- Associated Press - Friday, November 5, 2010

BRUSSELS (AP) - The European Union wants companies such as Google Inc. or Facebook Inc. to give people more control over how their online habits are tracked, requirements that could crimp Internet firms’ ability to target advertising.

Internet companies, privacy activists and the EU’s executive commission are likely to wrestle over the specifics of the rules, which cut to the heart of funding models not only for technology firms but also for many online news sites and blogs.

“People should be able to give their informed consent to the processing of their personal data,” the European Commission said Thursday in a new strategy paper.

It also wants users to be able to modify and delete any information that has been collected, giving them “a right to be forgotten.”

Thursday’s strategy paper will form the basis for an overhaul of the EU’s 15-year-old laws on data protection scheduled for next year. It is open for public consultation until January, and the commission aims to propose legislation by mid-2011. Any new laws would have to be approved by the European Parliament and national governments.

Tracking an individual’s search history to target online advertising is a key revenue source for companies such as Yahoo! Inc. and Google.

Other firms use cookies _ small files placed on a user’s computer _ or pop-up windows to track the websites a user has visited in the past or the books and clothing he has bought online.

The more closely ads can be linked to a user’s interests, the more likely they are to be successful.

But privacy watchdogs have raised concerns over whether this information can be linked to an individual’s name or address, what it could be used for, and how long it can be stored.

Technological advances and the many players involved in so-called behavioral advertising “make it difficult for an individual to know and understand if personal data are being collected, by whom, and for what purpose,” the commission says in its strategy.

Websites should be more transparent about who is collecting data, and why, and how Internet used can “access, rectify or delete their data,” it adds.

However, Thursday’s document doesn’t say whether the EU intends to require users to specifically “opt in” to having their data collected, or whether it is enough to allow them to “opt out.”

Another key question will be how prominently websites have to display any opt-out buttons or links and how complicated the process could be. Google, for instance, already has a small “Privacy” link on its homepage, through which users can edit or clear their Web history.

As it stand right now, the commission’s strategy looks “ambitious,” said Wim Nauwelaerts, a counsel at Brussels-based law firm Hunton & Williams who has advised several technology firms on privacy issues.

“The EU’s data protection framework already had the reputation of being one of the most stringent out there,” said Nauwelaerts. “And this only reinforces it.”

Story Continues →