Lee & White

The Internet. A good place to gather as much information as you need without having to leave your home. Perfect. Let's get started.

You begin your search using the search engines available. Hundreds and thousands of links appear on your screen giving you information about houses available for sale, for rent, and other connected information. You are pleased.

You dig deeper - looking for the right area, for the right number of rooms, for the best price.

Ah, you finally find a few potentials in these websites.

You begin contacting the agent or the property owner via email or the contact form.

You divulge your personal information such as name, email address and contact number for a viewing.

At the same time, note that the property owner has given his personal information such as name, address of the house for sale/rent, email address and contact number on the website too.

Basically, if you have used the website's contact form, then that website has collected your personal information. It now has both yours and the property owner's personal information.

You wait for an answer.

Some time later, one of the property owners contacts you - surprised that you have his contact information and asking about his house which has been sold - 2 years ago!

Another email you receive is from the postmaster stating that the message you have sent has been delayed - the email address is probably no longer in use.

Now think. What is the website doing with all these personal information stored? Why isn't old information being removed? Contact information and pictures of houses of property owners who have sold their houses ages ago are still advertised on the website and misleads the visitor. And through this misleading information, the website collects your personal information as well. So what is going to happen to your personal information? Are third parties getting hold of your personal information? There is no privacy statement informing you of the handling of your data. You contact the website but you receive no answer.

The property owner is also not happy. He contacts the website for his information to be removed. Days later, he checks the website. His information is still there! Spammers happily clog his mailbox using his email address advertised on the website and he keeps getting phone calls about his sold house.

It is a nightmare.

• Mobile phone Did you know that our mobile phones are 'anonymously' tracked for a range of services?

For example: the traffic report, which informs you of the total length of traffic jams in your country, calculates such information based on tracking of mobile phones, checking how fast the phones are moving - if at all - from point A to point B.

The mobile phone service providers promise us that the information they gather is anonymized before use.


• Location based services You can now surf from your mobile phone to a service such as Google Maps which calculates your position - possibly using your built in GPS receiver - to inform you of the services that are available in your immediate vicinity.

This of course, requires that your location is sent to the service provider first.

It was recently discovered that some of the new generation smartphones covertly sends important information back to the manufacturer on a daily basis.


• High street store loyalty card (and other credit cards) We are lured into using these cards, because they make us feel pampered by giving us a few small perks which the other customers do not get.

Of course, every time you use the card, the store registers what you buy, how much you buy, where, when and how often you buy.

Using this data, they can, through data mining techniques deduce a lot of information about you and your family: if you respond properly to their campaigns, if and when you deviate from your routine (holidays?), how loyal you are to certain brands, financial information, ...

This information is then, amongst others, used - by the store itself or third parties - for targeted campaigns.

• Mobile Payments So convenient, we do not have to use coins anymore, or card. We can simply sms a message and the amount we want to pay for is automatically charged to our mobile phone bill.

Think a little bit further, and you'll know who will get their hands on the personal data hovering in the chain between you and the receiver of the payment.

I know that we cannot and should not stop technological evolution, but we need to ensure that every party involved treats personal data properly and always informs and gives the owner access to their personal data - which in the end remains their most personal property.

Companies or organisations continuing to spam after the 1st of July 2009 can be punished with a maximum fine of 450,000€. If spam is still sent, then a complaint is possible on the spamklacht.nl site. The OPTA (Independent Post and Telecoms Authority, the Netherlands) will be supervising compliance to the law. Only upon explicit permission to receive such electronic messages (including SMS and faxes), can these be sent to the receiving party.

And what is the situation in Belgium?

In Belgium, permission is the general rule, with a limited number of exceptions.

With the Belgian E-commerce law, the opt in rule for publicity electronic messages is in effect. One can only send electronic messages for publicity purposes where there is a preceding authorisation. Also, the commercial communication, including its presentation, must be immediately recognisable to the receiving party as being such upon receipt of that communication. If this is followed, then it is technically not spam.

