Posted on 11/03/2009 10:26:37 AM PST by decimon
TAU recommends that lawmakers take a closer look at digital and Internet security
The details of your personal life, such as grocery purchases and pizza topping preferences, are collected every day — online and by club and discount cards from the gym, department store and supermarket. Though this data seems innocent enough, when it's put together it can tell a whole lot about your health, finances and behavior. That information, a Tel Aviv University researcher reminds us, could eventually be used against you.
Dr. Michael Birnhack of TAU's Faculty of Law and Prof. Niva Elkin-Koren from the University of Haifa recently completed a comprehensive study on information privacy laws in Israel and found compelling reasons for lawmakers everywhere to take notice. "Our research from Israel can serve as a case study of the shortcomings of a comprehensive data protection program," says Dr. Birnhack.
"It's not just sites like Facebook and Twitter that should cause concern," he continues. "It's all the trivial things that are collected about us that we're not protected against."
Your digital dossier
The process can be seductive: information collected by websites has benefits, too. Based on previous purchase and search queries, Amazon can recommend books for readers "just like you." But in the wrong hands, similar information collected by Web sites and discount card companies could be used by health insurance organizations to boost premiums or by employers trying to figure out how many sick days you'll be taking each year. It could even make or break your chances of landing that new job, Dr. Birnhack says.
A health insurance provider doesn't need to see your medical records to understand the state of your family's health. It can learn just as much by looking at your grocery bill. "If you use a discount card at a supermarket, information on your purchases is added to a database. If you shop for halal or kosher products, your religion can be inferred, and the purchases of fatty or gluten-free foods can provide an indicator of your family's overall health."
Federal legislation in the U.S. regulates for some 15 different kinds of specific data sets, such as health data and credit histories, but not for information collected by club and discount cards or by commercial Web sites. And it's more difficult to write a law to secure confidentiality in those areas, says Dr. Birnhack.
"Unless there are specific laws in place, this personal digital information is up for grabs. It can be bought and sold between governments and private companies, which can then conduct data mining and analysis on it and sell the results to third parties," he explains.
Like Europe, Canada has a universal informational privacy policy, but U.S. data collection and dissemination regulation is more limited. Justice system lawyers are currently debating the issue of informational privacy, and Dr. Birnhack suggests that they look to Canada's law as a good way to protect privacy. "Canada has the best data protection regime in the world," he says. "It's very powerful."
Reading the fine print
In conducting their research, Birnhack and Elkin-Koren examined close to 1,400 Israeli websites and their privacy statements and attempted to discern whether or not the sites complied with the law. They then reported their findings reported on the Social Science Research Network (SSRN) website in a paper available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1456968.
Even though Israeli law requires them to do so, a significant number of sites don't state that they are collecting this information, while a majority of popular commercial sites reserve the right to change their privacy policies at any time. This means that data is up for grabs.
"Legislators should be aware of how easy it is to collect personal information about citizens to start building more protective laws," Dr. Birnhack concludes.
AFTAU welcomes your support of scientific and technological breakthroughs at Tel Aviv University. To make a donation, click here.
Thanks for the post. I’m not “paranoid” per se, but I shy away from stores that want personal info when paying cash and stores that require a card for discounts.
Nor am I, but... The thought of leaving a pattern of me on the internet leaves me with a cold feeling. Nothing to be ashamed of in that pattern but it shows what I was interested in at some moments and not how I am. I've checked out the ratings on all sorts of things at amazon.com, for instance.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.