When you read the questions, including the statements that come with them as well as the many hints at what CNIL is really thinking, you get a pretty good idea about the (continental, admittedly) European approach to what is expected of big online players in terms of their informing the users on the collection and use of personal, and not so personal, data.It is obvious that CNIL has made quite an effort to actually analyze the policy in detail and distil the questions that the current version indeed does not answer. I think this, as such, is laudable approach, and it might in the end lead to a certain degree of improvement of the information presented. It is certainly much better than simply ranting about Big Internet as some data protectors feel free to do in Germany (in that case Facebook was the victim). Do click the link! It is worth it. Goes to show that civil servants don’t need to be dull, after all!
Still, the whole “companies have to disclose each and every detail of how they deal with user data” idea makes me more and more nervous. I cannot help but feel that it’s less about the average user’s right to be informed, but more about a general hostility towards large and successful online companies (who, by chance, happen to mostly come from outside the EU).
First, I quite simply doubt that it is humanly possible to compile comprehensive information about something as complex as data processing – and to at the same time achieve what, for instance, section 13 of the German Telemedia Act requires: to inform the user “in a way that is understandable for everyone”. No average user will browse through and read the dozens of documents it would take to explain in all detail how things are done. An overflow of detail simply does no good.
And third, constantly requiring more and more specifics, details, process descriptions and – essentially – business methods (because that is what, for instance, the exact way of pseudonymizing, grouping, filtering and so on of user data for targeting purposes is), and the continuing demand to – let’s be honest here –outlaw them, intrude into the very core of what online companies do for a living. And that I find rather difficult to applaud. Evan Brown of internetcases.com recently wrote a really good post on the subject recently.