Tuesday 30 August 2011

Home-made cookies? - over possibilities of self-control

What to do with the new requirements of the ePrivacy Directive? In the Netherlands the Dutch Parliament seemed to have found the answer to this question by introducing a draft of a law that would require internet service providers to use the opt-in system, i.e. consumers would have to explicitly agree to any application of cookies to their data (Cookies opt-in and net neutrality law...). However, the draft legislation has not yet been adopted by the second chamber of the Dutch Parliament and in the meantime it has been heavily criticized by all internet service providers, who consider it to be impractical and too difficult to implement. As a result of this law, the consumer would most likely have to click away hundreds of little windows per every internet page he would open, since many cookies are connected  to many websites.

Today major publishers in the Netherlands had made available a website which explains what a cookie is and how does it work (Uitgevers lanceren volg-me-niet register om onduidelijke cookiewet). By every advertisement on the news websites of these publishers there is an information icon attached, which upon a click leads the reader to that special website. The idea behind this initiative is to let the government see that the business can self-regulate the use of and control over cookies. The publishers claim that they seriously approach any privacy concerns of the consumers and that there are other alternatives to protecting consumers' privacy than the strictest method adopted by the Dutch Parliament, that is an obligation to implement an opt-in system by the internet service providers. Interestingly, they direct consumers also to a website Youronlinechoices.eu which is supposed to enable consumers to see what cookies are active at the moment on his consumer and how to switch them off. Unfortunately, this website stopped working alerady today, due to a huge traffic to it (Afmeldsite voor cookies uit de lucht wegens te veel belangstelling). Still, it remains to be seen whether these sort of initiatives will convince the Dutch Parliament to change the new law and to accept that the opt-out system protecting consumers from cookies might be the only acceptable solution to business at this moment.

What is a cookie?




How the new cookie law is supposed to work and what is wrong with it - explained in a short video:


Consumer behaviour in a digital environment - a new study was just published

European Commission published a study that was conducted on "Consumer behaviour in a digital environment" mostly by researchers at the London School of Economics, upon a mandate given by the Directorate-General for Internal Policies.

"This study analyses consumer behaviour and the interaction between consumers and businesses in the digital environment. At issue is how consumers benefit from the digital environment and whether and how they change their purchasing behaviour. A number of barriers to e-commerce and a more integrated European digital market are identified and specific policy recommendations are provided."

Wednesday 24 August 2011

Limits to the unlimited

And some news on mobile internet & advertising: the Consumer Protection Office of the German region North Rhine-Westphalia has won a temporary injunction against four mobile operators for misleading advertising of mobile internet flat-rate plans. While the ads suggested that the mobile internet plans on offer gave consumers unlimited access to internet services, in reality there is a restriction on the amount of data that can be downloaded. The mobile operators involved are now changing their websites to create more transparency on this.

Still, as more and more mobile operators are introducing data caps in their internet plans, consumers may wonder how many data they are actually using. On the internet, some data usage calculators are now available (How to keep track of your cellphone data usage).

Your face tomorrow

Just a brief addition to yesterday's post and a new instalment in the series on privacy & social networking: Facebook has announced it will implement some significant changes in the way users can manage their privacy settings. This way, it is aimed to give users more direct control over whom they share the items they post with.

Facebook's vice president does not confirm suggestions that the adaptations may be related to possible preparations to make the social network available to children under 13. In this context, worries had been expressed concerning the protection of children's rights online (see also an earlier post on the EU's initiatives to protect children's fundamental rights).

The new privacy settings will be made available from 25 August onwards.

Monday 22 August 2011

Disclosing your location online - smart move or playing with fire?

Short time ago I posted about a possibility that Facebook was infringing German privacy and data protection laws (Facial recognition software...) by enabling its applications to recognize people on the photos that were posted on Facebook via a facial recognition software. It seems that representatives of Facebook in Germany may have other worries soon (Facebook Places worries Germany).

German authorities are now criticising Facebook for its 'Places' application. By use of this application, consumers are able to disclose their precise location on a map, which is most often uploaded automatically (upon the original choice to use this application is made by a consumer) via consumer's smartphone. Sure, you can compare it to Foursquare, e.g., and ask what's the problem with using this application. After all, it will allow your friends to see whether you are in their neighbourhood and allow them to join you for a drink, movie, etc. However, there is a dark side to this story, as well. What if this data became available to a thief who could see whether you were at home at a given moment? Or, you had a quarrel with someone and really didn't want to run into him that night, but he spotted your whereabouts on Facebook Places and followed you around the town. What if you attract a stalker? Moreover, you might soon notice how you are being targeted with advertisement based on the locations you visit...

