European Parliament hearing on Internet privacy issues

By EDRi · January 30, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

During a hearing of the European Parliament (EP)’s Civil Liberties
Committee, on 21 January 2008, serious data protection concerns were raised
by the practice of large Internet companies that monitor the online
behaviour of their users in order to provide online advertisers with the
necessary information to better target their ads.

The main debate turned around the Google-Double Click deal that is now being
examined by the European Commission and that was already approved in the US
in December 2007 by the Federal Trade Commission.

Google criticised MEPs and rights advocates of trying “to take a privacy
case and shoehorn it into a competition law review” but Sophie In ‘t Veld,
replied to these accusations: “The reason you want to have the data is
because it gives you a competitive advantage. It is business. I don’t think
they can be completely disconnected.”

Representatives of the industry and consumer protection bodies addressed the
EP Civil Liberties Committee claiming that the tracking down of online
behaviour is threatening to personal privacy and that there is no guarantee
these data are used only for advertisement targeting. MEP Stavros
Lambrinidis of Greece expressed the worries related to the lack of a
communitary legislation that ensures the personal data are used only for
advertising purposes saying that “there is no EU legislation per se to
ensure that information targeting behaviour for marketing purposes will not
be used for other activities that far exceed the initial purpose.”

In his turn, EDPS Peter Hustinx said: “Community law on data protection
does apply on the Internet, it applies to both online and offline realities
(…) existing rules do apply and do provide safeguards”.

Google’s Global Privacy Counsel Peter Fleischer stated that the merger
between Google and DoubleClick would not lead to the creation of a single
database with consumer-related information, as “DoubleClick does not own its
customers’ data”. He also added that the online ad company “can only use the
data it processes from serving ads to provide aggregate reporting. The data
is owned by the publishers or advertisers that DoubleClick works for (…)
DoubleClick customers would be very displeased if one tried to undo their
contractual relationships by sharing information between advertisers”.

The merger case is now with DG Competition being examined for potential
violations of antitrust rules in the online advertising intermediary market.
The European Commission is to decide whether or not to authorise the merger
on 2 April 2008.

One issue that was also strongly debated was that of the IP address being
considered personal data or not. In the opinion of the EU group of data
privacy regulators, the IP address should generally be considered as
personal information.

Google’s view has been expressed by Fleischer who stated: “There is no black
or white answer: sometimes an IP address can be considered as personal data
and sometimes not, it depends on the context, and which personal information
it reveals.” But Marc Rotenberg, the Executive Director of the Electronic
Privacy Information Center contradicted this statement: I wish this was the
case, but we are moving towards the IP6 model, for which it will be even
more the case that IP addresses will be personably identifiable”.

Peter Scharr, Germany’s data protection commissioner who leads the EU
Article 29 Data Protection Working Group which is preparing a report on the
compliance with EU data protection acts of the privacy policies of Internet
search engines operated by Google, Yahoo, Microsoft and others, said that if
someone could be identified by an IP address “then it has to be regarded as
personal data.”

Do Internet companies protect personal data well enough? (26.01.2008)
http://www.neurope.eu/articles/82144.php

Google-DoubleClick deal likely to win EU go-ahead (25.01.2008)
http://www.reuters.com/article/reutersEdge/idUSL2589361220080125

Internet privacy concerns cause very public row in Brussels (23.01.2008)
http://afp.google.com/article/ALeqM5hQ47Tl9N_w06bGdc5UBcXzg1lPRA

EU data regulator says Internet addresses are personal information
(21.01.2008)
http://www.siliconvalley.com/news/ci_8035260?nclick_check=1

Google seeks to allay privacy fears over DoubleClick merger (22.01.2008)
http://www.euractiv.com/en/infosociety/google-seeks-allay-privacy-fears-doubleclick-merger/article-169785

EDRi-gram: EC announces a larger investigation of the Google-DoubleClick
deal (26.11.2007)
http://www.edri.org/edrigram/number5.22/in-depth-google