However, the opt-in rule is subject to a few exceptions, making it a soft opt-in approach:

First Exception: Own customers/clients
The rule is exempted where the commercial communication is aimed at the organisation's own customers/clients (natural or legal persons). This exception only applies in the following conditions:

a) The organisation has directly obtained the contact data of the person concerned in the course of a sale of a good/service. [NB: The privacy law concerning the collection of such data must be respected].

b) The electronic contact data are exclusively used for similar products and/or services which the organisation itself provides.

c) The organisation gives the customers (when the electronic data are collected) the possibility of objecting to the use of such data in an easy manner and free of charge.

Second Exception: Legal persons

The opt-in rule is exempted if the following 2 conditions are met:>

a) If the contact data is impersonal, and

b) If the product promoted is intended for that legal person.

Hence, by laying down these ground rules, one can surely see that there is no room for spamming.

So get the intended recipient's permission first if you can't resist sending that commercial communication of yours! 

Hence, whilst testing this form, I opted to leave out my email address. However, upon clicking SUBMIT, the message as seen below appeared and my email address would nevertheless be collected by the website despite negating to disclose it initially.

Email
Whether it is a mail-to function (an email link on the website) which enables you to contact the organization by clicking on the email link, or it is an email address given on the website for contact without the link, you will divulge your personal data such as your email address and name in the email you send. Postal address, phone and fax, phone calls made, faxes sent, or letters written to the organization, will also lead to personal data being divulged by you in the course of obtaining more information about the organization.

To that extent, it does not differ from online forms on the website as the purpose is the same, and you should be informed that your personal data will/may be collected through these means as well.

Personal data invisibly collected on the website
This is where you are unaware of the collection - usually where a specific technology is used to perform the collection, unknown to you.

Technology per se is advantageous, but it can unfortunately, prove to be a menace as
well - sometimes by design, at other times by surreptitious use.

Cookies are a common method of invisible collection and are widely used on websites. Here, it is important that you are informed of the technology used to collect your personal data. Otherwise, being unaware, you are no longer in control of your personal data and such act is a breach of privacy.

Hopefully, this brief information on the subject will give you a hint on what to look out for before disclosing your personal data.

For an in-depth read on the subject, please consider the Privacy Report 2006 on the compliance of Belgian non-profit organizations' and political parties' websites with regard to the processing of personal data in accordance with the Belgian Law on Privacy Protection in relation to the Processing of Personal Data, implementing European Union Directive 95/46/EC.

Everyone agrees that a credit card number or bank account number is not something you should share (even Jeremy Clarkson eventually). But what can people do with my name and address, social security number or date of birth?

Personal data can be used for identity theft - impersonating someone by using as much as you know about that person to get financial or other benefit in that person's name. For example you could go to a bank and request - and receive - a new credit card in the name of the person you are impersonating, with the bills of course being sent to the original person.

How do criminals get their hands on your data? Everybody knows about skimming - a technique where a debit or credit card gets copied by attaching a small device onto an ATM machine. Another well known technique is to steal files from people's computers, by hacking them or by installing viruses or Trojan horses. And of course there is social hacking, asking seemingly harmless questions to a person online or in person, and using that information to build a complete profile.

And criminals move with the times. A BBC team exposed, in a proof of concept, how easy it is to socially hack Facebook and harvest information on other users, including names, passwords and other information.

How do criminals use this data? It seems that data thieves set up data supermarkets to sell stolen personal data to whomever might be interested. Yes, you can get a working credit card number for a few euro, or even buy complete corporate log files (containing names and passwords, server locations, numbers and confidential information) for as little as 200 euro. When closed down, they just reopen on another location.

Stuff to think about. Perhaps you will consider this the next time before revealing some of your personal data to anyone.

You start a company, you register a domain and you get yourself a nice email address with your name in it, firstname.lastname@mydomain.com, and everything is great.

You now have a prestigious address at your own company and as nobody knows the email address, you receive no spam.

And then you register with a few online websites, known or not, and suddenly the spam starts to trickle in, more and more each day, until it turns into a flood that wastes your time and often contains risks such as phishing mails and viruses.

So what can you do? You can hardly change your name or company name. Listed below are a few options: