Lee & White

Getting to know you, getting to know all about you... sounds familiar, but unfortunately, it has nothing to do with Rodgers and Hammerstein's musical The King and I, nor is there an ounce of good, wholesome fondness to that phrase.

Rather, the phrase is cloaked with an ulterior motive - Money, Money, Money (and this is not with reference to ABBA's song).

What's wrong with that? Everyone is entitled to pursue that ultimate goal, and surely everyone does - or at least tries to make more money.

True. Perhaps it is safe to say that every business is set up for the purpose of making money, and more money if possible. The question in any business case for an expense is whether there will be a profit to gain - apart from ensuring the customers' happiness and satisfaction, of course.

Alright, enough about the musical influences, and down to more serious business.

Businesses are trying to get to know you. They want to get to know you better. The better they know you, the better they can get more out of you. To do just that, they need your personal information - from your name to how you spend your leisure time, every bit counts. This desire to obtain personal information is not new of course. But how far is that desire corresponding with the individual's best interest? The privacy right?

By researching and analysing an individual's browsing habits on its e-commerce site, coupled with his/her personal information already obtained, an online retailer is able to advertise products/services which are most relevant to that individual.

It is also the case for those companies/retailers which seek to match the type of products/services/brands to the individual customer's taste. Shops with their own payment cards to facilitate quicker payments at the till (to obtain a card, just fill in your personal information in the given form) analyse the information obtained at every purchase (of the type and quantity of things bought...) to send catalogues relevant to the individual customer/household. If toys/stationery items are the most frequent products purchased, the customer finds a catalogue filled with the latest promotions on toys/stationery items in his/her mailbox.

To an extent, it does seem quite harmless as the individual gets what he is interested in and it does save his time and effort in looking for the 'right' or 'most suitable' product/service/brand. And better yet, businesses carrying out these forms of advertising are actually saving cost. No more unwanted, wasted printing materials. No more spending a fortune on advertising products which a particular individual will never take a second glance at.

A very recent report in the New York Times showed that companies can even make predictions about their customers.

Companies can learn your secrets. 

A statistician from Target, a large retailer from the US, divulged that two colleagues from Target's marketing department popped the odd question, "If we want to figure out if a customer is pregnant, even if she didn't want us to know, can you do that?"

Timing is essential in this case. As most new parents are almost immediately bombarded with offers and advertisements on baby products from the moment the birth records are made public, the key is to get this group before any other retailer knows that a baby is on the way. By being able to identify these mothers-to-be as early as their second trimester (the time when most of these women are changing their lives and buying pre-natal vitamins, maternity clothing and baby stuff) the chances of keeping them for years to come are great. These women are then likely to buy diapers from Target, pass by the baby food aisle and grab a box or two, and on the way to the till, add a few more items to the cart. Once the customers get comfortable with the offered products, they will keep coming back - and for more.

The questions for the businesses are:

• Did you tell the individuals clearly that you were doing/are doing/will do this?
• Did you give them a chance to opt out?
• Did you ensure that the individuals can always exercise their rights under the data protection law any time?
• Are you ensuring the security of their personal information both organisationally and technically?
• Can you ensure that if there is a transfer/sharing of their personal information to third parties, that these third parties will ensure an adequate level of protection of their personal information too?

Answer all these with a YES, and you're likely to be a trusted organisation and you understand the business case for privacy. Privacy is profitable. Personal information is an asset. You protect that asset and you will gain trust, the customers that go with it and the profit that comes from doing business with them.

The questions for the individual are:

• Did you ask for any of this?
• Did you ask for your shopping behaviour to be scrutinised? checked? spied on?
• Are you aware of all that they know about you?
• Do you mind that they can build your profile almost spot on?
  For example, Spying On You Mart knows that Mr.Joe Customer who lives at 123 No Privacy Lane and shops at Spying On You Mart, has an estimated salary of $$$. He has at least one son and one daughter (judging from purchases of boys and girls toys) of the ages between 5-8 years of age (judging from the age group of the toys purchased) and potentially has a wife/female partner who is a size 38 (EU) (again judging from the several pieces of female clothing purchased) and they like barbecuing in the summer and eat Activia yoghurts.
• And with this information that they have about you, do they share it with third parties?
• And if they do, what are those third parties going to do with it?
• Will they protect that information from getting into the wrong hands?
• Did you opt in without realising?
• Can you ever stop them if you wanted/needed to?

Answer all these with a YES, and you've consented with full knowledge and with full trust in that organisation. If you can truly exercise your rights as a data subject, and know that that organisation is protecting and will continue to protect your personal information,  then the protection of your personal information is upheld and the duty of that organisation to you is fulfilled.

But in all cases, think very carefully, read the fine print, and do not give your personal information out unless you know what you're in for, your rights and how to get out. Otherwise, it's Hush Little Baby, Don't Say A Word.

The electronic identity card or eID is the statutory or legal identity card in Belgium. Every Belgian citizen in Belgium above 12 years of age has an eID. In addition, foreigners, both within the EU and non-EU citizens residing in Belgium, having fulfilled the necessary residing requirements of the country, are also given an eID. With this eID, you are able to prove your identity and travel within the EU countries.

