Blog

It has been another busy week in the world of online privacy and Google is back in the spotlight with the launch of its new privacy policy. A significant update from Google is always something to interest web designers, and this example is no different.

This particular privacy update is supposed to, according to Google, get rid of inconsistencies in its previous privacy policies so that ‘we can make more of your information available to you when using Google.’ This means that Google is now better able to share users’ data between different services. For example, if you use all of your Google services while you are logged in, your search history could have an impact on the YouTube videos that are suggested to you.

The Google blog post announcing the new privacy policy gives the example of Jamie Oliver (bear with us). They say that, for instance, if you do regular searches for Jamie Oliver and you then search for recipes on YouTube, Google might take note of this and suggest his videos for you, or put up ads for his cookery books while you are using other Google services.

The impact of this is two-fold. One impact is that it can help to make services more convenient for users as their preferences will be registered across Google platforms. The other impact is that the changes are likely to make it easier for Google to target ads to web users.

Another impact of the new privacy policy, however, is that it seems as though Google may have fallen foul of EU laws and the EU is currently taking action to examine the policy. When the privacy update was first launched about a month ago, the data protection authorities in Europe expressed concern and suggested that Google ought to wait to implement the policy until an impact assessment had been carried out. However, as we can clearly see, Google have launched the changes anyway.

The concern of the European Union is that the Google privacy policy does not meet requirements with regards to ‘information provided to data subjects.’ The French data protection authority, CNIL, has been asked to examine the policy as a result. One of the main issues that have been raised is to do with the way the privacy policy has been worded; CNIL is worried that it is too general in the way it talks about Google services and the personal data involved. They are worried that this means normal web users will find it difficult to determine the details of the policy in relation to particular Google services.

Google has already tried to defend itself against the EU’s concerns, saying that they have already carried out an extensive awareness campaign to try and educate service users about the changes that are being implemented. They also argue that if you do not want your data to be shared across the different Google platforms, you don’t need to be logged into all of the services in order to use them. 

For example, you can use platforms such as YouTube, search and Google Maps without being logged in. There is also an option to go ‘incognito’ if you choose to browse the web using Google Chrome. Google also makes the point that you don’t necessarily have to operate all of your services from one single account – you can have different accounts for different services if you wish.

However, a counter-argument could run that this all serves to make privacy more complicated than it was before despite the fact it is supposed to simplify things; the new privacy policy automatically applies to everyone who uses Google’s services while logged in and there is no option to properly opt out of it. The only way to avoid the policy is to stop using Google’s services altogether. 

There are, though, some other things that concerned users can do to limit the amount of data that is linked across services. For example, they have the option to delete search histories and can view their Google Dashboard to see what data is held on them and where.

Despite this, there are still concerns. Even though Google carried out an awareness campaign, a poll carried out by YouGov found that 47% of UK Google users were still unaware of the changes. The EU action continues and there is worry from some campaign groups.

One thing we find ourselves wondering, though, is that even if people are concerned or don’t understand the privacy policy, is it going to stop people using Google services? We suspect probably not.

Author Profile on Google+

Follow @AmpheonLtd

In recent weeks, you may have read about something called the Stop Online Piracy Act. Or, to give it the acronym such things seem to require these days, SOPA. This is a bill that has been introduced by a member of the US House of Representatives with the aim of… you guessed it, stopping online piracy.

This bill has caused something of an outcry among various groups – but what is it actually all about? There’s been a lot of controversy over this piece of legislation and it’s something that people have been getting heated about on both sides of the debate, so we thought we’d try and cut through the hyperbole to see what is actually going on.

Essentially, at the heart of this bill is an issue of copyright. The purpose of SOPA is meant to be to try and stop copyright infringement – specifically, the infringement of the copyright of American creative products that are illegally ‘shared’ on the internet by sites based in other countries. Currently, trying to bring these sites to justice in the US is relatively useless because they’re all based offshore.

So on the one hand, it’s possible to see the logic behind introducing SOPA as a bill: people who create a product, whether it’s music, a film or something else, have a legal right to copyright. And, unlike patents which are issued by nation states following an application process, copyright is automatic and universal. If anyone tries to infringe it, the holder of the copyright has a right to challenge them.

