Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new data protection regulation external link

Computer Law & Security Review, num: 2, pp: 256-271., 2016

Abstract

Information about millions of people is collected for behavioural targeting, a type of marketing that involves tracking people’s online behaviour for targeted advertising. It is hotly debated whether data protection law applies to behavioural targeting. Many behavioural targeting companies say that, as long as they do not tie names to data they hold about individuals, they do not process any personal data, and that, therefore, data protection law does not apply to them. European Data Protection Authorities, however, take the view that a company processes personal data if it uses data to single out a person, even if it cannot tie a name to these data. This paper argues that data protection law should indeed apply to behavioural targeting. Companies can often tie a name to nameless data about individuals. Furthermore, behavioural targeting relies on collecting information about individuals, singling out individuals, and targeting ads to individuals. Many privacy risks remain, regardless of whether companies tie a name to the information they hold about a person. A name is merely one of the identifiers that can be tied to data about a person, and it is not even the most practical identifier for behavioural targeting. Seeing data used to single out a person as personal data fits the rationale for data protection law: protecting fairness and privacy.

behavioural targeting, cookies, Data protection law, IP addresses, online behavioural advertising, Personal data, Privacy, profiling, pseudonymous data, tracking

Bibtex

Article{nokey, title = {Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new data protection regulation}, author = {Zuiderveen Borgesius, F.}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2733115}, year = {0223}, date = {2016-02-23}, journal = {Computer Law & Security Review}, number = {2}, abstract = {Information about millions of people is collected for behavioural targeting, a type of marketing that involves tracking people’s online behaviour for targeted advertising. It is hotly debated whether data protection law applies to behavioural targeting. Many behavioural targeting companies say that, as long as they do not tie names to data they hold about individuals, they do not process any personal data, and that, therefore, data protection law does not apply to them. European Data Protection Authorities, however, take the view that a company processes personal data if it uses data to single out a person, even if it cannot tie a name to these data. This paper argues that data protection law should indeed apply to behavioural targeting. Companies can often tie a name to nameless data about individuals. Furthermore, behavioural targeting relies on collecting information about individuals, singling out individuals, and targeting ads to individuals. Many privacy risks remain, regardless of whether companies tie a name to the information they hold about a person. A name is merely one of the identifiers that can be tied to data about a person, and it is not even the most practical identifier for behavioural targeting. Seeing data used to single out a person as personal data fits the rationale for data protection law: protecting fairness and privacy.}, keywords = {behavioural targeting, cookies, Data protection law, IP addresses, online behavioural advertising, Personal data, Privacy, profiling, pseudonymous data, tracking}, }

IE vincit omnia? Opsporing in de particuliere sector. external link

AMI, num: 6, pp: 176-180., 2016

Abstract

Bevel aan Google tot afgifte ex. art. 28 lid 9 Aw van persoons- en adresgegevens van de houder van een Google Play account vanwege onrechtmatige verkoop van e-books. Voorwaarde dat de houder op grond van art. 40 Wbp verzet kan aantekenen tegen die afgifte bij de verantwoordelijke (Google). Grondrechtenconflict bescherming van eigendom, vrijheid van meningsuiting en privacy.

Grondrechten, Privacy

Bibtex

Other{nokey, title = {IE vincit omnia? Opsporing in de particuliere sector.}, author = {Kabel, J.}, url = {http://www.ivir.nl/publicaties/download/1724.pdf}, year = {0216}, date = {2016-02-16}, journal = {AMI}, number = {6}, abstract = {Bevel aan Google tot afgifte ex. art. 28 lid 9 Aw van persoons- en adresgegevens van de houder van een Google Play account vanwege onrechtmatige verkoop van e-books. Voorwaarde dat de houder op grond van art. 40 Wbp verzet kan aantekenen tegen die afgifte bij de verantwoordelijke (Google). Grondrechtenconflict bescherming van eigendom, vrijheid van meningsuiting en privacy.}, keywords = {Grondrechten, Privacy}, }

