The capacity of organisations to build up"profiles"of people based on their
use of the internet, their personal choices and other activities is
coming under greater scrutiny by legislators and regulators in the
UK, US and Europe.
Profiling uses pattern-matching technology to search thousands
or millions of database records that fit a pre-determined template
or to identify a group that shares particular characteristics.
Governments are keen to expand its use for law enforcement
purposes but also to use it to identify situations that require
state intervention. The private sector likes it because it can
quickly identify potential new customers and target existing ones
more precisely.
Home Secretary Jacqui Smith revealed a greater willingness to
use profiling technology to detect potential terrorists in the
Counter Terrorism Bill published today.
Earlier this week a
National Audit Office report on the Department of Welfare and
Pensions revealed the DWP is using behavioural and financial
profiles to track down fraudsters.
Also this week the European Data Protection Supervisor, Peter
Hustinx, told the European Parliament's
Civil Liberties Committee that users' IP address were their
personal data and were protected by privacy and data protection
laws.
In the private sector, the greatest concern is that companies
such as Google, Microsoft and social networking sites such as Bebo
and FaceBook will be able to collect data about their members,
profile them, and sell the profile to marketing organisations.
On one hand, this may amount to an invasion of privacy of those
profiled on the other, it may be a much more efficient and
effective way of getting those, and only those in whom you are
interested.
A chief concern is that data collected for one purpose by one
firm may be passed to another company that might use the same data
for different purposes.
Hustinx has
called on the EU to provide a single robust definition of
personal data. He believes this would help members clarify the
presently confused data privacy and protection legislation. He
argues that this is increasingly important as both public and
private sector organisations seek to increase the amount of data
they share across national borders.
This would also do much to clarify what information
organisations can collect, how they can use it, and what recourse
data subjects might have when those limits are breached.