Mobile Privacy: Parliament debates data protection and the mobile industry
On Monday night, Parliament debated the use of personal data by mobile operators.
We met with Helen Goodman MP last month to talk about mobile companies developing marketing and analytics products based on data about their customers without clear consent. After that meeting, she was able to secure the Commons debate on the issue.
Helen Goodman told the Commons that “current law is inadequate to protect people’s privacy” and “consent rules are completely inadequate.”
“For consent to be meaningful, it needs to be explicit, informed and freely given. Usually, that is not the case—the consent is buried somewhere in paragraph 157 of the terms and conditions—and people have no option to refuse if they want the service at all.”
She went on to ask the Government whether it thought mobile companies can legally process customers’ location data when it is not for the customers’ benefit and if the ICO is doing enough to ensure consumers are aware of how their data is used.
“Do the Government think there is a proper legal basis for processing location data for the benefit of the marketing purposes of third parties?”
“Does the Minister believe that the ICO is taking enough action to require mobile phone companies to keep consumers informed?”
Ed Vaizey – the Minister responding for the Government – didn’t seem to be fully aware of the laws governing companies’ handling of customer data. In his reply, he spoke about the E-Privacy Directive/PECR as if it related solely to cookies.
Helen Goodman had spoken about PECR because it imposes restrictions on the processing of traffic and location data that go beyond the general Data Protection regime. These – apparently lesser known – requirements put a question mark on the legal basis for some of these, so called, BIg Data products.
The Government’s response on this issue leaves a lot to be desired. Open Rights Group will continue to work with Helen Goodman and others to press mobile operators to clarify the legality of their operations and improve their privacy policies. These companies should also make it easier for customers to opt out of data about them being processed and shared to third parties.