- The extent of online data collection is such that even Orwell would nod in appreciation.
- Since we have no idea this is happening, we don’t really care about it.
- The EU is trying to do something about it.
- But other than expressing its outrage, it has not done much.
Facebook is creating shadow profiles of its users, Google records every move we make on the internet and online advertising firms categorize visitors of websites based on a dozen different factors. And all this time, the EU is standing by in bewilderment, without any idea how it could keep online data collection, as well as the hidden tracking of users, in check.
The passage of the EU’s new data protection directive is nowhere in sight while according to the original schedule, the new rules would have to be applied everywhere a year from now. The topic is being discussed today simultaneously by the Justice and Home Affairs Council in Luxembourg and the European Parliament’s relevant expert committee in Strasbourg, but the parties seem to be mostly at a loss as to what to do about it. Ever since the Snowden scandal, which brought to light the U.S. National Security Agency’s (NSA) mass surveillance programs, everybody in Europe, from Viviane Reding to Angela Merkel, has expressed their intention to tighten data protection regulations, but nobody knows how.
Earlier, we wrote about the fact that a significant portion of online providers collect unbelievably detailed information on the online activity of users. The information thus obtained is basically used for two purposes: improving user experience, for example by not having to enter our email address for the hundredth time on a frequently visited website; and helping to figure out what kind of advertisements would interest us. In May, however, it turned out that there is unfortunately also a third reason: all the information passing through U.S. internet companies (basically the entirety of online traffic) ends up at the NSA. Upon learning this, European governments became even more nervous and even more at a loss.
This is how data is collected at internet companies:
The reason for being at a loss as to what to do is that according to the current state of affairs, Europe is unable to come up with regulation that would hinder U.S. internet companies from collecting and using this data and handing it over to the NSA.
U.S. law requires that the companies in question cooperate with the NSA, so it is logical that they won’t go against these regulations. The limits of European data protection laws are also becoming increasingly visible with regard to limiting data collection for commercial purposes. European data protection is built around the concept of ‘personal data.’ Personal data is defined as any information based on which a private person can be identified, such as a name, a unique identification number, and under certain circumstances, even the IP address of a computer. However, user databases that are stripped of personal data do not fall under European data protection rules. These can be used to build online profiles, or can be sold to other companies (this is how it is possible that we receive ads on a website based on the profile that is built from our Facebook likes). And neither the current nor the new data protection directive would apply to this practice.
Nevertheless, lobbying activity related to the passage of the data protection directive has reached unprecedented proportions.
Some 4,000 proposed amendments to the directive have been submitted, and it seems that data protection will be the toughest negotiation chapter in free trade agreement talks that are now starting between the EU and the U.S. At any rate, Europeans have been granted some more time to think about the matter, as free trade talks have been put off due to the shutdown of the U.S. federal government: the second round of talks, which was scheduled to be held this week, has been postponed indefinitely.