As fresh revelations come to light concerning smartphone applications and some pretty serious privacy issues for their owners, the European Commission has decided to refer the UK to the EU's Court of Justice for some privacy issues of its own.
One could be forgiven for thinking that privacy of the citizen is not really at the top of the agenda for the UK government – proposed databases of emails and telephone calls, ubiquitous CCTV, laptops with sensitive data left in toilets, and so on. The EC, however, isn't looking at these issues. Rather, it is saying that the UK hasn't fully implemented EU rules on the confidentiality of electronic communications, specifically concerning the rules on 'consent to interception' and enforcement of those rules by supervisory authorities.
The Commission has been considering this since April last year, when it received complaints from UK citizens about how the UK authorities had responded to privacy concerns. This specifically related to ISPs using targeted advertising based on analysis of a user's internet traffic. Theoretically this is referring to complaints over BT's use of Phorm, which delivers targeted advertisements based on web browsing history, but BT has said it has nothing to do with them.
Either way, the Commission said that these complaints were handled by the UK Information Commissioner's Office, the UK personal data protection authority and the police forces responsible for investigating cases of unlawful interception of communications. However, the Commission said that existing UK law governing the confidentiality of electronic communications was in breach of its obligations under the ePrivacy Directive and the Data Protection Directive.
European law requires an independent national authority to supervise the interception of communications, and to hear complaints from those who have been intercepted; the UK doesn't have one. European law also requires consent, or 'reasonable grounds for believing' that consent has been given, before communications can be intercepted, and says that sanctions must be carried out against infringers, even if interception was not carried out intentionally. The UK also falls down on both of these points.
While this is obviously a governmental issue, it will be interesting to see how the Commission reacts to research which came out of America last week concerning consumer privacy and smartphones; one can assume it won't be particularly happy. A joint study by Intel Labs, Penn State and Duke University found that mobile phone applications, publically available from application markets, were releasing people's private information to online advertisers.
Researchers at the participating institutions have developed a real-time monitoring service called TaintDroid which analyzes how private information is obtained and released by applications.
In a study of 30 popular applications, TaintDroid revealed that 15 send users' geographic location to remote advertisement servers, while seven of the 30 send a unique phone identifier and, in some cases, the phone number and SIM card serial number to developers. In all, the researchers identified 68 instances of potentially misused private information by 20 applications.
"We were surprised by how many of the studied applications shared our information without our knowledge or consent," said William Enck, graduate student, computer science and engineering, Penn State. "Often, smartphone applications have obvious user interface changes when they use information like your physical location. These cases usually occur in response to the user pressing a button with clear implications. The cases we found were suspicious because there was no obvious way for the user to know what happened or why."
"Many of these applications access users' personal data such as location, phone information and usage history to enhance their experience," said Patrick McDaniel, associate professor, computer science and engineering, Penn State. "But users must trust that applications will only use their privacy-sensitive information in a desirable way."
The researchers said that, unfortunately, applications rarely provide privacy policies that clearly state how users' sensitive information will be used, and users have no way of knowing where applications send the information given to them.
ضع تعليق باستخدام حساب الفيس بوك
|مواضيع ذات صلة مع What will the EC have to say about smartphone data dissemination?|
|Cas Data Download :-: لتحميل Cas data لاجهزة المورسات من برمجتي|
|Smartphone subscribers now comprise majority of mobile browser and application users in US|