Database Reference
In-Depth Information
and 11). The idea behind this principle is closely related to informed consent: a
person is only able to provide informed consent if he or she knows for which
purposes his personal data will be used. This requires a clear description of these
purposes. If the purposes are not clear, consent would imply
carte blanche
. In fact,
it is arguable whether such consent can be considered
informed
consent. The
purpose specification principle is thus closely related to the notions of autonomy
and control discussed in the previous subsections.
However, in the information society and particularly with the rise of data mining
techniques, the purpose specification principle is gradually losing meaning for
several reasons. First of all, many organizations have a great need for information.
The basic idea is that in an information society, it is necessary to base all decisions
on as much information as possible. Organizations want to know who their clients
are, how they behave, et cetera. This creates a drive to collect large amounts of data
and to analyze these data for useful patterns. The purpose specification principle
limits the collection and analysis of personal data, but organizations may not like to
be limited in this respect. This does not mean that organizations plainly ignore the
purpose specification principle. Many organizations nowadays simply formulate
their purposes rather broadly, so that concrete purposes do not necessarily have to
be known at the time of collection. Common phrases include: “we use your
information to fulfill your requests”, “to personalize your experience with us”, “to
keep you updated”, “to better understand your needs”, etc. This development
implies that the purpose specification principle rapidly loses its meaning.
The second reason why the purpose specification principle is failing is that
purposes of data collectors and processors may change. Obviously, when this
happens, organizations may change the text in their privacy statements regarding
their purposes accordingly, but this does not necessarily mean that they will delete
personal data collected for the previous purposes. As indicated in the previous
subsections, once a piece of information has been disclosed (or discovered by data
mining), it is practically impossible to withdraw it. The information may easily
spread through computer systems by copying and distribution. It may be difficult
to trace every copy and delete it. Furthermore, it may be very difficult to retrieve
which part of the data were collected for which purpose (present or past).
Moreover, when a data subject becomes 'attached' to a certain service, for
instance because all his peers use the service, or a great deal of data is stored in the
service in a proprietary format, withdrawing from the service becomes more
difficult. In many cases data subjects therefore simply accept changes in the
privacy policies, as leaving the service because of these changes is often an
unattractive option.
A third reason is related to the very nature of data mining: data mining aims at
discovering patterns and relations that were previously unknown. Data mining is
not a theory-driven approach, starting with reasonable hypotheses, but a bottom-
up approach, starting without any hypothesis at all.
16
This is the core of the
innovative nature of data mining technologies, which may result in very useful,
16
See Chapter 1. Note that there are different ways of generating hypotheses, see Chapter 2.
Search WWH ::
Custom Search