Posted on 01/Feb/2017
FacebookTwitterGoogle+WhatsAppEvernotePocketKindle ItBufferLinkedIn

All parties and stakeholders should continue to work hand in hand for high data protection’s standards all over Europe and generate the trust that is needed to reap the benefits that the digital revolution can provide.

The biggest lie on the Internet is ‘I have read and understand the Terms and Conditions’. At best one briefly scans a document that would otherwise make for a long and tedious read in legalese, especially for a non-English speaker.

In truth, no one really reads the fine print. To be perfectly blunt, who has the time – or desire – to ponder over a lengthy legal document in order to obtain access to a service or app?

Yet service providers continually ply us with their increasingly invasive privacy policy conditions. We are left with no choice but to accept them. The options are clear: ‘take it or leave it’. This is particularly dangerous in the realm of e-government, e-banking and e-commerce.

Users of these services often have no other alternative. But by accepting their terms, they weaken the control they have over their own data. It is unclear whether these conditions are always lawful and proportional.

Furthermore, users are obliged to accept regular updates. Previously, one had the option of installing them or not, but not anymore.

These obligatory updates occasionally lead to critical problems and after an update, users must verify their privacy settings, as changes can be made without explicit notification. To make matters worse, public authorities sometimes ask us to use these technologies to interact with them.

Actions can and should be taken to protect European users. New ICT technologies should guarantee the privacy of potential users prior to their introduction. Effective privacy enforcement should be guaranteed by demanding privacy by design and fostered by mechanisms that prevent the unnecessary collection of data.

The handling of personal data should be more transparent. Companies should collaborate on these issues, and regulation should define what minimum level of security is reasonable.

In addition, appropriate levels of security should be insured by the reliable implementation of updates. New data protection mechanisms should also be introduced to prevent the domination of major service providers’ stringent privacy policy conditions.

A number of alternative approaches are possible.

Prior to the introduction of new operating systems, services and applications, a certificate of conformity as proof of compliance with the EU General Data Protection Regulation and national Data Protection Acts could be required. A permanent independent group of experts could be established to execute mandatory checks.

Service providers could adopt a more preventive approach. The existing opt-out approach could be replaced with an opt-in model, whereby the transfer of personal data is explicitly authorised by the user and default settings initially prevent such a transfer.

Service providers could clearly inform users what data is transmitted and guarantee that none will be without their explicit authorisation. They should also ensure that third parties cannot obtain this data.

The European Commission’s recent proposal to introduce new legislation to guarantee privacy in electronic communications is a step in the right direction.

But all parties and stakeholders should work hand in hand to protect consumers and companies and generate the trust that is needed to reap the benefits that the digital revolution can provide. Together let us stop the biggest lie on the Internet.

Read the CEPIS Statement “Critical technological dependency requires a revised privacy policy of major service providers


Picture credits: InsideOut Project


(Visited 103 times, 1 visits today)