Slashdot Mirror
U.S.-E.U. Data Privacy Deal Near
Duckie01 writes: "There's an
interesting report
about a deal being made between the European Union and the U.S. concerning companies collecting customer information on the Web. Right now privacy protection under EU laws is much stricter than under U.S. laws. With this 'Safe Harbor' deal, companies that choose to comply are to police themselves. Can you say 'sellout' and 'conflict of interest'?" In other words, says
EPIC,
"the fox guarding the hens." The pact must still be approved by the European Parliament.
"One would presume that the European Parliament is in some fasion amenable to public pressure"
HA HA ha ha ha ha ha ha Ohhh ho ho ho ho ho tee hee heee heee *splutter* Oh my sides Ho ho ho ho ha Ha ha ha ha ha.
You don't live in Europe do you? The European Parliament is in some fashion amenable to corruption, large expense accounts, glorying in its own power and self importance and congratulating itself on being the driving force of the amazing new wonderful federal Europe.
That said, they sure don't like the U.S. because the EU to some extent defines itself as being not American. So yes, they may well put up a fight, and I hope they do, but don't for one moment think that it's because they listen to public opinion!
-----
I oppose the Safe harbor proposal, and the FTC seens to agree that American companies deserve an overwhelmingly failing grade.
.com doesn't mean "American", and many foreign TLDs may actually point to servers in the US and other "non-private" jurisdictions.
Ordinarily, I'd hope that the European users, having a clear choice between privacy in Europe and blatant abuse in the US, would avoid American sites, and send a strong message that American companies might understand. I tend to favor free market solutions, and this might stand as a backup if we don't succeed in regulating US companies in their use of a commodity that does not truly beling to them: our personal info and patterns.
However, as a practical matter, it's not always easy to know when you're dealing with an American company:
I suppose that a privacy leak anywhere is a threat to privacy everywhere.
The fact that far too few people fully appreciate their privacy, or personal info protections, can only make things worse. It would hardly be the first time a right ot privilege was not appreciated until it wa attenuated or gone.
However, I must say that, privacy advocate that I am, I am still troubled by a paradox I've never been able to resolve: is privacy fundamental? Keep in mind that "urbanization" is a relatively ne phenomenon -- until the Great Depression (or a little later) most Americans lived in small towns or rural environments (I presume Europe was similar) and people rarely moved, compared to today. In a small town, a lot of what we now consider basic privacy was impossible. "Everyone knew your business": your salary, work history, the embarrassing things you did in third grade. Perhaps this is why our Founding Fathers did not address 'privacy' in the Constitution, though they seem to have a prescient awareness of other crtitical issues
Perhaps the key is that the companies buy, sell, and use *our* information anonymously. They do not tell us exactly what they do, nor do we have any right of consent. Once the information is 'out', it is considered "their" property, not ours.
Still, "privacy" is an important concept, if only because it is a major legal tool (in the American system) for defending and arguing for rights that were not mentioned in the Constitution, partly because wholesale violation was unthinkable before today's mindless technology evolved.
------------------
"Dum spiro, spero. Dum vivimus, vivamus."
(While I breathe, let me hope. While I live, let me live)
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
As part of society, privacy in relation to commerce should be EXTREMELY important, so much that I bet the founding fathers would have insisted on it had they envisioned the world as it is today. Such information sharing was not possible in the past.
Privacy/Commerce laws seek to ensure that people's personal information does not become a negotiable item, a commoddity. It's not supposed to be. It's wrong.
If you give your name at Blockbuster.. they have the right to know some things about you. Specifically, your name and address and other proof of identification so they can find you when you dont' return their property. This is fine.. nboody disputes this.
But.. when you give them this information, you naturally assume that this is the only reason you are giving them this information. (well.. today people assume other things.. but they have been brainwashed into thinking this is acceptable).
Under EU privacy laws, such information gathered in order to complete a business transaction may *not* be used in *any* way other than to complete the sale at hand. This is great.
I encourage you to use cash for your transactions. I try to do this, and it is becoming increasingly difficult.
When the electric company guy comes to the door saying that it's time to pay the bill on the spot or get disconnected, he informs me that he 'cannot accept cash, only cheque or credit card'.
The telephone company office is the same way.. they won't accept cash at their head office.
Many hotels and motels, especially (strangely) some cheap ones won't let you stay without a credit card. You can't rent a car without a credit card.
Let's look at the hotel too... I find it funny.
If you stay at the hotel.... they get your credit card presumably so they can 'charge' you for things you might otherwise not pay for. Well.. surprise surprise.... they can't really do this ultimately. Whether it's cash or charge, your agreement is absolutely *required* in order to pay. Just like fine print on porn sites.. if they have deceptive agreements, you can dispute it at the credit company.
And this is why we make laws. to better people!
People come first. Business exists to serve people.
Laws exist for the betterment of society, not for the betterment of business.
Privacy isn't important in the world of e-commerce, unless it is a product unto itself.
Yep.
Companies will sell you software to help violate someone else's privacy, and software to protect your privacy, which means that privacy itself is for sale.
