“Microsoft is joining Ask.com in offering Web surfers a way to use its search engines anonymously, and the two companies are now calling on the search and online advertising industry to develop a common set of privacy practices.”
I think this is a good move, consistent with existing requirements, dictated by various Data Protection laws and related legislation.
I am also interested in the follow-ups, i.e. how and in which context the “common set of privacy practices” is going to be discussed, specified and enforced. I believe this should not just stop at the “anonymity” aspect (or to the fact data should be deleted after a predefined period of time) but also embrace other privacy aspects, such as:
- Actively ask for users’ consent when collecting their personal data; clearly state purposes for which this data is going to be used, for the entire retention period;
- Provide tools and mechanisms to end-users to potentially “search” and get reports about the information that has been *internally* collected by the search engine provider (at least during the act of searching, but hopefully also afterwards): this will keep users in the loop and help them to have better understanding of the collected information. How to achieve this might not be trivial but I think it is doable;
- Define mechanisms and processes to actually enforce these practices;
- Explicitly define procedures to audit and check for compliance.
No comments:
Post a Comment