24 October 2016

Privacy Law

The majority of people using the internet don’t seem to care about the random use of their personal data. But Privacy Law gets a new assignment because of the nearly infinite possibilities to collect and link data on the internet. That implies the necessity of limitation and law regarding the security of online data.

Personal data is everything that contains details of the user, ascertains his identity or is able to determine it. For purchaser, service contractor or recipient of a transmission data is indirect personal when the identity of the user can’t be found out with legally permitted tools.

Sensitive data are natural person’s data about their racial and ethnical origin, political opinion, and membership of a union, religious or philosophical conviction, health or sexual life.

Special problems
The special technics of the internet allow to collect, link and analyse user data in an unprecedented manner without the users even being aware of that condition.

Cookies
Cookies are text data in which a server saves information about the “surfer” on his/her computer (hard drive, in Windows systems in the Windows system register c:\) and access this information on the user’s server the next time he/she visits the website. The purpose of the cookies is to mark the user and to prepare personalized websites. If the user visits the same website again later then the hard drive search routine sends the cookie to the web server so it can identify the visitor. The data which is saved in the cookie can come from a formula the visitor filled out on the website – then next time even a greeting with the users name is possible – or just the interest deduced from the visitors clicks on the website – then the personification refers only to the last user of the computer but not to a certain person.

Log files
You have to differentiate between web and mail server, close by system log files and network monitoring tools. Each of them is a file where connection and condition data of a server is saved. Normally they exist for technical monitoring of systems (utilisation, optimisation, error detecting, and security) and are thereto absolutely necessary. But they can also be used to spy on the users of a system. Also at the background of privacy law log files can be doubtful (see following: web-bugs). The log files are especially problematic when they are stored and analysed for a longer period than technical necessary.

Web-Bugs
Also called “clear gif”; invisible graphics, mostly in the size of 1 pixel in the colour of the background or transparent, which submit the provider of websites information about the manner of the users to surf the internet. The graphic isn’t at the same server as the website but is loaded by a third server. While the pictures downloads from the third server, user data are transferred to the web-bug server via a script or applet and getting assessed; that’s the original purpose of the web-bug. Thus you can spy very precisely on the manner of visiting. The evaluation provides similar data as the evaluation of log files. But whilst with weblogs you can only evaluate webs on the certain web server, you can monitor whole systems of websites with a system of web-bugs. But the premise is, that there is such spy on every single website.
At the background of privacy law web-bugs are doubtful because personal data are collected. This isn’t possible over an IP-address because an IP-address is a computer-produced address and internet user don’t receive a fixed IP-address from his provider but a different one every time he logs I, which is selected by the principle of contingency, so just the provider knows which user has which IP-address at the moment. But if the website is using cookies, which do more than half of the existing websites, and the user has already provided his name or email address once (e.g. in a web shop) then the user can be clearly identified.

Data mining
Data mining is the praxis from many companies – already outside the internet - to collect, combine and evaluate personal data from customers. Mostly a system of customer cards is established, which shall on the first glance ensure a stronger relationship with the customer by granting discounts. But also consume habits of the customers can be gathered and evaluated with such customer cards. Various information can be collected just by linking different profiles and the customer has no idea. The linkage enables besides specifically advertisement sometimes even statements about creditworthiness.
On the internet there are even more possibilities to spy on users and customers. If you think about that every click is being recorded by the web servers, the interests of online visitors can be easily explored just by evaluating log files of the type of clicked information, dwelling time and transacted shopping. When a website additionally requests a statement of personal data, which is usual on commercial websites then the nicest customer profile can be created. Trough cooperation with companioned companies (data exchange) the customer profile can even be refined.

Tracks in the web
Everyone who actively participates on the internet, either as provider, blogger or participant of a chat or discussion forum or an online community, leaves digital traces. Because of this, it is standard today to “google” for names, if you want to find out something about another person. Especially in the case of a job application has this procedure brisance. Thereby a positive or a negative picture of the certain person can be produced by the results.  The problem is that the outcome can’t be changed once the evaluation is done. Therefore it’s really important that you always consider that every publication on the internet is public and that not even pseudonyms or anonymous email addresses provide protection against revealing ones true identity in consequence of various ties.

Privacy Act
The Australian Privacy Act from 1988 supports not just internet user but people in general and regulates the handling of their personal information. That includes signatures, addresses, telephone numbers, date of birth, medical records, bank account details and personal opinion or beliefs. The Law accomplishes that by regulating and setting up rules for private sector and not-for-profit agencies as well as private health service providers and some small business on how the must handle, use and manage personal information.

Online privacy knowledge
It is very difficult for the Australian government to protect the people on the internet against data misuse not just because of the enormous amount of people actively using the internet (13.3 million) in Australia but because of the wide range of providers and websites, which spread in various areas, for example banking, movie streaming, grocery shopping, fitness trackers and a lot more and can be reached 24/7, 365 days a year. That is why the Office of the Australian Information Commissioner provides useful tips and knowledge for people who wants to protect themselves, e.g. they recommend to take some time to read and more important to understand the privacy settings of devices and apps one is using, which includes to check:

  • What information is collected;
  • If and how long personal information will be stored;
  • Whether personal information is traded to third parties; or
  • What personal information will be published and how that can be prevented

For further information visit https://www.oaic.gov.au/.