Nope. Just because tools for for invasion/protection of privacy are being sold, does not mean privacy itself is being sold. I could download some, say, nasty sniffer software, and I could download some military-strength encryption software. Does this mean privacy is being downloaded?
Unless protecting my privacy becomes profitable, companies will sell my details to the highest bidder.
They most certainly will.
This leads to the question: is there a way to guarantee that it is in Company X's best interest to protect my privacy?
Why should that be so? Why should company X be concerned about your privacy? You are not in the business of protecting the privacy of your next-door neighbor, and company X is not in the business of protecting your privacy. Your privacy is your own concern -- if you care about it, you can protect it.
I don't want anybody to protect my privacy -- but I want tools and rights to do the job on my own.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
In a small town, a lot of what we now consider basic privacy was impossible. "Everyone knew your business": your salary, work history, the embarrassing things you did in third grade.
That's a common objection to privacy as a right -- "we didn't have any before urbanization". It has a bit of validity, but not much. Some problems with it:
(1) Just because something hasn't always been a right does not mean it's not what we consider a "natural right". For example in ancient Greece personal freedom was not a basic right -- you could become a slave by being captured, by not paying your debts, etc. In medieval Europe (and in the Soviet Union until early 90s, that's 1990's) people could not freely change their place of living, though most American consider the right to settle anywhere to be a "natural right".
(2) Even if you had no privacy against other inhabitants of your village, you had privacy against the world. A stranger coming into the village and asking about you would gain little information. Compare to contemporary situation where anybody with the right tools and access can get what's available.
(3) The village's information-gathering system was highly imperfect. Some information was known by all, some by few, some by nobody. Yes, everybody knew what you did and how much you made, but goings-on inside the house were generally private. Nowaday the ability to concentrate information in one place is much higher.
(4) The village's storage of information was short-term. Human memory is selective and lossy. Nobody remembers your third-grade grades or the fact that you were expelled from the class five times for being disrespectful to a teacher. Compare to now -- databases never forget.
(5) The villagers would not generalize about you because they had too little information about people like you (and too little processing capability, too). Today it's perfectly feasible to make the following chain of connections: "This guy buys a lot of red meat and butter and we see no gym payments anywhere -- we know that statistically such people die early from heart disease -- so let's target this guy for cholesterol-lowering medication and raise his life insurance rates".
So, no, "we all lived in villages with no privacy" is not a good argument.
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
In effect this privatises the enforcement side. All it takes is a few lawyers who make a practice of signing up for things under false names and tracking the resulting spam. When they find a violation they can sue and pocket a fee.
This leaves open two issues:
Paul.
You are lost in a twisty maze of little standards, all different.
Why would you ever think that it hasn't?
Of course it has. Licensing commercial entities to bypass the Bill of Rights, and then granting Law Enforcement the ability to access such "public" information, is part of a strategy to bypass constitutional protections which limit police powers.
After all, the US Constitution only applies to restrict the actions of certain governments. If the Feds can't do it, get the states to; if the states can't, get the feds or a private corporation to do it; if all else fails, rely on "anonymous" tips (that is, do the illegal wiretaps, as in the decades-long illegal wiretap system in Los Angeles). Any surveillance target that complains has clearly got something to hide, and likely less money than any govt or corporation to throw into the legal system ...
The US has police state tendancies, which are increasingly showing clear and strong. J. Edgar Freeh is watching, be careful.
These kind of cards also exist in europe, but they HAVE to tell you what they do with your data, and you can refuse to give it, and still get the card. then you get the few pennies, but all the shops have is a number. no name, age, sex, whatever.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
no idea, but I've been wondering about the exact same thing. Could make a nice test-case..maybe I should stop over at the 'rechtswinkel' some time.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
and how would they get my (non-existing) creditcard number? sure.. they have a history of what someone bought. but they don't have any info on that someone. credit cards are not very big in the Netherlands. They're not needed since there are lots of way to pay for stuff in the Netherlands. There's cash (my preferred form of money), there's PIN if you like to pay electronically and there's the 'chipknip' if you're really feeling funny. (the chipknip was invented by banks as an easy way to pay for small amounts. it holds some (electronic) money, and is anonymous. a lot like real money. it's also insecure like real money: anyone can spend it, and it's easier to loose a bank-card than it is to loose some bank-notes. people just aren't buying it, and it adds nothing to existing possibilities)
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
there is a VERY clear distinction: ask the one whose data you want to use. It's clear, it's simple, and it's fair. If I want book recommendations, I'll ask for it. Some legal framework to prevent spam would be nice too. Opt-in ofcourse.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
So you're saying you can't sell any stuff if you can't use personal customer data for marketing? that's bullshit. Pure and simple. Take my local game-shop. It's small. It doesn't collect personal information. It exists, and has existed for years.
So we're just damned if we don't.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
If you would like to receive several offers, that each have an infinitesimal chance of ever interesting anyone with more braincells than the average brussel sprout, please give us your name, age, adress, number of pets, type of pets, name of pets, dieases they've had/they've been inoculated against and your creditcard number (so we can bill you for conveniently storing these data) in the form below.
There. simple, isn't it.
