International Working Group on Data Protection in Telecommunications

Common Position

on

Data Protection and search engines on the Internet

adopted at the 23^rd Meeting in Hong Kong SAR, China

15 April 1998

Today, the Internet contains a vast amount of information on almost every topic one can think of. In order to be able to find the requested information on the net, search engines have become more and more popular during the last few years.

With all of these search engines, it is also possible to search for personal data. The result would be a profile of the network activities of a particular person. Search engines could also be used for "data mining". As the Internet is becoming more and more popular for the exchange of information and other activities (e.g. Electronic Commerce), such activities can cause a threat to privacy.

Furthermore, providers of search engines have the capability to draw up a detailed profile of the interests of their users.

Data Protection and Privacy Commissioners have been especially concerned about the possibility to drawing up profiles of citizens in the past. Now the technology available on the Internet makes this practice, to a certain extent, technically possible on a global basis. Furthermore, the planned introduction of filter software for privacy purposes could lead to an additional threat, if the preferences defined in this software by the user are monitored by search engines. The Working Group therefore recommends that any filter software system must be built in such a way that the privacy preferences of users are not monitored or registered by the controllers of websites or third parties.

Finally, with regard to disclosed or published personal data, the Working Group recalls two principles on which its Common Position is based:

• personal data which the user has voluntarily made public are still under the
  protection attached to their nature;
• any individual should always have the right, at any moment and in any case, to object against the disclosure of data referring to him or her on a website, and he or she should have the right to require that the purpose for which the data are disclosed is respected.
  

Recommendations

The Working Group has already in the past stressed the data protection and privacy problems related to the use of the Internet and has made recommendations for possible steps to solve these pro-

- 2 -blems. Regulators could restrict search engines to searching for names and forbid the compilation of extensive and complex searching profiles. However, given the international structure of the Internet, it might not be possible to regulate the Internet entirely by legal means.

Users of the Internet can also be providers of information. They should be aware that every bit of personal information they publish on the net (e.g. when creating their own homepage, a service that is common with major online service providers) can be used by third parties for profiling. Users should have the option to limit the use of their data to certain purposes.

Moreover, messages in news groups can also be indexed and traced by search engines, thus adding information to profiles about who expressed which opinion on which subject. One way to reduce this threat to privacy could be the use of pseudonyms when participating in news services. Internet service providers and software manufacturers should therefore offer pseudonym services to their customers. The use of such services could also minimize the threat to the users' privacy when using a search engine, since a drawing up of a profile of their interests would then be impossible. At the same time, users should be made aware of the risks they are taking when participating in news services under ther real e-mail addresses or even their real names.

Users should also be capable of excluding parts of their own information services on the net from being monitored by search engines. This can be achieved by defining a "no-robots"-option in their website-software. However, this feature depends on being observed by the providers of search engine services.

In view of the need to establish the conformity of search engines with basic data protection principles, a verification procedure will be necessary. The precise methods (e.g. auditing, evaluation, certification) should be subject to a specific study taking into account different situations.

In the contract or agreement concluded between the search engine user and the search engine provider, it should be stipulated that the provider will act according to the EC Directive on personal data protection. Statements like: "The search engine provider shall not record any information about the search of or about the search engine user. After end of the search session, no data will be kept stored." should be inserted into the contract and implemented.

To protect the privacy of the user, full application of privacy enhancing technologies is required where possible. Where and when wanted by the user, an Identity Protector must be available for full anonymity during the search session. The exchange of data must be kept technically in conformity with the proportionality principle as adopted in the 1980 OECD Guidelines and the 1995 EC Directive.

To make it impossible to analyse the traffic flow, conventional security measures for end-to-end communications such as the transmitting of a permanent random bit stream have to be applied.