In Germany, authorities are arguing that consumers are making private data available online without understanding all the dangeres involved in this process. It is not a new issue, but one that consumers seem to be unable to fully grasp. Many websites mention the danger of sharing too many of your personal information online, e.g. Please Rob Me website.

"The danger is publicly telling people where you are. This is because it leaves one place you're definitely not... home. So here we are; on one end we're leaving lights on when we're going on a holiday, and on the other we're telling everybody on the internet we're not home."

Still, there is no legal bans (for now) for allowing consumers to choose online services which gather and use geographical data. It remains to be seen whether the use of such data will be common in our future or whether the fear of infringement of consumer's privacy will win.

On the website of ACMA (The Australian Communications and Media Authority) you may find some tips as to how to protect yourself if you choose to use these services. Online Social Networking - location-based services.

On why we use the geo-location services, see: Why We Check In: The Reasons People Use Location-Based Social Networks

Sunday 21 August 2011

Complain... and it will be given to you?

In the past month my parents approached me twice to ask for my help in drafting and submitting complaints about faulty consumer services they had received. In one instance, they flight was delayed but they had not received any compensation from the airline operator, in the other - they were told by a service company that their cooking plate was broken and beyond repair, and only after they purchased a new one and had the old one removed it turned out that the old cooking plate was perfectly usable and that only a cable needed to be replaced to make it work again. It was, of course, a coincidence that these two events took place shortly one after the other, but I started thinking that more and more I hear stories from family and friends about them complaining about this or that to the producers, sellers, service providers etc.

Last week I read an article in the Irish Times 'Putting the customer first' which confirms that times are changing and that consumers nowadays file more complaints against companies. While we used to ignore and swallow bad service as something that we just have to suffer through, nowadays we know that we have a right to ask and demand more. Interestingly, this article mentions that the raise in the amount of complaints does not necessarily lead to the companies listening more to the complaints or learning from their mistakes. Still, a certain behavioural shift is taking place and we'd be eagerly following its development. Since, from feeling empowered enough to make a complaint, there is just a step to changing a service provider in case he does not listen to our complaint, spreading the word of mouth among our friends/family and even strangers via various online social media available and therefore contributing to lowering the trust in this particular service provider and hopefully making him listen more and improve his services.

Cookies going stale

In a few previous posts I had mentioned "the cookies debate". After the amendments to the ePrivacy Directive, the consumer's consent is necessary for placing any cookies on his computer by the internet service providers (Delete cookies?!; Would you like a cookie?). This has recently been addressed by the Dutch Parliament (Cookies opt-in and net neutrality law), but also other European governments are struggling to find a proper, efficient way to fulfil the requirements of this Directive and still maintain effective and prosperous online community. Recently the Department for Culture, Media and Sport in the UK as well as the Information Commissioner's Office (ICO) published certain guidelines that are to help local authorities to keep their data legally. These guidelines might be helpful for any internet service provider who needs to decide what to do with the cookies he is using within his services. Interestingly, ICO announced in May 2011 that it would not actively enforce the regulations for a year. It might sound surprising if you expected the new law to immediately start having an effect on your online protection, however, this delay makes sense if you take into account the amount of controversies accompanying implementation of these new rules.


The suggested legal methods of obtaining consumers consent for placing cookies on his computer are as follows:
1. pop-ups - pros: they are difficult to avoid by consumers, and they don't interfere with the actual content and design of the website; cons: annoying;
2. terms and conditions - pros: already there on many websites, which means that service providers would only need to add one, clear paragraph on consent; cons: almost no one reads them, it would be difficult to prove actual acceptance of the terms;
3. settings-led consent: pros: consumer may give consent while choosing various preferences for using a particular website; cons: only certain websites allow this;
4. feature-led consent: as above;
5. functional uses: pros: when a consumer is browsing through a website a scrolling text appears in the header or footer of the web page to indicate that his use of the website is being tracked; cons: consumer still has to somehow give consent for further use of this data.

More on that subject in the article by Simon McDougall for The Guardian: "Cookie crumbles: confusion over data regulation"

Friday 12 August 2011

European Commission to investigate airlines’ add-on charges to tickets


The European Commission has announced to investigate add-on charges to cheap flight tickets. As a consequence of the inquiry, European rules on flight pricing may change.

Since the introduction of online ticket selling and low cost airlines, many airlines have been advertising their flight prices without mentioning additional costs such as taxes, luggage charges and credit card fees. In many cases, consumers are confronted with the real price of the product only at the final stages of the booking process. Especially low-cost airlines like Ryanair and Easyjet are notorious for these practices.

According to Article 23 of EU Regulation 1008/2008, airlines are required at all times to state the final price including the applicable air fare or air rate as
well as all applicable taxes, and charges, surcharges and fees which are unavoidable and foreseeable at the time of publication.

