Apple has been accused of tracking iPhone usersImage: picture alliance / dpa
May 13, 2011
The EU's top advisers on data privacy are debating whether to classify location information as 'personal data.' That would subject products like smart phones to additional regulations.
In the wake of the recent Sony PlayStation data breach, and the revelation that Apple's iPhone inadvertently tracks users' locations, the European Union's top advisory group on privacy is set to issue an opinion this month on regulatory overhaul.
Transparency in social networking data collection will be central to the overhaul, according to Matthew Newman, a spokesman for EU justice commissioner Viviane Reding.
The group - called the Article 29 Working Party - consists of data protection commissioners from all EU member nations. Their recommendations are nonbinding, but address regulations which haven't been updated since 1995, Newman added.
Those regulations require companies get consent from users before collecting data, and that they outline a specific purpose for doing so.
"Those are principles which have stood the test of time," Newman told Deutsche Welle. "But what we're looking at now is how to incorporate those new technologies like Facebook or other social networks so that people are better informed of their rights."
The Wall Street Journal reported Friday that the commissioners are debating whether geographic data such as that collected by the iPhone should be classified as "personal data."
An unnamed EU official told the American newspaper that "geo-location data has to be considered as personal data," and that "the rules on personal data apply to them."
That could put an end to companies' geographic logging of users without consent and a clearly-stated purpose.
"Any personal data has to be protected," Newman said.
Late last month Apple denied charges it was following the movements of its users.
"Apple is not tracking the location of your iPhone," a company statement said. "Apple has never done so and has no plans to ever do so."
Later, the company changed its software to significantly shorten the duration of tracking data that the phone stores locally.
In the wake of the recent string of data privacy breaches from not only Apple and Sony, and another from European GPS giant TomTom, various EU states, including France, Germany, Italy, Ireland and the U.K. begun investigations examining the use of geo-location data.
New data breach law
A change currently in the legislative pipeline is expected to "expand the scope of obligatory data breach notifications," Newman said.
It would require companies like Sony - which recently lost data on more than 100 million Playstation user accounts to hackers - to notify customers. Such requirements have thus-far only applied to telecommunication networks.
"We're looking into expanding that to other sectors such as the financial sector - e-banks and e-commerce - but also to new platforms like online game platforms," Newman said.
Regardless of the opinion made public later this month by the Article 29 Working Party, the EU's data privacy overhaul could take up to two years to implement, according to Newman. Whether it will be a binding "regulation," or a "directive" open to interpretation by member states has yet to be decided.
"Users do not fully understand exactly what they're agreeing to," Newman said. "So websites need to be a lot clearer and use plain language. This goes for social network sites, behavioral advertising, and also photo sharing sites."