Protecting your virtual privacy

November 3, 2009

The details of your personal life, such as grocery purchases and pizza topping preferences, are collected every day ― online and by club and discount cards from the gym, department store and supermarket. Though this data seems innocent enough, when it's put together it can tell a whole lot about your health, finances and behavior. That information, a Tel Aviv University researcher reminds us, could eventually be used against you.

Dr. Michael Birnhack of TAU's Faculty of Law and Prof. Niva Elkin-Koren from the University of Haifa recently completed a comprehensive study on information privacy laws in Israel and found compelling reasons for lawmakers everywhere to take notice. "Our research from Israel can serve as a case study of the shortcomings of a comprehensive data protection program," says Dr. Birnhack.

"It's not just sites like Facebook and Twitter that should cause concern," he continues. "It's all the trivial things that are collected about us that we're not protected against."

Your digital dossier

The process can be seductive: information collected by websites has benefits, too. Based on previous purchase and search queries, Amazon can recommend books for readers "just like you." But in the wrong hands, similar information collected by Web sites and discount card companies could be used by health insurance organizations to boost premiums or by employers trying to figure out how many sick days you'll be taking each year. It could even make or break your chances of landing that new job, Dr. Birnhack says.

A health insurance provider doesn't need to see your medical records to understand the state of your family's health. It can learn just as much by looking at your grocery bill. "If you use a discount card at a supermarket, information on your purchases is added to a database. If you shop for halal or kosher products, your religion can be inferred, and the purchases of fatty or gluten-free foods can provide an indicator of your family's overall health."

Federal legislation in the U.S. regulates for some 15 different kinds of specific data sets, such as health data and credit histories, but not for information collected by club and discount cards or by commercial Web sites. And it's more difficult to write a law to secure confidentiality in those areas, says Dr. Birnhack.

"Unless there are specific laws in place, this personal digital information is up for grabs. It can be bought and sold between governments and private companies, which can then conduct data mining and analysis on it and sell the results to third parties," he explains.

Like Europe, Canada has a universal informational privacy policy, but U.S. data collection and dissemination regulation is more limited. Justice system lawyers are currently debating the issue of informational privacy, and Dr. Birnhack suggests that they look to Canada's law as a good way to protect privacy. "Canada has the best data protection regime in the world," he says. "It's very powerful."

Reading the fine print

In conducting their research, Birnhack and Elkin-Koren examined close to 1,400 Israeli websites and their privacy statements and attempted to discern whether or not the sites complied with the law. They then reported their findings reported on the Social Science Research Network (SSRN) website in a paper available at http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1456968.

Even though Israeli law requires them to do so, a significant number of sites don't state that they are collecting this information, while a majority of popular commercial sites reserve the right to change their policies at any time. This means that data is up for grabs.

"Legislators should be aware of how easy it is to collect personal information about citizens to start building more protective laws," Dr. Birnhack concludes.

Source: Tel Aviv University (news : web)

Explore further: Legislation on privacy laws a sticky issue

Related Stories

Legislation on privacy laws a sticky issue

May 18, 2006

Though the federal government's current use of spying techniques has irked many Americans, statistics from polls show many citizens are willing to give up some privacy for increased security.

Report: Widespread data sharing, 'Web bugs'

June 2, 2009

(PhysOrg.com) -- Researchers at the University of California, Berkeley's School of Information released a report late Monday (June 1) showing that the most popular Web sites in the United States all share data with their ...

Watchdog: Facebook violates Canadian privacy law

July 16, 2009

(AP) -- Canada's privacy commissioner says the online social networking site Facebook breaches Canadian law by keeping users personal information indefinitely after members close their accounts.

Prof Warns of Risks on Social Network Sites

October 7, 2009

(PhysOrg.com) -- The data that can be easily extracted from people’s online social networking activities could be either a blessing or a curse, says a UT Dallas researcher.

Recommended for you

Battery technology could charge up water desalination

February 4, 2016

The technology that charges batteries for electronic devices could provide fresh water from salty seas, says a new study by University of Illinois engineers. Electricity running through a salt water-filled battery draws the ...

Researchers find vulnerability in two-factor authentication

February 3, 2016

Two-factor authentication is a computer security measure used by major online service providers to protect the identify of users in the event of a password loss. The process is familiar: When a password is forgotten, the ...

EU and US reach new data-sharing agreement

February 2, 2016

The European Union and the United States struck a deal Tuesday over data-sharing that will allow the likes of Facebook and Apple to continue sending people's information across the Atlantic—but a legal challenge to the ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

RayCherry
not rated yet Nov 04, 2009
This research does not include the lucretive field of stolen data. Corporate and personal computers "burgled" using hacking techniques for private personal information that is collected and sold in bulk. The crimes are investigated. Few criminals caught and prosecuted. But the information moves around the Internet beyond control of the owners.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.