Database Reference
In-Depth Information
phone, computer) used by the data subject. For instance, a profile may be linked to
a unique number associated with the terminal equipment. Identifiers that can func-
tion in this manner are IP-addresses, IMEI-numbers and MAC-addresses. Another
option is to read from and write information to the terminal equipment, for in-
stance by means of a cookie.
According to the article 29 Working Party when these indirect links are suffi-
cient to single out a person, the associated profile should be considered personal
data:
“Without even enquiring about the name and address of the individual it is possi-
ble to categorise this person on the basis of socio-economic, psychological, phi-
losophical or other criteria and attribute certain decisions to him or her since the
individual's contact point (a computer) no longer necessarily requires the disclo-
sure of his or her identity in the narrow sense.”
9
The applicability of the Data protection directive to profiling in this manner is fur-
ther confirmed in the Article 29 Working Party opinion on behavioural advertis-
ing. In this opinion, the Article 29 Working Party explains why it feels that per-
sonal data is processed in the context of behavioural advertising:
“This is due to various reasons: i) behavioural advertising normally involves the
collection of IP addresses and the processing of unique identifiers (through the
cookie). The use of such devices with a unique identifier allows the tracking of us-
ers of a specific computer even when dynamic IP addresses are used. In other
words, such devices enable data subjects to be 'singled out', even if their real
names are not known. ii) Furthermore, the information collected in the context of
behavioural advertising relates to, (i.e. is about) a person's characteristics or be-
haviour and it is used to influence that particular person.”
10
The key element is that the identifier enables the person to be singled out for a
specific treatment on the basis of the associated profile. On the basis of this rea-
soning by the Article 29 Working Party, most if not all, profiling exercises will
fall under the scope of the Data protection directive. In those cases where an iden-
tifier is used that reads and/or writes information to terminal equipment, article
5(3) of Directive 2002/58/EC also applies. We may thus conclude that profiling in
most if not all current forms, falls within the scope of the Data protection acquis in
Europe.
7.5 Drawbacks to the Current Approach to Data Protection in
the Context of Profiling
We have established that there are moral reasons for the protection of (personal)
data in the context of profiling. If we follow the (broad) interpretation of the
9
Opinion Nº 4/2007 on the concept of personal data, Article 29 Working Party, p. 13.
10
Opinion Nº 2/2010 on online behavioural advertising, Article 29 Working Party, p. 9.
Search WWH ::
Custom Search