Brussels, 22/01/2008 (Agence Europe) - The buyout of DoubleClick, the online advertising company, by Google, the famous search engine, is provoking a number of fears about data protection that go beyond those involving a simple competition issue. This is the main observation made at a public hearing on Monday 21 January at the European Parliament, which brought together the actors, business leaders, consumer representatives and institutions affected by this case. In May 2007, Google paid $3.1bn to buy out DoubleClick. Although, the Federal Trade Commission (FTC), the highest anti-trust authority in the US, announced last December that it would not oppose the buyout operation by Google, the European Commission decided to begin a probe and assessment of the effects produced by the operation on the advertising and online advertising management markets. The deadline for the Commission decision was set for 2 April 2008. The European Commission said that it would not take into account data protection considerations, which could influence the outcome of the case given the fact that over recent years, buyouts approved by the US authorities have generally been cleared by the Commission too. Sophie In't Veld (ALDE, Netherlands) warned: “We cannot disassociate personal data from competition…it would be good if the Commission responded in the case of the Google-DoubleClick merger or on another occasion”. She explained that because laws on private life were quite different from one country to another, while the internet did not have borders, matters had been complicated enormously, which was why they urgently needed a common EU or indeed transatlantic approach. The industries, however, are not prepared to abandon the internet advertising market, which represents around $27bn every year, a figures that could quadruple over the next few years.
Are European rules on data protection effective against attempts to intrude into private life? The European data protection controller, Peter Hustinx said that there were, in effect, rules applying to the internet, including search engines and advertising, which did provide protection. He put the question of whether these rules were sufficient, and affirmed that this was the issue they should be analysing. Stavros Lambinidis (PES, Greece) asked whether internet companies and governments had necessary access to data in police investigations. Peter Fleisher, one of the Google legal experts, indicated that if the public authorities presented concrete requests (child pornography), an answer was given. Fleisher explained that Google had refused (through the courts) disproportionate demands on millions of items of information and stressed that governments' capacity to access this data was limited. The case of the IP address: The president of the European experts' group on data protection (“Article 29”), Peter Schaar, said that the IP address was well and truly personal data and should be protected as such, apart from in exceptions. As an exception, the use of computers in cybercafés was mentioned. Pamela Harbour of the FTC, however, affirmed that according to the US perspective, there was no consensus on this question. Marc Rotenberg, the executive director of Electronic Privacy Information Center (EPIC), explained that the industry was already in some cases able to see who an IP address belonged to and whether it now orientated towards the IP6 model, which generates this practice. Internet without advertising? Mr Fleisher insisted that they had to know who consulted what, and if this were not the case, their businesses would fail. He explained that the improvement in internet services such as free software was mainly due to advertising. Microsoft representative, Thomas Nyrup, said that the internet would not be what it was without advertising. Nevertheless, he did say that they should abide by the three principles of “consent, transparency and security”, especially because consumers should be able to know what data is exchanged. Jean-Marie Cavada (ALDE, France) asked whether the contents of email could be analysed by companies. The Microsoft representative said that his firm did not use this method. Mr Fleisher, however, admitted that his company could use this method to filter “spam”, possible viruses, as well as target advertising. Ms Harbour said that “confidentiality was not pertinent to the Google-DoubleClick acquisition”. She therefore acknowledged that customers of the two companies benefited from more targeted advertising. Defining international rules: a representative from the Spanish data protection authority, Artemi Rallo Lombarte, appealed for international rules to be defined for protecting the private life of internet users, informing them about how their data is used. Harbour affirmed that “cross-border cooperation is a key aspect of consumer protection and private life, which should not be confined to one country”. (B.C.)