German Data Protection Requires Compliance With DPAs

Website operators in Germany have new rules to govern how they track website users and customer trends. Now, website owners are required to create secure user profiles and may have to seek consent before they can harvest user data for marketing purposes.

Globally, website owners everywhere know how important it is to assess and track the surfing behaviors of their web users. Collectively, this information is worth billions of dollars to the owners of websites around the world. In Germany particularly, the owners are able to harvest critical data regarding the advertising preferences and market research trends of their respective customers.

In the past, the owners were able to create user profiles using software or third party service providers. It was much like identifying a customer and giving the customer either his own name or a fake name to keep track of his spending habits. Owners are now required to play by another set of rules. When they harvest data regarding customer habits, they will need consent from the user to link the information to the real name of the user.

In December of 2009, the German data protection authorities (DPAs) passed an important resolution called the German Telemedia Act (TMG). This provision protects the private sector, and limits how website owners can store the personal data of the website users that they track.

The TMG requires that if a user profile is created, the website owner has to honor any objection that users have to the user profile that is created. The owners will have to then also provide clear disclosure regarding pseudonyms created to form profiles on users. For example, if a user named Gregory Dash gets tracked by a website owner, and the owner creates a pseudonym profile for this person in a file called “ADashofGregory,” this user has the right to ask for disclosure that his name is linked to the fake name, and he can also object to this association.

If it sounds complicated, it really is an easy fix. Any user data created with a pseudonym must not be combined with a person’s personal data, or the customer can request the profile deleted entirely. Also, under the new TMG rules, any personal data collected by website owners can only be used to supply telemedia services, and billings to the customer. Otherwise, the owners will need the customer consent.

In the end, the users will have their privacy protected against website owners who are unscrupulous using captured data to track their preferences. The new rules will help to protect the identity of website users in Germany.

Source: http://www.huntonprivacyblog.com/2010/01/articles/european-union-1/german-data-protection-authorities-issue-resolution-on-website-analysis-methods/index.html