Scoping Electronic Communication Privacy Rules: Data, Services and Values external link

JIPITEC, num: 3, pp: 198-210., 2016

Abstract

We use electronic communication networks for more than simply traditional telecommunications: we access the news, buy goods online, file our taxes, contribute to public debate, and more. As a result, a wider array of privacy interests is implicated for users of electronic communications networks and services. . This development calls into question the scope of electronic communications privacy rules. This paper analyses the scope of these rules, taking into account the rationale and the historic background of the European electronic communications privacy framework. We develop a framework for analysing the scope of electronic communications privacy rules using three approaches: (i) a service-centric approach, (ii) a data-centric approach, and (iii) a value-centric approach. We discuss the strengths and weaknesses of each approach. The current e-Privacy Directive contains a complex blend of the three approaches, which does not seem to be based on a thorough analysis of their strengths and weaknesses. The upcoming review of the directive announced by the European Commission provides an opportunity to improve the scoping of the rules.

data, e-Privacy Directive, electronic communication, Privacy, services, values

Bibtex

Article{nokey, title = {Scoping Electronic Communication Privacy Rules: Data, Services and Values}, author = {van Hoboken, J. and Zuiderveen Borgesius, F.}, url = {http://www.ivir.nl/publicaties/download/1721.pdf}, year = {0119}, date = {2016-01-19}, journal = {JIPITEC}, number = {3}, abstract = {We use electronic communication networks for more than simply traditional telecommunications: we access the news, buy goods online, file our taxes, contribute to public debate, and more. As a result, a wider array of privacy interests is implicated for users of electronic communications networks and services. . This development calls into question the scope of electronic communications privacy rules. This paper analyses the scope of these rules, taking into account the rationale and the historic background of the European electronic communications privacy framework. We develop a framework for analysing the scope of electronic communications privacy rules using three approaches: (i) a service-centric approach, (ii) a data-centric approach, and (iii) a value-centric approach. We discuss the strengths and weaknesses of each approach. The current e-Privacy Directive contains a complex blend of the three approaches, which does not seem to be based on a thorough analysis of their strengths and weaknesses. The upcoming review of the directive announced by the European Commission provides an opportunity to improve the scoping of the rules.}, keywords = {data, e-Privacy Directive, electronic communication, Privacy, services, values}, }

Welcome to the Jungle: the Liability of Internet Intermediaries for Privacy Violations in Europe external link

JIPITEC, num: 3, pp: 211-228., 2016

Abstract

In Europe, roughly three regimes apply to the liability of Internet intermediaries for privacy violations conducted by users through their network. These are: the e-Commerce Directive, which, under certain conditions, excludes them from liability; the Data Protection Directive, which imposes a number of duties and responsibilities on providers processing personal data; and the freedom of expression, contained inter alia in the ECHR, which, under certain conditions, grants Internet providers several privileges and freedoms. Each doctrine has its own field of application, but they also have partial overlap. In practice, this creates legal inequality and uncertainty, especially with regard to providers that host online platforms and process User Generated Content.

Data protection, ECHR, Freedom of expression, Grondrechten, intermediaries, liability, Privacy

Bibtex

Article{nokey, title = {Welcome to the Jungle: the Liability of Internet Intermediaries for Privacy Violations in Europe}, author = {van der Sloot, B.}, url = {http://www.ivir.nl/publicaties/download/1720.pdf}, year = {0119}, date = {2016-01-19}, journal = {JIPITEC}, number = {3}, abstract = {In Europe, roughly three regimes apply to the liability of Internet intermediaries for privacy violations conducted by users through their network. These are: the e-Commerce Directive, which, under certain conditions, excludes them from liability; the Data Protection Directive, which imposes a number of duties and responsibilities on providers processing personal data; and the freedom of expression, contained inter alia in the ECHR, which, under certain conditions, grants Internet providers several privileges and freedoms. Each doctrine has its own field of application, but they also have partial overlap. In practice, this creates legal inequality and uncertainty, especially with regard to providers that host online platforms and process User Generated Content.}, keywords = {Data protection, ECHR, Freedom of expression, Grondrechten, intermediaries, liability, Privacy}, }

