EU Commissioner threatens action on social networking, RFID privacy

OUT-LAW News, 15/04/2009

The European Commission has said that it will take action against countries which do not protect people against privacy invasions from new technologies. It said that it would be particularly vigilant about the use of social networking and ID chips.

Information Society and Media Commissioner Viviane Reding said that the Commission would stamp out privacy invasions caused by social networking websites and by radio frequency identification (RFID) chips. RFID chips are radio signal emitting chips that communicate with systems connected to a database to indicate the physical presence of an object, be it a product or a person.

RFID chips have been promoted as a way for shops to manage inventory or as a way for people to gain access to secure buildings. Privacy advocates have expressed concerns that chips on products or as part of building management systems will track people's movements without their informed consent or full understanding.

Reding said that RFID chips should be "used by the consumer and not on the consumer."

"No European should carry a chip in one of their possessions without being informed precisely what they are used for, with the choice to remove or switch it off at any time," she said.

Reding also identified social networking sites as businesses which are based on the use of information which people consider private. She said that there were particular risks for young people who may not understand the full implications of putting personal data online.

"Privacy must in my view be a high priority for social networking providers and their users," she said. "I firmly believe that at least the profiles of minors must be private by default and unavailable to internet search engines. The European Commission has already called on social networking sites to deal with minors' profiles carefully, by means of self-regulation. I am ready to follow this up with new rules if I have to."

Reding's threat of action against providers who do not protect privacy properly comes in the week that the Commission launched legal proceedings against the UK for failing to force service providers to protect privacy sufficiently.

Following complaints to the Commission and the police about BT trials of Phorm's web use-tracking advertising system which were undertaken without users' knowledge or permission, the Commission said that the UK's privacy laws for communications were inadequate.

It has demanded that the UK change the law to protect communications from surveillance or interception in a way that is more in line with European Union directives on the issues.

Reding said that the Commission's warnings came in the face of increasing commercial pressure to gather and use personal information that individuals, and not corporations, should be able to retain control over.

"European privacy rules are crystal clear: a person's information can only be used with their prior consent," she said. "We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored in exchange for a promise of 'more relevant' advertising."

"I will not shy away from taking action where an EU country falls short of this duty," she said.

See also:

• UK's privacy laws illegally inadequate, says Europe, OUT-LAW News, 14/04/2009
• Privacy group asks web's biggest names to reject Phorm system, OUT-LAW News, 24/03/2009
• Google launches behaviour-tracking ad system, OUT-LAW News, 11/03/2009
• Industry’s behavioural ad guidelines criticised by digital rights group, OUT-LAW News, 05/03/2009
• The law of Phorm, OUT-LAW News, 01/05/2008
• Europe claims UK botched one third of Data Protection Directive, OUT-LAW News, 17/09/2007
• UK's Data Protection Act might not meet European Union standards, OUT-LAW News, 19/05/2004

Feedback | Printer-friendly page | Latest news | | All news feeds | Ask a lawyer