Here is the contribution for the Consultation on the legal framework for the fundamental right to protection of personal data I sent on last December to the European Commission (http://ec.europa.eu/justice_home/news/consulting_public/news_consulting_0003_en.htm)
December 18th, 2009
Analysis of the situation:
Personal addresses of citizens (i.e. physical addresses: primary residence, second home …) are considered in most European countries as personal data. As such, these addresses are protected by various legal instruments concerning the right to privacy, including in France, the Data Protection Act of 1978, at the European Community level by Directive 95/46/EC, and by Convention No. 108 of the Council of Europe for the protection of personal data of the Council of Europe.
However, in practice the physical addresses of the citizens are not sufficiently protected:
- • they are often collected in paper or electronic (Internet…) questionnaires and it is not clearly stated: 1 if the citizen has the right to refuse or not to disclose his physical address; 2 if the citizen, who does communicate his physical address, has the right to object that this information be shared with third parties. For example, in France, when subscribing to a landline, to a mobile phone or to the Internet, the physical address is automatically collected by the telephone operator or the ISP (Internet Access Provider) and is then communicated to directories and other information services. To oppose this process, the customer of the telephone operator or of the ISP must take specific steps.
- • Authorities do not adequately protect these data: in France, the Mairie de Paris publishes on its website the addresses of all the Parisians who have applied for construction permits; INSEE (National Institute for Statistics and Economic Studies) communicates to third parties the addresses of all individuals who have settled as professional people and work at home (Sirène diffusion database). To oppose this communication, specific steps must be taken;
- • These addresses are at the core of a very profitable trade. Phone operators, ISPs, directory services, mail order specialists, sell and exchange their mailing lists of individuals to enrich these databases. Is it normal that so much money is made from a personal data – the physical address of a citizen – which, by definition, belongs to him and of which he should therefore control all uses?
The protection of the physical address of a citizen is required for:
- • not to receive unsolicited snail mails;
- • not be targeted by political parties (insistent voices rise everywhere in France but also in Europe, to allow political parties to use the technique of micro-targeting, very widespread in the United States: it involves comparing the maximum of existing databases, such as electoral, commercial, political bases…, to get the maximum of individual data on all voters. These data are used to develop personalized messages, particularly when operating door-to-door – which involves having the physical address of voters).
- • not be robbed: not only is it increasingly easy to obtain the address of someone, but also to access to photos of his house or his apartment (on Flickr, Picasa…) and to know, through social networks (Linkedin, Facebook, Twitter…) if he is at home, at work, on travel …
- • not be assaulted: more and more young Europeans subscribe to geolocalized dating networks (Yuback, Aka-Aki…), to make friends, meet people, etc. A study of the profiles on these sites and you can quickly find the physical address of users. A young woman who does not want to respond to the advances of another person encountered on these sites, can be waited for in front of her house/flat …
- • Collection of physical addresses: The communication of one’s physical address should only be mandatory for administrations, health services, banks, insurances and other services (Police Department, Justice Department, Post Office, ISPs, newspapers, electricity, water, mail order…) which obviously need to access the physical address of a citizen to verify his identity or to provide the service to which he subscribes. In all other cases, the forms for collecting information should indicate very clearly that the disclosure of the physical address is optional.
- • Sharing of physical addresses: In all cases (when the communication of the physical address is required or when it is optional) the default option will be the following: the address will not be shared with third parties (except legal constraints: police investigation, etc.). To be allowed to share the address, collecting organizations will get the explicit agreement of concerned citizens (thanks to a check box on paper and electronic forms or a signature on paper documents…). Otherwise, the citizen will have nothing to do to have his physical address confidential and not shared with third parties. The protection and confidentiality of his physical address will be automatic. Note that in telephone directories, a simple indication of the village, town (or in large cities, district), plus the phone number of the person, is sufficient to distinguish homonyms. The full address is not necessary.
- • Location Based Services (cameras, mobile phones, geolocalized dating networks – Yuback, Aka-Aki…): An option should eliminate the geolocation of all activities (taking pictures…) that it leads to his home. This would prevent one’s physical address from being disclosed on these sites.
- • Social networks (Facebook, Twitter, Linkedin, Yuback, Aka-Aki…): these websites must never disclose the physical addresses of their subscribers to other subscribers or advertisers or any other third parties.