Protecting Internet user's right to privacy

The European Union and the US look set to agree on how to protect Net users' right to privacy. But without an element of...

The European Union and the US look set to agree on how to protect Net users' right to privacy. But without an element of compulsion the policy will be of little use.

After nearly 15 months of tortured negotiations on the best way of protecting users' privacy on the Internet, the European Union and the US are said to be close to an agreement.

The European view of privacy protected by legislation, and the US model of self-regulation could be satisfied by a compromise solution based on the use of a "safe harbour" strategy in which US companies would sign up to regulations voluntarily but would then be bound by them.

The irony is that had Europe stood its ground, it could probably have had the upper hand in negotiations. Self regulation appears not to be working, and disclosures of privacy infringements on the Net are becoming commonplace.

The latest was DoubleClick, which created anonymous digital snapshots based on people's Web surfing habits, and planned to link profiles with more specific information, from databases that cover 90% of the US population.

The problem is, as Business Week suggested recently, that it is only going to get worse. You want to have access to information wherever you are via your Wap phone? You got it - plus a whole load of suitably targeted junk e-mail and probably voice-mail too.

If you're passing a bookstore, expect to get prompts for discounts on books; and if you like burgers, you'll probably only have to pass one with your phone switched on to get "a small drink with fries".

The US - and they have the biggest problem with privacy violations - would have you believe that all this can be controlled by self-regulation.

According to one survey, disappointingly from the Federal Trade Commission which has attempted to be hawk-like on privacy, more than 66 per cent of companies had privacy policies.

Correction: 66% had something on their Web site which purported to be a privacy policy. If put on the spot, actually I'd guess most of them couldn't tell you what the policy even was.

The same applies to the well-meaning "trust" schemes being set up in the UK from a string of organisations. As one person I met this week asked, "How do you know sites really comply with these 'tick' schemes. All you see as a user is a tick - that proves nothing."

Business Week suggests a four-point plan for privacy:

  • Display your practices - and write them in plain English

  • give people a choice - opt-in rather than opt-out;

  • Show me the data - you have a right to see it - it is about you

  • Fair play or pay - unscrupulous sites should pay for violations.

    So, when it comes to safeguarding privacy, the European Commission should stick to the European convention that privacy is a human right. And not roll over to a little US arm-twisting.

    If users should stand up for their privacy rights, while they are about it they might think about ensuring that they have an effective voice in Net affairs too. And that particularly goes for business users.

    The Internet Corporation for Assigned Names and Numbers (ICANN) is to offer the Net a "free vote" to ensure they can appoint a series of "at large" directors to safeguard their interests, rather than have to put up with appointments that are jobs for the boys.

    It almost goes against the grain to say it, but users must take advantage of the chance to have their say.

    Trademark holders, above all, must ensure that when we eventually get an explosion in new top level domain names (eg .shop and .firm) they have some control over the implementation process and timescale. Going to the ICANN Web site - - is a good place to start.

    David Bicknell

  • Read more on Privacy and data protection