behavioral targeting & european la · behavioral targeting & european law w3c workshop: do...

Behavioral targeting & European law

W3C Workshop: Do Not Track and Beyond Berkeley 26-27 November 2012

Frederik Borgesius Institute for Information Law, University of Amsterdam

New York University

2

Contents

1. Consent for tracking technologies

2. Data protection law and behavioral targeting

3. W3C?

3

1. Consent tracking technologies

Consent for storing and reading information in device.

Exceptions: necessary for communication / requested service.

Art 5.3 e-Privacy Directive

4

Contents



3. W3C?

5

2. Right to Data Protection Charter of Fundamental Rights EU

6

2. EU data protection law & behavioral targeting

Data protection law generally applies to nameless profiles for behavioral targeting.

7

‘Personal data’ in EU

Any information relating to an identified or identifiable person.

Art. 2(a) Data Protection Directive

8

Personal data

9

Personal data

W3C Team, © R. Ishida 2008

10

Court of Justice EU

IP addresses: personal data

(case concerned ISP)

CJEU, Scarlet/Sabam, 24 Nov 2011

11

EU Data Protection Authorities

Nameless profiles for behavioral targeting: personal data.

Can be used to ‘single out’ a person.

WP29, behavioural advertising opinion 2010

12

EU Personal data

EU Personal data

Personally identifiable information ‘PII’

13

Data protection law: Fair information principles (FIPs)

- Consent (or other legitimate basis)

- Transparency - Right to access data - Data minimization - Security - ...

Overview FIPs: Gellman, ‘FIPs: a basic history’

14

Contents



3. W3C?

15

W3C & Fair information principles (FIPs)?

- Consent (or other legitimate basis)

- Transparency - Right to access data - Data minimization - Security - ...

Overview FIPs: Gellman, ‘FIPs: a basic history’

16

Contents



3. W3C?

Thank you!

Frederik Borgesius

@FBorgesius

behavioral targeting & european la · behavioral targeting & european law w3c workshop: do...

Documents