The inquiry was announced by the European Commissioner for transport, Siim Kallas, after pressure by Brian Simpson, British MP and chairman of the European Parliament’s transport commission. He had been urging the European Commission to take action.

For more information, check out this article on the Guardian website.

Wednesday 10 August 2011

Online database on unfair commercial practices

Recently the European Commission has launched a new online database on unfair commercial practices. The aim of this new e-service is to improve understanding of the Unfair Commercial Practices Directive by making publicly available data on what is seen as such a practice. This database can be useful both for consumers and national enforcement agencies. What may be found on the website? It contains many various sources helping to determine what is an unfair commercial practice: national legislations, jurisprudence, administrative decisions, reference to relevant literature.

Friday 5 August 2011

(Free) speech online

Shortly before my weekend starts I wanted to share with you a video that I have watched recently. It's another inspiring TED Talk. This time I stumbled upon a presentation of Rebecca MacKinnon, an expert on Chinese Internet censorship, who talks about problems with free speech in the online environment ('Let's take back the Internet!'). It made me wonder about times changing and how our ancestors fought hard battles to have a right to speak publicly about any (well, almost any) subject they wanted to, and how we are now taking it for granted.

Also, since I have visited Vietnam at the beginning of this year I became more aware of Internet censorship. Namely, I encountered problems with logging on certain websites while I was in Vietnam, e.g. Facebook was blocked most of the time. Then my Vietnamese friends explained to me that it was not due to a network problem, as I thought it was, but rather it was an intended action of a network who needed to please the communistic authorities by not letting its users use/see certain content online. I was also quickly brought up to date with anti-censorship software that I could install on my laptop and go around the network's restrictions.

Without much further ado...


Thursday 4 August 2011

Facial recognition software used for such trivial matters as identifying party photos nowadays - against privacy laws?

According to the recent news article on the Guardian (Facebook facial recognition software violates privacy laws, says Germany) Facebook does not comply with German consumer data protection and privacy laws. Anyone who uses Facebook and its option to upload photos on it should have noticed a change in its service in the past month or so. Now, after the photos have been uploaded by a user, the programme attempts to identify people on the photos and suggests to users whom to tag on these photos (i.e. assign names to faces on the pictures). How does Facebook knows who is photographed on its users photos? It uses a facial recognition software... 
Facebook uses facial recognition system



After the last article published on this blog about spying tendencies of some restaurants (Restaurant: a super-spy!), when you hear about Facebook using facial recognition software you really should start wondering whether there is any business that does not aim at fancying themselves CIA nowadays...

Anyway, the German data protection officials have turned to Facebook to demand that it stops running that programme on German users and that it deletes any related data with a threat of ca. 300.000 Euro fine for non-compliance. Apparently, Germany has stricter privacy laws than in the rest of Europe and using such a programme without explicit permission of consumers for the storage of their biometric facial profiles in Facebook's database is against the law. Let's wait and see how this matter develops further.

Monday 1 August 2011

Restaurant: a super-spy!

Did you get used to the idea of governments spying your activites? I think most of us are aware that there is no such thing as privacy of our data on- and offline and that authorites collect and record our information whenever they can. It takes it to a further level, however, when private business start doing the same thing. We all have heard about our search results on google.com being adjusted to our past search history, we know that amazon.com suggests us books to buy based on our purchase history. However, does anyone ever wonder how come a waiter in a restaurant remembers what we ordered months ago when we visited them last? Is it really just his faboulous memory that serves him so well?

It turns out that certain restaurants are building databases of their customers that are so extent as to cover not only special wishes (allergies, birthdays, dislike and likes) but also past history of orders. This means that when you show up the next time your favorite drink might be waiting on a table for you the moment you sit down. Also, you could be receiving newsletters from them that are tailored to what you like/dislike to eat or drink. This goes even further than just collecting data on steady customers: apparently when you visit such a restaurant for the first time they'd conduct a google search on you trying to find out who you are and what to expect... 

I'm all for great, tailored-fit service, but at the same time I find this practice making me uncomfortable. Mostly, since I don't want to be that predictable that a waiter would know what I'd order before I knew it myself! Moreover, the chef of the restaurant who explains how they use these techniques claims that it's great for the business and for his customers, but admits that most of the customers don't even suspect that their data had been collected and stored for further processing by the restaurant. This seems to me to be a clear breach of the privacy of our personal data rules but while regulators focus on ensuring and enforcing data protection online, who would even suspect such 'innocent' enterprises like restaurants to start doing the same and needing regulation?

Clear example of an Australian restaurant conducting such data collection is described in : "Clever or creepy? Restaurant's web of data" in The Age.