And it does not stop there. The eID, with a pincode, has a microchip which contains information not visible on the card itself such as one's address and electronic data (known as digital certificates). These certificates confirm your identity when you use the eID card reader. Through the eID, you can:

• prove your identity on the Internet
• place an electronic signature
• apply for official documents and fill in official forms
• and more...

Whilst anyone with an e-card reader can read the details on an eID by inserting the eID into the card reader and using the publicly available software, not everyone may - without a legitimate purpose and with the consent of the data subject. 

The presentation or submission of the eID card is not governed by the Data Protection Law. However, once the information on the identity card is read, copied or manually recorded, processing of personal data has taken place and is subject to the application of the Data Protection Law.

As such, it is of primary importance to establish that there is a legitimate purpose for the reading of the eID. Where the information is visible on the eID card to the naked eye, and sufficient to achieve the relevant purpose, the data controller should only copy/process that information and should not proceed with an electronic reading of the chip. This is because, as earlier stated, the microchip contains both information already visible on the card as well as hidden information which may not be necessary for the relevant purpose. If the data controller reads the information contained in the chip anyway, he is then processing irrelevant and excessive information unnecessary for his purpose(s) and is in breach of the Data Protection Law.

Hence, if you happen to be asked for your eID to be read by the card reader, which seems to be quite common in registering for mobile phone subscriptions and tenancy agreements, do exercise your right to know the specific purpose for reading your eID, and if the information required is visible on the card without having to read the chip, then do know that the data controller has no ground for making this request.

There are many of us who widely publish our photographs containing images of ourselves, loved ones and friends on the Internet on networks such as Facebook, Friendster, Flickr and so on. And more often than not, we also publish photographs of others - including strangers and bystanders who happen to be in that picture when it was taken.

Now, not many people realise that pictures are also personal data, and therefore, fall under the protection of personal data by law. Many organisations also publish pictures of employees, contractors, customers, and members on their websites - usually without prior consent. Since many are unaware of the fact that a picture of a person amounts to information relating to an identified or identifiable natural person, there is no claiming of this privacy right by the affected individual nor a corresponding performance of the legal duty by the data controller.

Many questions can arise concerning this area - including the fact that if one publishes the pictures on a social network for a limited circle of friends and in the course of household activities (whereby the pictures are intended to be shared with close friends), and equates it to placing photographs in the traditional photo album, then surely, this does not fall under the Data Protection law. Then again, uploading pictures on the internet is hardly private despite the privacy settings on such networks because like it or not, the network provider has a copy of these pictures and what is eventually done with them is never fully certain. In addition, in the case of using other applications on a social network, it is a "forced consent" given by users because without permitting these third parties to access a user's general information including his/her profile picture, the user is unable to use the application he/she wishes.

Furthermore, pictures published are easily copied by everyone with a click of the mouse. What happens then?

Pictures of children published by ignorant parents who create websites for their children, boasting every bit of personal information such as address, date of birth, likes/dislikes of their child(ren) are becoming more and more rampant. This certainly opens a floodgate of unwanted attention and risks over the child(ren). Parents are supposed to protect their children - or has this changed?

And so, at what cost is one's image sold? Where is the ultimate control one has over his image? Over his personal data? Over his privacy?

How many people actually read the fine print?

Economic crisis, downsizing, budget issues, bankruptcy. These seem to be some of the more common issues faced by many companies today - so much so that if one approaches them concerning P-R-I-V-A-C-Y, they would show you the front door!

Who has the time to bother about someone's privacy and personal data when there are more "important" issues at hand? Perhaps at first glance, the protection of privacy seems minute at times like these, and even the data subject is not too concerned about the way his data is being handled - he has more pressing matters to think about such as the possibility of losing his job, going bankrupt and so on.

Nevertheless, do take note that whilst these matters affect your way of living and demand your immediate attention, they are not permanent - and life will go on, even if it is not the way we wish it to be. On the other hand, privacy and personal data IS your life - be it on paper or in an electronic carrier, and once breached, can have a lasting negative effect greater than we can imagine. Remember, the right to privacy is sacred, and should be protected - even in times of difficulty, because when the economic sun is shining again, you'll be glad you did.

A person's privacy is a fundamentalright which requires recognition and protection. Whilst it is incapable of precise definition, the concept has been linked with data protection, which interprets privacy in terms of management and handling of personal data.

If you worry about your DNA and personal information being used to invade your privacy, now you have something else to add to your worries. According to a research by theElectronic Frontier Foundation (EFF) documents you print on your colour laser printer are able to indirectly identify you by encoding information that is not visible to the naked eye. Tiny dots are scattered on each page of your document. The information encoded includes time, date and the serial number of your printer. These are just the information that the EFF has managed to crack at the moment.

So, who is behind this brilliant system? The U.S. government, of course. They claim the purpose of this tool is to enable them to identify counterfeiters. Is that the only purpose for this tool? It is yet to be discovered.