On private persons monitoring the public space external link

European Data Protection Law Review, num: 2, pp: 1-4., 2016

Grondrechten, Privacy

Bibtex

Other{nokey, title = {On private persons monitoring the public space}, author = {Hijmans, H.}, url = {http://www.ivir.nl/publicaties/download/1719.pdf}, year = {0119}, date = {2016-01-19}, journal = {European Data Protection Law Review}, number = {2}, keywords = {Grondrechten, Privacy}, }

Right to have links removed: Evidence of effective data protection external link

Maastricht Journal of European and Comparative Law, num: 3, pp: 555-563., 2016

Grondrechten, Privacy

Bibtex

Article{nokey, title = {Right to have links removed: Evidence of effective data protection}, author = {Hijmans, H.}, url = {http://www.ivir.nl/publicaties/download/1718.pdf}, year = {0119}, date = {2016-01-19}, journal = {Maastricht Journal of European and Comparative Law}, number = {3}, keywords = {Grondrechten, Privacy}, }

De nieuwe Europese privacywetgeving: stand van zaken bijna twee jaar na Commissievoorstel external link

Nederlands tijdschrift voor Europees recht, num: 10, pp: 346-351., 2013

Grondrechten, Privacy

Bibtex

Article{nokey, title = {De nieuwe Europese privacywetgeving: stand van zaken bijna twee jaar na Commissievoorstel}, author = {Hijmans, H.}, url = {http://www.ivir.nl/publicaties/download/1713.pdf}, year = {1010}, date = {2013-10-10}, journal = {Nederlands tijdschrift voor Europees recht}, number = {10}, keywords = {Grondrechten, Privacy}, }

Nieuwe Europese regels voor privacy: commissie stelt pakket voor om gegevens ook in het informatietijdperk te beschermen external link

Nederlands tijdschrift voor Europees recht, num: 4, pp: 132-139., 2012

Abstract

Dit artikel bespreekt het voorstel voor een Verordening van het Europees Parlement en de Raad betreffende de bescherming va natuurlijke personen in verband met de verwerking van persoonsgegevens en betreffende het vrije verkeer van die gegevens (algemene verordening gegevensbescherming), dat op 25 januari 2012 door de Commissie is aangenomen. Dit voorstel beoogt een ingrijpende vernieuwing van het Europese stelsel voor gegevensbescherming te bewerkstelligen, onder meer door in een verordening gedetailleerde regels te stellen die in de gehele Unie van toepassing zijn. Het artikel eindigt met enkele fundamentele Europeesrechterlijke vragen die het voorstel oproept.

Grondrechten, Privacy

Bibtex

Article{nokey, title = {Nieuwe Europese regels voor privacy: commissie stelt pakket voor om gegevens ook in het informatietijdperk te beschermen}, author = {Hijmans, H.}, url = {http://www.ivir.nl/publicaties/download/1712.pdf}, year = {0403}, date = {2012-04-03}, journal = {Nederlands tijdschrift voor Europees recht}, number = {4}, abstract = {Dit artikel bespreekt het voorstel voor een Verordening van het Europees Parlement en de Raad betreffende de bescherming va natuurlijke personen in verband met de verwerking van persoonsgegevens en betreffende het vrije verkeer van die gegevens (algemene verordening gegevensbescherming), dat op 25 januari 2012 door de Commissie is aangenomen. Dit voorstel beoogt een ingrijpende vernieuwing van het Europese stelsel voor gegevensbescherming te bewerkstelligen, onder meer door in een verordening gedetailleerde regels te stellen die in de gehele Unie van toepassing zijn. Het artikel eindigt met enkele fundamentele Europeesrechterlijke vragen die het voorstel oproept.}, keywords = {Grondrechten, Privacy}, }