy Principles and FAQs.
This is more informative
Protect consumers
Commerce cannot be trusted
Eschelon? Hush, you!