High profile supporters of the bill include the kind of groups you might expect to support copyright enforcement, including the Motion Picture Association of America and the Recording Industry Association of America. Another interesting supporter is the US Chamber of Commerce – this is an organisation that usually fights for ‘free enterprise’ but is supporting SOPA on the grounds that rogue websites threaten ’19 million American jobs’.

However, on the other side of the debate we have many of the US’ internet giants. Organisations such as Google, eBay, Twitter, Facebook, LinkedIn and AOL are all opposed to SOPA because they fear that if it were to become law, it would make it harder for the web to innovate – largely because it would invite a lot of lawsuits, which are hardly ideal for creating an innovative atmosphere.

In a way, SOPA is similar to a bill that was introduced in the US Senate, the Protect IP Bill. However, SOPA goes one step further: where Protect IP was focused on groups such as domain name providers, SOPA targets internet providers themselves – in order to deal with targeted ‘rogue websites’, the idea is that the US Attorney General would get a court order that effectively compels internet providers to withdraw support from those sites.

Arguably, it is this that has helped to make the current bill so controversial. But what are the implications for web users if this Act is passed and eventually becomes law? It’s hard to make accurate predictions when the legislation is still being debated and it’s not guaranteed to pass, but it seems as though certain popular websites would no longer be available (at least not in the US, but seeing as the European Parliament recently approved a motion that stresses the need to refrain from ‘unilateral measures to revoke IP addresses or domain names’, it seems as though it could create international issues as well).

Another reason it is controversial is because it has potential security implications. This is because internet providers would be required to redirect certain domain names (such as those of sites containing pirated information) to US security organisations. This matters because it contradicts with something called DNSSEC, which is designed to make things more secure for web users. There’s also a worry that innocent sites could be unfairly damaged – and even that cybersecurity could be compromised.

For now, though, we need to wait and see what happens. There’s big, well-funded support on both sides of the SOPA debate. However, it’s worth pointing out that despite all the noise about SOPA, it still hasn’t come to a vote on the House floor and could be subject to further hearings about its security implications before that’s allowed to happen – and even then there’s no guarantee it will get onto the schedule. But should it make it through it could affect us all, whether we're in the US or not.

One thing, though, stands out: whichever side of the debate you may stand on, it seems fair to say that absolutely everyone is passionate about creating and promoting good content – the main dispute is over how to go about it.

Author Profile on Google+

Follow @AmpheonLtd

Back in June, the EU Parliament passed something called the Consumer Rights Directive. This Directive has since been approved by a meeting of EU ministers and has now become law. Nations have got two years to comply with this new legislation – but what exactly is it?

As the name of it suggests, the Consumer Rights Directive is aimed at protecting consumer rights. It isn’t exclusive to online consumer activities, but this is one of the areas where it is set to have an impact. One of the main points of the directive is to stop websites from ‘pre-ticking’ boxes on online order forms, on the grounds that this can often lead to consumers signing up to things that they didn’t know they were signing up to. Web designers should take note, as there may be an obligation in the client-supplier relationship for the designer to give best advice on such matters.

One well-used example of this is company newsletters: you buy a product from an ecommerce website, but fail to notice the pre-ticked box agreeing to sign up to the online newsletter and future updates about the company and its products. Subsequently, you get inundated with advertising material you never wanted. Some pre-ticked boxes can even cost consumers money. The example given by the European Commission is the way the travel insurance box or an option for car rental will sometimes automatically be pre-ticked when customers are purchasing airline tickets.

Now all of this is going to have to stop, as pre-ticking boxes on order forms has been banned. Another aspect of the legislation is that it stops customers from being liable for charges they weren’t properly informed about when they made a purchase. They also get a fourteen day ‘cooling off’ period on purchases during which they can withdraw from their contract if they wish.

This isn’t the only thing the EU have done recently to try and protect consumers’ rights: the Privacy and Communications Directive does something similar in relation to internet advertising and online cookies, requiring users to give their consent before certain cookies can be used to stop sites from collecting so much information about them.

This brings us back to the eternal struggle between the rights of the consumer and the need for businesses to survive. It also brings us on to issues of implementation, something that is causing a bit of a headache in relation to the Privacy and Communications Directive, as countries have interpreted the legislation differently. But national interpretations and philosophical arguments aside, what does all of this mean for ecommerce websites? Will they be penalised by these recent EU directives?

