The tech industry wants to self-regulate when it comes to privacyImage: dpa zb
December 1, 2010
Germany has unveiled plans to tighten Internet privacy, including opt-out rights on geo-location services and a ban on services that build profiles. The new rules were drafted after an outcry over Google Street View.
Germany's interior minister on Wednesday unveiled a draft law to tighten rules on Internet privacy, sparked by the uproar this summer over the Google Street View mapping service. The draft is a combination of self-regulation by Google and other companies, and new rules that would make it illegal to gather certain kinds of personal information.
Interior Minister Thomas de Maiziere said it was "a particularly serious invasion of privacy rights" when sites "publish data that has been aggregated with commercial interests in mind" and which "yield a comprehensive personality of travel profile."
"There are limits, and that limit is the protection of personal information and human dignity," he said. But he added that he was not interested in restricting the opportunities the Internet made possible.
Web services that assemble personal profiles would only be allowed if the people being profiled gave their consent or a there was a compelling reason for making such information public.
The new law, if passed, would amend the current Federal Privacy Act and create a central online repository for geo-spatial and geo-location information.
Also on Wednesday, German tech trade group BITKOM submitted its proposal on industry self-regulation with the group's president, August-Wilhelm Scheer, formally presenting a codex on data protection to de Maiziere in Berlin.
The move comes just two months after de Maiziere called on tech companies doing business in Germany to draw up such a code. BITKOM represents more than 1,350 companies in Germany, including major players like Google, Microsoft, Nokia, Deutsche Telekom, Deutsche Post and others.
Among its suggestions, BITKOM offered to set up a single website where German residents could access what geo-data is made available about them, and what rights they have to correct or request its deletion. Users could also submit similar requests by postal mail, or call a government-run hotline to get questions answered.
"With this kind of self-regulation, the sector will offer consumers maximum transparency and make it easy to opt out," Scheer said. "The codex goes far beyond the current legal regulations."
In addition, companies would be required to give at least one month's notice before photographing locations by listing their plans on their own websites as well as on the centralized one. That would require sites like Google Street View to provide much more advance notification than they do now.
Sites complying with the rules would feature a logo on their pages. The bill also indicates that there will be checks and penalties, although it does not yet specify what those would be.
Not tough enough
But data protection commissioners harshly criticized the draft law, especially the self-regulation aspect. They said the rules did not go far enough, nor did they have teeth.
"Companies that don't sign up to self-regulate won't be bound, and there won't be any independent privacy watchdog to police it," said Johannes Caspar, a commissioner from the federal state of Hamburg.
While the impetus for the new data protection discussion was Google Street View's launch in Germany, de Maiziere said on Wednesday he though facial recognition software, for example on mobile phone cameras, that could identify people by name was a more serious threat to privacy than the Google's service offering detailed photographs of city streets.
Author: Kyle James (Reuters, AFP, dpa) Editor: Nancy Isenson