EU wants tighter online privacy
Thursday, November 4, 2010; 3:53 PM
BRUSSELS -- The European Union wants companies such as Google Inc. or Facebook Inc. to give people more control over how their online habits are tracked, requirements that could crimp Internet firms' ability to target advertising.
Internet companies, privacy activists and the EU's executive commission are likely to wrestle over the specifics of the rules, which cut to the heart of funding models not only for technology firms but also for many online news sites and blogs.
"People should be able to give their informed consent to the processing of their personal data," the European Commission said Thursday in a new strategy paper.
It also wants users to be able to modify and delete any information that has been collected, giving them "a right to be forgotten."
Thursday's strategy paper will form the basis for an overhaul of the EU's 15-year-old laws on data protection scheduled for next year. It is open for public consultation until January, and the commission aims to propose legislation by mid-2011. Any new laws would have to be approved by the European Parliament and national governments.
Tracking an individual's search history to target online advertising is a key revenue source for companies such as Yahoo! Inc. and Google.
The more closely ads can be linked to a user's interests, the more likely they are to be successful.
But privacy watchdogs have raised concerns over whether this information can be linked to an individual's name or address, what it could be used for, and how long it can be stored.
Technological advances and the many players involved in so-called behavioral advertising "make it difficult for an individual to know and understand if personal data are being collected, by whom, and for what purpose," the commission says in its strategy.
Websites should be more transparent about who is collecting data, and why, and how Internet used can "access, rectify or delete their data," it adds.
However, Thursday's document doesn't say whether the EU intends to require users to specifically "opt in" to having their data collected, or whether it is enough to allow them to "opt out."