Home & Office

User profiling fears real but paranoia unnecessary

Technology helping Web companies profile users easily and cheaply so privacy concerns raised legitimate, but one observer thinks laws sufficient to prevent companies from abusing information.
Written by Jamie Yap, Contributor on

Following the call by a German privacy agency for local institutions to shut down their Facebook Pages and remove the "Like" button from their Web sites due to user profiling activities that contravenes German and European Union laws, industry watchers said such privacy concerns are legitimate but should be tempered.

Amber Yoo, director of communications at U.S.-based consumer privacy watchdog, Privacy Rights Clearinghouse, said advances in technology have made it easy and cheap for companies to collect and store huge amounts of data to create consumer profiles that merge their online and offline behavior and actions.

As such, companies will continue to "push the privacy envelope" until they have a financial incentive or disincentive to do otherwise, she added in her e-mail.

"The industry will tell you that this data is used to tailor advertisements to your interests. However, many companies also sell the data to third parties," she pointed out.

Graham Titterington, principal analyst of IT security at Ovum, added that consumers and enterprises do not generally understand the extent data is collected, stored and analyzed, which means that the current degree of public concern is actually "understated".

The fundamental issue, according to him, is that identifiable user information no longer belongs to people but to the companies that collect the data and this shift in control is concerning. How people react or how concerned they become will then depend on their circumstances, he said, adding that some people might just like the convenience of being targeted by advertisers based on such profiling.

Bryan Tan, director of Singapore-based Keystone Law Corporation, also pointed out that "a lot of harm" could be inflicted if the stockpiles of identifiable user data--from e-mail addresses to credit card details--fall in the wrong hands.

He acknowledged, though, that it is difficult to say if today's privacy concerns border on "overreaction".

Watchdog: Facebook runs afoul of EU laws
Their comments come after the Independent Center for Privacy Protection (Unabhängige Landeszentrum für Datenschutz, or ULD) in Schleswig-Holstein, Germany, called on companies in the federal state to deactivate Facebook analytics by disabling the "Like" button on their Web sites and taking down their Facebook Pages on Aug. 18.

Companies which do not comply by end-September this year may face a maximum fine of 50,000 euros (US$70,440), the privacy watchdog said on its Web site.

Explaining the decision, Thilo Weichert, commissioner and head of ULD, said in a statement that anyone who visits Facebook or uses its "Like" plug-in must expect that he or she will be tracked for two years by the social media giant. Facebook, in turn, builds a personalized profile of its members and this infringes on German and European data protection law, he stated.

Marit Hansen, deputy privacy commissioner at ULD, told ZDNet Asia in a separate e-mail interview that the agency does not "oppose social media" but that it would like to see "solutions that are compliant with [the EU's] data protection regulations".

Hansen also stressed that the ULD's directive applied only to enterprises and was not meant for private users. He admitted that stopping Facebook usage might be "difficult for companies who have become dependent on its services", though.

Asked if that is why fines were introduced, Hansen said the ULD's objective was to make the fines that might be imposed transparent to companies so that they understood the consequences of their actions.

More importantly, the agency wanted to convey the point that many users and companies are insufficiently aware of the data processing done by Facebook and similar services, nor are they familiar with data protection law, he explained.

Potentially adverse business impact
However, founder of Singapore-based frozen yogurt café Sogurt, Lee Li Ping, said ULD's directive, if imposed here, might stall communication between companies and their clientele.

Those that have fears about user data profiling should turn to the "selective sharing of personal information", and not overreact to paranoia by, for example, completely halting their use of social media, Lee told ZDNet Asia in an e-mail interview.

Sogurt, for one, makes use of social media platforms such as Facebook and Twitter for marketing purposes and these mediums have "definitely helped" the business gain "great market exposure and reach", she noted.

So, if privacy fears lead to regulatory constraints, which then lower viewership and participation on these platforms, businesses could be affected and it might take time before companies come up with alternative ways to reach their target audience, she said.

Titterington added that boycotting Facebook is "not a realistic option" for many businesses as the platform enjoys a monopoly globally.

Instead, the best option for business users is to try and impose their own compartmentalization on the use of major Web sites and services, and be mindful of the types of information disclosed, he recommended.

For instance, businesses with a Facebook profile should not communicate personal information to its followers, the Ovum analyst explained.

Asked if laws could help assuage fears of data abuse, Tan said if laws were created to prohibit or penalize users from using certain Web sites, they might be going too far and "throwing the baby out with the bathwater".

"The freedom of the Internet allows people to access what information or services they want. Those who choose to operate in certain unacceptable ways will soon be taken to task for those ways, but not otherwise. To me, the law has done its job," the lawyer said.

Editorial standards