On the one hand, you could argue that they are being penalised as the Privacy Directive makes collecting useful data more of a burden and the CRD stops them from taking action that may have bought in more business or helped them to get their message out to a larger number of people. However, protecting consumer rights is important and so these directives are largely positive. It also helps to make websites more honest as consumers will now have to specifically state whether or not they would like extra services rather than ending up with them regardless – something that the customers are sure to appreciate.

For example, in a recent press release, the EU details ten benefits of the new Consumer Rights Directive. The first of these benefits is that customers will be protected against ‘cost traps’ that trick them into paying for services online that ought to be free. Another benefit is that hidden charges and costs are not allowed, and consumers will have to confirm to say they understand the price they are being charged. This suggests that the only sites that will be losing out are those that probably shouldn’t be in business anyway.

Also, ecommerce is an area that is growing strongly, bucking the trend as many other areas of the economy continue to struggle. It doesn’t seem likely that these directives will stop this growth: after all, they strengthen the rights of the consumer, so if anything, they will help ecommerce even though online businesses might not like everything within the directives.

This is especially true in the UK. Figures from the IMRG tell us that the UK is the leading e-retail economy in Europe: if sales for 2011 stay on track, they’ll be worth €81billion by the end of the year.  Ecommerce is also growing at a rate of 18% per annum and more than 1 billion packages are shipped out across the UK as a result every year. It seems safe to say that a couple of Directives from the EU aren’t going to stop the online shopping juggernaut.

Author Profile on Google+

Follow @AmpheonLtd

There has long been tension between the need to protect consumers’ privacy on the web and businesses’ desire to grow their online operations in any way they can. One of the things that have led to some of the most heated debates is internet cookies. There has been growing concern among some consumers, for instance, that they are effectively being stalked on the internet. This can be seen in the way a product you might have looked at on one website suddenly appears in adverts on subsequent websites that you visit.

This is the result of internet cookies and, while some cookies are relatively harmless and can in fact be useful (such as by remembering your preferences and log in details), some are not so welcome. As a result, the European Union introduced a new regulation called the Privacy and Communications Directive. The aim of the Directive was to put more guidance in place so that websites know how much information they can collect on their visitors without having to ask their permission.

The Directive is also sometimes known as the ‘cookie law’ and it was due to be implemented by governments by May 2011. At the time of writing, hardly any of them had done so. Only the governments of the UK, Denmark and Estonia had taken any steps to bring the Privacy and Communications Directive into law, and Denmark has since put its draft laws on the back burner.

In the UK, things are quite a bit better, with fairly comprehensive guidelines being given out – but firms still have a year to comply with the new ruling. This means that the ‘third party cookies’, which are thought to be causing a lot of the problems faced by consumers, can still often be found and tailored advertising online still abounds.

Here’s how it works. Say, for instance, that you look on a website for a new power tool. You don’t buy it, but the internet cookies register that you have looked at the product and were interested in it. You leave the website and spend some more time browsing, when you suddenly notice that something keeps happening: adverts for the power tool you were looking at earlier – and perhaps similar products - keep popping up on websites. The aim of businesses, of course, is to try and persuade you to click on one of those adverts and then make a purchase. The concern for web users, naturally, is the extent of the information companies are apparently able to collect on them.

This is what the EU Directive is supposed to help solve, by dividing internet cookies into two groups: those cookies that are ‘strictly necessary’ for services to operate and those that aren’t, which would require users to give their consent before they could be used. As you might expect, many people working in the European marketing industry do not like the Directive as it confuses what they are and aren’t allowed to do.

One thing that has caused confusion is over what the Directive actually requires websites and businesses to do: are they supposed to actively alert users whenever a cookie is placed on their machine, or is it enough to simply make them aware of their security options within their browser, thus leaving it up to the user to alter their security settings if they so wish? Part of this issue arises because the EU’s definition of ‘strictly necessary’ is very narrow, to the point where a cookie that remembers what language you typically view websites in would be likely to fall outside the ‘strictly necessary’ category.

This makes it harder to comply with the law. If you were to assume that the requirement of the directive was that notification had to be given of all cookies outside the ‘strictly necessary’ group, this could potentially lead to a high volume of pop up alerts asking for users to give their permission to continue. This leads to another problem: a lot of browsers block pop ups as a matter of course, and even if they don’t, the vast majority of web users loath them.

