Keyword: tracking

Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new data protection regulation external link

Zuiderveen Borgesius, F.
Computer Law & Security Review, num: 2, pp: 256-271., 2016

Abstract

Information about millions of people is collected for behavioural targeting, a type of marketing that involves tracking people’s online behaviour for targeted advertising. It is hotly debated whether data protection law applies to behavioural targeting. Many behavioural targeting companies say that, as long as they do not tie names to data they hold about individuals, they do not process any personal data, and that, therefore, data protection law does not apply to them. European Data Protection Authorities, however, take the view that a company processes personal data if it uses data to single out a person, even if it cannot tie a name to these data. This paper argues that data protection law should indeed apply to behavioural targeting. Companies can often tie a name to nameless data about individuals. Furthermore, behavioural targeting relies on collecting information about individuals, singling out individuals, and targeting ads to individuals. Many privacy risks remain, regardless of whether companies tie a name to the information they hold about a person. A name is merely one of the identifiers that can be tied to data about a person, and it is not even the most practical identifier for behavioural targeting. Seeing data used to single out a person as personal data fits the rationale for data protection law: protecting fairness and privacy.

behavioural targeting, cookies, Data protection law, IP addresses, online behavioural advertising, Personal data, Privacy, profiling, pseudonymous data, tracking

Bibtex

Article{nokey, title = {Singling out people without knowing their names – Behavioural targeting, pseudonymous data, and the new data protection regulation}, author = {Zuiderveen Borgesius, F.}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2733115}, year = {0223}, date = {2016-02-23}, journal = {Computer Law & Security Review}, number = {2}, abstract = {Information about millions of people is collected for behavioural targeting, a type of marketing that involves tracking people’s online behaviour for targeted advertising. It is hotly debated whether data protection law applies to behavioural targeting. Many behavioural targeting companies say that, as long as they do not tie names to data they hold about individuals, they do not process any personal data, and that, therefore, data protection law does not apply to them. European Data Protection Authorities, however, take the view that a company processes personal data if it uses data to single out a person, even if it cannot tie a name to these data. This paper argues that data protection law should indeed apply to behavioural targeting. Companies can often tie a name to nameless data about individuals. Furthermore, behavioural targeting relies on collecting information about individuals, singling out individuals, and targeting ads to individuals. Many privacy risks remain, regardless of whether companies tie a name to the information they hold about a person. A name is merely one of the identifiers that can be tied to data about a person, and it is not even the most practical identifier for behavioural targeting. Seeing data used to single out a person as personal data fits the rationale for data protection law: protecting fairness and privacy.}, keywords = {behavioural targeting, cookies, Data protection law, IP addresses, online behavioural advertising, Personal data, Privacy, profiling, pseudonymous data, tracking}, }

Online Price Discrimination and Data Protection Law external link

Zuiderveen Borgesius, F.
2015

Abstract

Online shops can offer each website customer a different price – a practice called first degree price discrimination, or personalised pricing. An online shop can recognise a customer, for instance through a cookie, and categorise the customer as a rich or a poor person. The shop could, for instance, charge rich people higher prices. From an economic perspective, there are good arguments in favour of price discrimination. But many regard price discrimination as unfair or manipulative. This paper examines whether European data protection law applies to personalised pricing. Data protection law applies if personal data are processed. This paper argues that personalised pricing generally entails the processing of personal data. Therefore, data protection law generally applies to personalised pricing. That conclusion has several implications. For instance, data protection law requires a company to inform people about the purpose of processing their personal data. A company must inform customers if it personalises prices.

Consumer law, cookies, Data protection law, discrimination, Grondrechten, Personal data, personalised prices, Price discrimination, Privacy, tracking

Bibtex

Article{nokey, title = {Online Price Discrimination and Data Protection Law}, author = {Zuiderveen Borgesius, F.}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2652665}, year = {0901}, date = {2015-09-01}, abstract = {Online shops can offer each website customer a different price – a practice called first degree price discrimination, or personalised pricing. An online shop can recognise a customer, for instance through a cookie, and categorise the customer as a rich or a poor person. The shop could, for instance, charge rich people higher prices. From an economic perspective, there are good arguments in favour of price discrimination. But many regard price discrimination as unfair or manipulative. This paper examines whether European data protection law applies to personalised pricing. Data protection law applies if personal data are processed. This paper argues that personalised pricing generally entails the processing of personal data. Therefore, data protection law generally applies to personalised pricing. That conclusion has several implications. For instance, data protection law requires a company to inform people about the purpose of processing their personal data. A company must inform customers if it personalises prices.}, keywords = {Consumer law, cookies, Data protection law, discrimination, Grondrechten, Personal data, personalised prices, Price discrimination, Privacy, tracking}, }

Behavioural Sciences and the Regulation of Privacy on the Internet external link

Zuiderveen Borgesius, F.
2014

Abstract

This chapter examines the policy implications of behavioural sciences insights for the regulation of privacy on the Internet, by focusing in particular on behavioural targeting. This marketing technique involves tracking people’s online behaviour to use the collected information to show people individually targeted advertisements. Enforcing data protection law may not be enough to protect privacy in this area. I argue that, if society is better off when certain behavioural targeting practices do not happen, policymakers should consider banning them.

behavioural economics, behavioural targeting, cookies, Data protection, e-Privacy Directive, Grondrechten, nudge, nudging, Privacy, profiling, tracking

Bibtex

Other{nokey, title = {Behavioural Sciences and the Regulation of Privacy on the Internet}, author = {Zuiderveen Borgesius, F.}, url = {http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2513771}, year = {1030}, date = {2014-10-30}, abstract = {This chapter examines the policy implications of behavioural sciences insights for the regulation of privacy on the Internet, by focusing in particular on behavioural targeting. This marketing technique involves tracking people’s online behaviour to use the collected information to show people individually targeted advertisements. Enforcing data protection law may not be enough to protect privacy in this area. I argue that, if society is better off when certain behavioural targeting practices do not happen, policymakers should consider banning them.}, keywords = {behavioural economics, behavioural targeting, cookies, Data protection, e-Privacy Directive, Grondrechten, nudge, nudging, Privacy, profiling, tracking}, }