The battle over your data

  • Comments
A man speaks on his mobile phoneGetty Images
By Rory Cellan-Jones
Technology correspondent
@BBCRoryCJ

Would you worry if your mobile phone number was visible to any website you visited? And, if you had put an embarrassing photo online a few years ago, would you expect to be able to expunge all trace of it now?

Two cases for examination in a debate about the balance between privacy and the free flow of information across the internet which pitches consumers against companies.

The first case is yesterday's revelation that the O2 network is sharing customers' mobile phone numbers with any website they visit. The company was quick to act as a storm brewed up on Twitter after an IT systems administrator Lewis Peckover put online a demonstration showing how an O2 number is revealed when a phone visits a site over 3G.

Yes, said the firm, we do share numbers with some "trusted partners" to allow services like age verification, but we never intended that information to go to every website. That was the result of an error during maintenance, and we've now fixed it.

But why would it matter if your number was handed out to a website? A colleague seemed bemused by the fuss - "if I'd rung them then they'd have my number anyway," he pointed out.

The point of course is that it may well be a breach of Britain's current data protection legislation, which lays out rules for how customers' data can be shared and how they are to be informed.

Rory Cellan-Jones explains the pitfalls of "the right to be forgotten"

And now those rules are to be superseded by tougher pan-European rules, which brings us to our second example. The EU's new data protection directive includes an eye-catching measure, the right to be forgotten.

In other words, the right to tell Facebook to remove all of those indiscreet photos from your misspent youth before you go for a job interview. More radically - at least in the view of the web industry - the right to tell search engines and other sites where your photos may have ended up to expunge them too.

The Commissioner behind the new directive, designed to replace 27 different data protection regimes across Europe, has been hailing it as a victory for consumers. Viviane Reding says it will put people back in charge of their personal data, making them more confident about using online services.

But this new layer of internet regulation has opened up divisions in the broad coalition which united last week to oppose the American anti-piracy laws, Sopa and Pipa.

The Open Rights Group (ORG) welcomed the strengthening of privacy, and warned the Commission to ignore complaints about the burden on business. "Facebook and Google are not the best people to take privacy advice from," said ORG's Jim Killock.

And while Facebook and Google were both muted in their public reaction to the directive, Google was much franker off the record.

A senior executive at the search firm told me that two industries which depended on data, advertising and the web, were just about the only things a sclerotic European economy had going for it, and now both were in danger of being strangled by bureaucracy.

"The data protection directive sees data as a bad thing," said the executive, going on to suggest that the best approach was not imposing bureaucratic rules and regulations, but forcing companies to be transparent about their use of data. "Then you can give consumers choice - if they don't like Google's privacy policy, they can choose to go to Bing."

Companies like Google, Facebook and the major advertisers believe consumers are happy enough to share data online, as long as they know how it's used and gain some benefit. But the European Commission thinks it is tapping into growing public anxiety about web firms' cavalier attitude to privacy. The battle over the future of data is underway, and we are all being invited to take sides.