EE debate mobile weblogs and privacy
The companies didn’t add anything new to what we had learnt in previous conversations. They clearly don’t see a problem with collecting highly personal information, including internet usage, and building commercial insights on it. EE argues that collecting such data is required for business purposes.
For example, if you query your mobile data bill they could use your web history to show you why. This raised a few eyebrows. They also claimed that everything is in their privacy policy, which is partly true. We think however that the policy of EE and those of other companies should provide more detail. Also, there is no opt in or out option here.
Ipsos MORI defended their integrity as handlers of personal information and explained that the data they get is anonymised thoroughly. For them mobile data seems a continuation of their work gaining insights into people’s heads as pollsters and market researchers.
Joss Wright argued that data cannot be “anonymised” in binary form, but that instead we should speak of probabilities. Also he queried the concept of personal data and how you can learn a lot about someone without needing their name, date of birth and other identifiers.
The ICO said they didn’t see a fundamental problem, although they think that there is a lot of room for improvement in how companies communicate their policies and what happens to data.
There were lots of really interesting contributions from the floor. Our audience was of a very high calibre and very informed. People raised a broad range of issues: highly technical questions on international data sharing, how can value be transferred back to customers, as happens with loyalty cards, and many others.
What we took home is that we still want to know a lot more about what exactly is being collected and processed by EE and other mobile companies. We are going to ask again EE to provide this information and help our technical experts understand the processes.
We remain concerned that collecting customer behaviour data for commercial purposes may require better consent models and current privacy policies may not be enough. We need to establish more clearly that data protection is upheld, not just in the data sharing with Ipsos MORI, but throughout the whole value chain.
Ultimately we think the mobile industry may need to sit down with other stakeholders and develop a code of practice that goes above and beyond minimum levels of mobile companies’ views of data protection.