1 / 13

Mobile Web Privacy Lukas Gundermann Independent Centre for Privacy Protection Schleswig-Holstein

Mobile Web Privacy Lukas Gundermann Independent Centre for Privacy Protection Schleswig-Holstein ld2@datenschutzzentrum.de. Basic Notions. Self determination with regard to personal data: The right to control who gets which personal information at which opportunity

jameyp
Download Presentation

Mobile Web Privacy Lukas Gundermann Independent Centre for Privacy Protection Schleswig-Holstein

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Web Privacy Lukas Gundermann Independent Centre for Privacy Protection Schleswig-Holstein ld2@datenschutzzentrum.de

  2. Basic Notions • Self determination with regard to personal data: The right to control who gets which personal information at which opportunity • Personal data (data relating to a person):Any information concerning the personal or material circumstances of an identified or identifiable individual (the data subject). • Data protection: Not protection of data but protection of people against unauthorised use of personal data (= privacy) • Data security: means of data protection Mobile Web Privacy - 2 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  3. X • With the GSM standard also: In which cell is the mobile phone located X • While a communication process is going on X • While the phone is on stand-by(?) Location Data as “Classic” Traffic Data in Telecommunication • Traffic data: Information about the circumstances of a telecommunication process • E.g.: Who called whom at which time? Mobile Web Privacy - 3 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  4. X • As far as it is known the telecommunication providers X Location Data as “Classic” Traffic Data in Telecommunication • Consequences: There is already the danger of creating a profile of the movement of the user • Due to the size of the cells it is only rough X • Store the location information about the active telecommunication processes(Legal competence?) • Don’t store the mere stand-by signal Mobile Web Privacy - 4 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  5. Additional Personal Data on the Internet • With the internet (especially the www) new information emerge • Traffic data contains additional information regarding the services customers use • Without encryption that information can be easily tapped on the way through the net • More important: It can be collected at the web server, a user profile can be created(especially with banner ad companies) Mobile Web Privacy - 5 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  6. Bringing it all together: The Mobile Web • For the intended services the location information must be much more precise • Tracking user’s movements is part of the service, this can include creating a profile • The services will be offered by third parties - There will be a greater number of recipients of data • Conclusion: A greater volume of more precise location data will be spread to a larger number of persons and organisations Mobile Web Privacy - 6 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  7. Solutions: Consent of the Users 1 • Absolutely crucial: Users have to give their clear and unambiguous consent • It must be an informed consent, meaning that users have to be well informed about • which data will be collected, • for what purpose they will be used • when they will be deleted etc • Problem: Is there a gradation of consent? Mobile Web Privacy - 7 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  8. Solutions: Consent of the Users 2 • Gradation of consent: Allowing some services to receive location data, others not • Data processing is limited to the consented purposes; for different purposes a new consent would be necessary • A special consent is necessary for transfer of data to third parties • Users must have access to their own personal data and profile Mobile Web Privacy - 8 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  9. Solutions: Consent of the Users 3 • Important: Having the possibility to withdraw the consent at any time for the whole service or only for parts of it • An appropriate legal framework is necessary but not sufficient. • There also have to exist technical means for this kind of consent-management Mobile Web Privacy - 9 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  10. Solutions: Anonymity / Pseudonymity • For delivering the service it is not always necessary to know the users identity • What is necessary is to link a profile to always the same user • There are also more or less pseudonymous or anonymous techniques of payment available • Pseudonymous profiling would also be permitted according to the German law (Teleservices Data Protecion Act) Mobile Web Privacy - 10 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  11. Legal Framework 1 • European law: The 1997 directive (97/66/EG) on protection of telecommunication data covers location data as subspecies of traffic data • Processing of this kind of data is only permitted if necessary for the service itself or for billing purposes • A proposal for a new directive makes it even clearer: It has special provision for location data • According to that provision location data can only be processed if made anonymous or with the user’s consent. • There is one exception that needs to be discussed Mobile Web Privacy - 11 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  12. Legal Framework 2 • German law: The 1996 Telecommunication Act (TKG) covers location data as traffic data in telecommunication • Processing is only permitted if necessary for the service or for billing purposes and some purposes that are closely connected • The 1997 Teleservices Data Protection Act covers the processing of personal data by ISPs • It applies also on the web based services that work with location data. • The provisions are alike the ones of the TKG, but in addition the Act allows pseudonymous profiling. Mobile Web Privacy - 12 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

  13. Conclusions • There are first steps towards a legal framework for mobile web applications in Europe , nevertheless there is still some work to be done • Most important at the time being is to develop mobile devices that give users control over their location data • It is necessary not to have only a general option but to be able to give a graduated consent and withdraw it at any time • Besides, technical means should be developed, that serve the principle of minimisation of data and allow the anonymous provison of mobile web services. Mobile Web Privacy - 13 / 13 Independent Centre for Privacy Protection Schleswig-Holstein

More Related