How private is your web life?

Debbie-Haskell-150x150One of the more conspicuous contributions to the ever quickening pace of modern life is the rapid increase in the use of the internet for commercial and social interaction. This evolution has occurred so rapidly that most people think nothing of spending hours at a time online, accessing the internet through their phones, note books or laptops.  Its origins as the open sharing of academic thoughts and ideas has metamorphosed into such diverse offerings as search engines and shopping; forums and Facebook and not forgetting that the expansion of social media gives you the opportunity to post a million photographs (tagged of course!) of your five year old’s birthday party triumph.

All of this raises an interesting question, one very much the topic of debate in the court recently; is our privacy being sacrificed at the altars of convenience and immediate information?

Why ask this at all? Well the quest for faster access to information and more efficient internet encounters has been revolutionised by an explosion in the use of cookies. A cookie is a simple text file, unique to every browser, which is stored on a computer or mobile device by a websites server. This has undoubtedly represented a quantum leap forward in data collection and retrieval speed, enabling amongst other things, immediate recall of an individual’s preferences, shopping basket or search history.

However, a by-product of this is the increased capability of an organisation or designated client to track and analyse how a visitor uses a website and the internet in general.  Their use has been in the news recently in the case of Vidal-Hall and others –v– Google Inc. where a number of individuals have brought proceedings alleging that the giant collected information from browsers without their consent which was then used to target specific advertisements to those individuals.  What is most interesting about this case is that the individuals concerned used a particular browser which blocked the Third Party Cookies used to track visitors to a website.  It is argued that Google Inc. has developed a ‘workaround’ of this feature enabling them to collect valuable personal information. The complaint raised is that this unauthorised accumulation of their personal data then reveals their personal preferences which were then used to target or tailor advertisements appearing on their PC’s when they used the internet. The case has yet to be decided, but in a preliminary hearing the judges made some significant rulings on the law of data protection and privacy namely that:

1. The misuse of private information is a tort.
2. Claims for general damages and distress under s13 of the Data Protection Act are to be permitted.
3. Personal data can include any information relating to an identified or identifiable natural person.

Therefore, an individual’s internet search history is capable of being ‘personal data’ if the individual to whom it relates, is identifiable.

The Privacy and Electronic Communications (EC Directive) Regulations as amended in 2011 established that whilst cookies are not expressly prohibited, a user should have an understanding of what was being stored on their device and given the opportunity to grant their consent. However, when the government conducted an online survey that same year, whilst 77% of those who participated were concerned about their internet security, 85% of those surveyed were not aware of the existing internet cookie opt out solutions available.

It is likely to be some time before Vidal-Hall and others –v– Google Inc is decided and it may lend some interesting reading on the debate of privacy and data protection . Until then, we advocate that you advise visitors that your website uses cookies, explain what they do and get the individual’s consent to store them on their device. An individual can give implied consent, rather than express consent, as acknowledged by the ICO in its guidance, but whichever form you choose to use, the consent given must always be ‘informed consent’. This informed consent can be proven by giving clear access to your privacy policy and by ensuring that the user clearly understands that their actions will lead to cookies being set.
Our law guide also offers some interesting recommendations.