Title: Kein Folientitel
1Mobile Web Privacy Lukas Gundermann Independent
Centre for Privacy Protection Schleswig-Holstein l
d2_at_datenschutzzentrum.de
2Basic Notions
- Self determination with regard to personal data
The right to control who gets which personal
information at which opportunity - Personal data (data relating to a person) Any
information concerning the personal or material
circumstances of an identified or identifiable
individual (the data subject). - Data protection Not protection of data but
protection of people against unauthorised use of
personal data ( privacy) - Data security means of data protection
Mobile Web Privacy - 2 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
3Location Data as Classic Traffic Data in
Telecommunication
- Traffic data Information about the circumstances
of a telecommunication process - E.g. Who called whom at which time?
Mobile Web Privacy - 3 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
4Location Data as Classic Traffic Data in
Telecommunication
- Consequences There is already the danger of
creating a profile of the movement of the user - Due to the size of the cells it is only rough
X
- Store the location information about the active
telecommunication processes(Legal competence?)
- Dont store the mere stand-by signal
Mobile Web Privacy - 4 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
5Additional Personal Data on the Internet
- With the internet (especially the www) new
information emerge - Traffic data contains additional information
regarding the services customers use - Without encryption that information can be easily
tapped on the way through the net - More important It can be collected at the web
server, a user profile can be created(especially
with banner ad companies)
Mobile Web Privacy - 5 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
6Bringing it all together The Mobile Web
- For the intended services the location
information must be much more precise - Tracking users movements is part of the service,
this can include creating a profile - The services will be offered by third parties -
There will be a greater number of recipients of
data - Conclusion A greater volume of more precise
location data will be spread to a larger number
of persons and organisations
Mobile Web Privacy - 6 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
7Solutions Consent of the Users 1
- Absolutely crucial Users have to give their
clear and unambiguous consent - It must be an informed consent, meaning that
users have to be well informed about - which data will be collected,
- for what purpose they will be used
- when they will be deleted etc
- Problem Is there a gradation of consent?
Mobile Web Privacy - 7 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
8Solutions Consent of the Users 2
- Gradation of consent Allowing some services to
receive location data, others not - Data processing is limited to the consented
purposes for different purposes a new consent
would be necessary - A special consent is necessary for transfer of
data to third parties - Users must have access to their own personal data
and profile
Mobile Web Privacy - 8 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
9Solutions Consent of the Users 3
- Important Having the possibility to withdraw the
consent at any time for the whole service or
only for parts of it - An appropriate legal framework is necessary but
not sufficient. - There also have to exist technical means for this
kind of consent-management
Mobile Web Privacy - 9 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
10Solutions Anonymity / Pseudonymity
- For delivering the service it is not always
necessary to know the users identity - What is necessary is to link a profile to always
the same user - There are also more or less pseudonymous or
anonymous techniques of payment available - Pseudonymous profiling would also be permitted
according to the German law (Teleservices Data
Protecion Act)
Mobile Web Privacy - 10 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
11Legal Framework 1
- European law The 1997 directive (97/66/EG) on
protection of telecommunication data covers
location data as subspecies of traffic data - Processing of this kind of data is only permitted
if necessary for the service itself or for
billing purposes - A proposal for a new directive makes it even
clearer It has special provision for location
data - According to that provision location data can
only be processed if made anonymous or with the
users consent. - There is one exception that needs to be discussed
Mobile Web Privacy - 11 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
12Legal Framework 2
- German law The 1996 Telecommunication Act (TKG)
covers location data as traffic data in
telecommunication - Processing is only permitted if necessary for the
service or for billing purposes and some purposes
that are closely connected - The 1997 Teleservices Data Protection Act covers
the processing of personal data by ISPs - It applies also on the web based services that
work with location data. - The provisions are alike the ones of the TKG, but
in addition the Act allows pseudonymous
profiling.
Mobile Web Privacy - 12 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein
13Conclusions
- There are first steps towards a legal framework
for mobile web applications in Europe ,
nevertheless there is still some work to be done - Most important at the time being is to develop
mobile devices that give users control over their
location data - It is necessary not to have only a general option
but to be able to give a graduated consent and
withdraw it at any time - Besides, technical means should be developed,
that serve the principle of minimisation of data
and allow the anonymous provison of mobile web
services.
Mobile Web Privacy - 13 / 13
Independent Centre for Privacy Protection
Schleswig-Holstein