However, there is still the problem of users being concerned about their online privacy. There’s also the issue of how the Directive, if fully implemented, would affect businesses: many rely on cookies to work out the extent of their return on investments and believe that tailored advertising actually enhances the user experience. All of this means that companies are now faced with trying to explain to customers the value of using third party cookies.

Even more confusing is the fact that different EU governments are determining the Directive in different ways, so while some countries propose that web users should actively give their consent to individual cookies, others are much more general. Perhaps then, once thing is clear: while a stab at a coordinated effort has been made in order to reassure web users that their privacy is protected, more action and more coordination is still needed to make sure there is a workable policy and that it won’t harm ecommerce in the process. With 27 countries in the EU that all need to be working together, it seems as this could be one that’s set to continue for a good while yet.

Author Profile on Google+

Follow @AmpheonLtd

You are no doubt familiar with the G8, the group of rich nations that meet every once in a while to discuss potent world issues and try to come up with solutions to global problems. They’re meeting again this week and it’s fair to say they’ve got a lot to talk about: from the global economy to the current wave of revolutions taking place and the aid promises they made a few years ago, there’s plenty on the agenda. Perhaps that’s why a notable related event hasn’t had quite as much media coverage as it might otherwise have done.

That event is the eG8 forum, a kind of bolt-on to the main G8 summit that was designed to look at the issues posed by the internet and the role it plays in an increasingly interconnected world. It was opened on Tuesday 24th May in Paris by President Sarkozy and was set up as a two-day event, with some of the biggest players invited. From the big names such as Mark Zuckerberg (founder of Facebook) and Eric Schmidt (Google’s executive chairman) to other players in the information and communication industries, the people attending the forum are some of the most influential in the world when it comes to the internet.

The eG8 looked at the issue of ‘The Internet: Accelerating Growth’ and it’s fair to say it has opened up something of a debate. President Sarkozy used the opportunity to argue for increased internet regulations, suggesting that as the World Wide Web is a global phenomenon, it needs global rules. He made the argument that while the internet offers opportunities for ideas to be heard like never before, the internet should never be a replacement for democracy.

In his opening speech to the eG8, he said: "Total transparency has to be balanced by individual liberty. Do not forget that every anonymous internet user comes from a society and has a life."

The speech was timely: if you live in the UK, there is no way you can failed to have noticed the current furore surrounding superinjunctions and, in particular, the fact that most current injunctions apply mainly to the big broadcasters and newspapers with online forums such as Twitter either not being included or being badly policed when it comes to enforcing those privacy injunctions. This has allowed particular cases to be ‘broken’ through Twitter (we’re not naming any names to be on the safe side) and now high court judges are asking the social networking site for the details of users who have allegedly broken injunctions.

The whole issue feeds into the debate and privacy and the issue over what exactly counts as ‘the public interest’. There are arguments for and against introducing more regulations to the internet, but ‘the public interest’ and privacy are not the only issues raised by the internet and the discussions that were held at the eG8. They also looked at intellectual property, copyright and the protection of children online. In the ‘real’ world, these are all things that are governed by laws, made by governments and enforced by various agencies. On the internet, it’s much less clear cut. Arguments are made for ‘free speech’ over the rights of artists and others to be recognised for their intellectual content. Counterarguments are made that the digital age changes things, that we’re not operating on the same stage as 50, 20, 10 years ago.

It’s not easy to unpick. We’ve written elsewhere about the growing challenges posed by the internet and the minefield of deciding whether or not more regulations are necessary. One thing that does seem increasingly clear, however, is that any solution is going to need to be global or else it just won’t be practical. The internet exists largely outside borders and so to try and contain it within them doesn’t make a huge amount of practical sense.

The eG8 didn’t solve anything. It was more of a talking shop than anything else. It did, however stoke up the never-ending debate about what to do with the internet and all the issues it raises. Generally speaking, Europeans are said to be more in favour of regulating the internet than the Americans, perhaps reflecting the cultural and political traditions of their respective continents. Unless a proposal is generated that everyone can agree on, though, it seems unlikely that the division is going to be resolved any time soon.

Author Profile on Google+

Follow @AmpheonLtd