June 03, 2009

PRIVACY AND THE MOBILE INTERNET

By Wandrille Pruvot, Regional Director, Europe

IMAGINE for a moment that you are travelling to a new place. You've just arrived and you know nothing about it.
You subscribe to a mobile service that's like a travel guide. It provides information about historical facts, places to see, things to do, good restaurants, maps, safety tips and more – all tailored to meet your personal interests.Even better, take a photo of a nearby building, submit via your phone and the application knows exactly where you are, so it can target the information you desire even better.

This is one of the not-so-far-off scenarios that we considered at a recent workshop in Spain sponsored by the European Union.

Think for a moment about the information you are providing this mobile travel guide company. First, there's your personal data and preferences. Many of us are already accustomed to sharing this information with service providers, such as the applications and games companies that inhabit Facebook and other social networking sites like myGamma. But in the example above, you're going a step farther. You're also sharing your exact location.

How can the mobile service provider use your data? Can they extrapolate information to send you targeted ads? Can they share the information with other companies or people? Should you even care that the information is no longer private?

The internet is loosely regulated; mobile carriers are tightly regulated. In many countries, you can't get a mobile number – not even a pre-paid card – without providing identification. So what happens at the intersection of mobile and the internet? Should applications be subject to public guidelines or laws?

Let's take a look at a couple more examples.

IMAGINE that you subscribe to a mobile health and fitness service. When you exercise you place your phone on your arm and it monitors your vital signs – heart beat, sugar level, etc. The device advises you how fast to run, based on your fitness goals and health signature. At the end of your workout, it offers nutritional advice (for example, “You just ran 10km. Time to drink 1 liter of water and eat an orange.”). During the workout, if the device detects a health problem – let's say that you unexpectedly faint from heat exhaustion – it automatically calls for an ambulance.

In this instance, you are sharing one of the most sensitive types of information – medical data – with the service provider. In many countries, medical information is absolutely confidential. Only you and your doctor know what's in your file and even your spouse can not access it without permission. But in this case, the mobile application provider might want to sell your information to manufacturers of health or sports goods, so that they can target their products to you. By subscribing to the service, you are giving the company permission to access your data. Should they be allowed to use it for resale or to target ads?

OR IMAGINE that you subscribe to a networking service, one which lets you know which of your friends or colleagues are nearby. Could be great in a crowded bar or possibly for meeting online friends in real life. But what if the service provider notices that you and another friend are always at the same location every Friday at 10pm. Are you members of a club? Or perhaps you're having an affair? And what about teenagers and children who may not realise what is and is not safe to share (or who to share with)?

Actually, young people, specifically those under 20, appear to care less about privacy than others.

"Online privacy? For young people, that's old-school," exclaims USA Today technology writer Janet Kornblum. Twenty percent of teenage internet users have exchanged naked pictures of themselves. The figure rises to 33% for young adults aged 20 - 26.

However as we get older, such transparency can come back to bite you. Just look at the examples of young adults who have been fired - or not hired – because of a personal online posting.

Back at the EU workshop in Spain, as we debated the privacy implications of these and other scenarios, a consensus emerged. Simply requiring mobile application users to accept a Terms & Conditions agreement before using a service doesn't cut it. Some regulation is needed to safeguard individual privacy. In fact, we believe a public body should be created to manage user data.

Take a look, for example, at how credit card information is managed online. When consumers make an online purchase, usually, they are not actually giving the merchant their credit card number. The information is provided to a bank - or service like PayPal - which verifies the card and then informs the merchant that the payment has been processed. The merchant does not actually see your credit card information.

Similarly, personal data needed to run online applications could be managed in this manner. Consumers would enter their particulars on a public portal. Service providers would then access the data required to run applications from this public databank, but they would neither store nor own the information. Nor would they know WHO it belongs to -- they would access the information via a user ID number, thus protecting a consumer's privacy.

Should this third-party information be a government (or inter-governmental) body or should it be a private company? In essence, who do you trust more – Google or the government? A lot of people today would answer the former. But like my colleagues at the Spanish EU forum, I believe my personal data will be most secure with a non-commercial body taking charge.

Post-script. A note about BuzzCity and privacy. BuzzCity does not share personal data with advertisers aside from global reports aggregating information about age, gender and geography.