, 2006-08-28
In the age of personal information versus aggregated information collected from search engines and other Internet services, one's privacy can no longer be assured. Mark Rasch looks at a recent Amazon patent application that shows how the laws need to be tightened because the lines of privacy are becoming blurred.
Expand all |
Post comment
The spanish law that develops the EU directives about personal data protection, and If my memery is right, also the EU directive itself, do no restrict the scope of protection to data that contains some kind of ID datum, but to anythign that can lead to the identity of the person without an unreasonable amount of effort or cost.
So, as for example a resolution of the Spanish Data Protection Agency goes, email addresses are considered an ID of a person unless they are made up of random characters or do not otherwise give any clue about the person's identity.
However, in practice, companies do not look twice into this subtleties and limit their compliance efforts to those cases where a well known ID datum is present. So, though I'm not a lawyer, here it should not be a legal problem, though the law is not very explicit not just in those aspects but in general.
Banks are my favourite examples. Imagine all that a bank does aggregate about you: what you buy, where and when ahve you been or traveled, what organizations do you belong to, if you have or have had health problems, etc. Basilea's treatment should come to apply strict controls in the financial sector use of information, but we can expect to see trouble in companies at complying with that very extensive and strict regulation.
Regards
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/414/33888#33888