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
A quote from the article:
The U.S. Commerce Department favors this type of industry self-regulation, and President Clinton, together with EU officials, lauds the accord as a milestone in international e-commerce that will encourage economic growth.
The words e-commerce and economic growth should be emblazoned in red. Note that the word privacy does not appear in this paragraph. Privacy isn't important in the world of e-commerce, unless it is a product unto itself. Companies will sell you software to help violate someone else's privacy, and software to protect your privacy, which means that privacy itself is for sale.
The only interest of a commercial company is self-interest. Self-interest equals profit. Unless protecting my privacy becomes profitable, companies will sell my details to the highest bidder.
This leads to the question: is there a way to guarantee that it is in Company X's best interest to protect my privacy? Can public pressure and the threat of diminishing sales make all companies champions of privacy, hypocritically or otherwise?
If not, I see privacy crumbling before our eyes.
Neopets - the best free game on the Int
Without this agreement, companies in the EU would have some difficulties in doing ebusiness with the US. This agreement just allows US companies in the EU to export data from the EU, even tho they are recognised not to meet EU standards.
In effect, they are saying 'what you are doing does not meet our minimum requirements, and normally we would prosecute you, but since you're a US company, we'll let you off if you promise to be good'
It was noted in another article that other countries, like Japan and Australia, would not get safe harbour status so easily. I'm not sure if their standards meet the EU laws anyway, but it would be interesting how their gov'ts react if they don't get a similar exemption quickly.
---
Can you? Whenever you shop with the card, they have the list of items you bought. From the number of condoms, they can figure out how often you get laid. And if you buy hemorrhoid medication, they can draw their conclusion as well. And don't forget what kind of information they can infer from your book purchases.
no name, age, sex, whatever.
Well, as soon as you use your rebate card together with your credit card, they have your name too. It's a lot like cookies actually. Cookies are also just a number. But as soon as you fill in your personal data into an online form on the Web which leads to a page with a doubleclick ad, then doubleclick has the data too, and can now put a name on the number.
Say no to software patents.
I just had a thought regarding DoubleClick. Right now most of us just block their cookies. Instead it might be interesting if false information would be returned instead. Over time, if enough people were returning false data, it would pollute their databases badly enough that they'd be useless.
To extend the idea a little further, maybe there are other ways to flood DoubleClick and collectors of private information with fake data. Maybe some kind of distributed system where people set up little daemons that run in the background, pretend to be surfing, but are really just sending cookies designed to destory the integrity of their data. Would this be legal? hmmm...
numb
I guess this means that it's time to move to Sealand!
Stay up hacking each weekend. Sleep is for the week.
Its not really that easy to corrupt the EU. The EU parliament consists of a large number of MP's, who already get paid a huge salary (Plus expenses and really not an awful lot of work), and would be sorry to give it up.
To summarize, the European parliament is too corrupted to be corrupted.
So, without this 'Safe Harbor,' the EU is going to do what to the US companies gathering information? I think the the US needs to make sure privacy is guarded (FCC?) before we start making deals with Europe.
One would presume that the European Parliament is in some fasion amenable to public pressure, especially when an issue like this is likely to to generate a considerable outcry. But then again, a quick check gives me the suspicion that the Parliament is mostly controlled by (admittedly, European) business concerns. After all, in the last couple of months, we've had major decisions that relieve agribusinesses of liability related to genetically modified foods, and another ordering EU member nations to lower their trade barriers (to British chocolate products, in this case).
Now, this could go either way, in my view. (Mind you, I'm hardly an expert in European politics.) On the one side, you've got the big companies with American counterparts, arguing for this policy. On the other side, there are European companies who don't want to be at a disadvantage relative to the partnered companies. So, who knows which way this could go ... though I'd tend to suspect inertia and American pressure will probably push this one through.
Too bad, I was kinda looking forward to the Europeans cracking down on American companies with European partners and lax privacy policies.
Quantum mechanics: the dreams that stuff is made of.
Information "mining" by DoubleClick et al is the moral equivalent of physical wire tapping of one's telephone. It seems amazing that this has never occured to any government entity. If it it is illegal to make a physical wire tap on a telephone to intercept messages, why ought it be legal to intercept other's messages or information through a legal physical messaging connection? No telephone subscriber would ever allow these people to "listen" to voice communations for the purpose of information mining. One may only record voice communication with permission of the sender. Data communication should be held to a like test.
Joe Sixpack isn't generally thinking about this sort of thing enough to figure out why this might be bad. Sure, if he reads something like Database Nation it'll be crystal clear, but that's not going to happen.
The only way to get this message out is if the mass media breaks it in a big way (yeah, the same ones who get paid by big marketing firms), or via some really embarrassing guerrilla action.
For example, a website screaming: "Congressman Albertson has hemmrhoids, and gets laid about 1 time a month at home, but 3 times a week when on the road (who's the woman? come clean!)" Of course, the data miners would never do this, and would probably try damned hard to make sure that it never got out like this.
Still, anyone with enough money can poison the well, by "accidentally" leaking selected data they've purchased from these data whores.
Protect consumers
Commerce cannot be trusted
Eschelon? Hush, you!