Feeds

ConLibs get shifty on spam and behavioural ads

Consultation shifty in the extreme

Combat fraud and increase customer satisfaction

Last week, the government published its ideas as to how it would implement the changes to EU Directive 2002/58/EC. In relation to spammers and behavioural advertising it has decided to keep the low privacy standards that were acceptable to the previous New Labour government.

The changes discussed in the consultation (pdf) are modifications to Directive 2002/58/EC introduced by the need to implement Directive 2009/136/EC. These new provisions have to be brought into UK law by 25 May next year (and this accounts for the consultation process launched by the government last week).

One of the changes that you won’t find explained in the consultation document is the complete re-wording of Article 13 of Directive 2002/58/EC – a key Article which regulates all forms of electronic marketing including spam. The consultation ignores this complete redrafting and fails to discuss options that consequently arise.

For example, I think Article 13 allows Member States to introduce consent/opt-out requirements for all forms of electronic marketing including behavioural marketing. However, the drafting of Article 13 also allows a continuation of a minimum privacy protection policy with respect to the use of electronic marketing by organisations. The government could have chosen to debate options that included the former; instead it has chosen to keep quiet and give its support to the latter.

The argument for Article 13 providing further controls to protect browsing on the internet can be seen if you read the text carefully. For example, “electronic mail” is a defined term in the Directive to mean “any text, voice, sound or image message sent over a public communications network” directed to a "recipient". So when the term is not used in some of the marketing provisions (as in Article 13(3) of the Directive), one can make the inference that the provision is intended to apply to other forms of marketing that is not conveyed by “electronic mail”. The assumption being that if the text of the Directive wanted to limit the provision in Article 13(3) to “electronic mail” it would have been in the text.

Also note the use of the word "recipient". This refers to anybody (eg a "user" of the system) who receives a marketing message and includes a subscriber (who is likely to be identifiable because they pay the bills). Note also that "users" are more likely to be anonymous (as they just use the subscriber's system). Keep this distinction in mind for a moment - it is important!

Throughout Article 13 there is a conspicuous absence of the use of “personal data”, although obviously personal data are subject to the e-marketing rules (eg an email address is often personal data – chris.pounder@amberhawk.com). So where the term “personal data” is not used (as in Article 13), then provisions are clearly intended to apply in circumstances where other “data” (ie beyond the narrow confines of personal data) are processed for a marketing purpose. As behavioural marketing involves such “not personal data” (according to Google and other behavioural marketers – see documents), the Article clearly allows for member states to legislate for control over marketing that does not use personal data.

By contrast, the consultation states that the effect of the revised Article 13 is limited to “personal data”. This is because the consultation document requires that any “data” used to convey “electronic mail” has to relate to an “individual subscriber” and because of this, the data have to be “personal data”. Note also (as mentioned above) that in the Directive "electronic mail" is defined in terms of a "recipient"; a recipient includes the subscriber and any user of the subscriber's system. The consultation document in effect equates "recipient" with "subscriber" - which is not what the Directive says!

SANS - Survey on application security programs

More from The Register

next story
EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?
Wait 'til this one hits your pension fund where it hurts
Systems meltdown plunges US immigration courts into pen-and-paper stone age
Massive outage could last four weeks, sources claim
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
UK.gov chucks £28m at F1 tech for buses and diggers plan
Well, not really F1 but who's heard of LMP and VLN*?
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.