Privacy and online data storage Dr Ian Brown, UCL

Introduction 1st and 2nd generation online services Encrypted storage Key opportunity for DP commissioners

1st and 2nd generation online services

Encrypted storage

Key opportunity for DP commissioners

Personalised web sites Gather information on user’s preferences, interests, purchases… Use previous search terms to customise results User normally has choice to remain anonymous

Gather information on user’s preferences, interests, purchases…

Use previous search terms to customise results

User normally has choice to remain anonymous

IP addresses are personal data Buried in a list of 20 million Web searches collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher's anonymity, but it was not much of a shield. N o.4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything”. S earch by search, click by click, the identity of AOL user No.4417749 became easier to discern. There are queries for several people with the last name Arnold, for "landscapers in Lilburn," Georgia, and for "homes sold in shadow lake subdivision gwinnett county georgia”. I t did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, frequently researches her friends' medical ailments and loves her three dogs. "Those are my searches," she said, after a reporter read part of the list to her over the phone

Buried in a list of 20 million Web searches collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher's anonymity, but it was not much of a shield.

N o.4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything”.

S earch by search, click by click, the identity of AOL user No.4417749 became easier to discern. There are queries for several people with the last name Arnold, for "landscapers in Lilburn," Georgia, and for "homes sold in shadow lake subdivision gwinnett county georgia”.

I t did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, frequently researches her friends' medical ailments and loves her three dogs. "Those are my searches," she said, after a reporter read part of the list to her over the phone

Network-centric services Store user data (e-mail, documents, contacts) on servers, where they are directly edited Data can be mined, hacked, blagged and accessed by govt

Store user data (e-mail, documents, contacts) on servers, where they are directly edited

Data can be mined, hacked, blagged and accessed by govt

Insider fraud Source: “What price privacy?”, Information Commissioner, May 2006

Networked data could be encrypted And hence be inaccessible to those storing the data (and their friends) Would require non-trivial changes to network apps and browsers Trusted computing not trustworthy enough

And hence be inaccessible to those storing the data (and their friends)

Would require non-trivial changes to network apps and browsers

Trusted computing not trustworthy enough

Directive on privacy and electronic communications (2002/58/EC) Recital 9: “The Member States, providers and users concerned, together with the competent Community bodies, should cooperate in introducing and developing the relevant technologies where this is necessary to apply the guarantees provided for by this Directive and taking particular account of the objectives of minimising the processing of personal data and of using anonymous or pseudonymous data where possible.”

Recital 9: “The Member States, providers and users concerned, together with the competent Community bodies, should cooperate in introducing and developing the relevant technologies where this is necessary to apply the guarantees provided for by this Directive and taking particular account of the objectives of minimising the processing of personal data and of using anonymous or pseudonymous data where possible.”

Key opportunity for DP authorities Require that network-centric applications live up to same minimisation standards as personalised websites This will be much harder to do once network apps become mainstream

Require that network-centric applications live up to same minimisation standards as personalised websites

This will be much harder to do once network apps become mainstream