Posts Tagged 'Datenschutz'

*How Much Information Does A Search Query Reveal About A User?

One search query on its own might actually not reveal too much information about a user. If you however, keep logging the queries from one particular user one might very soon be able to gain interesting insights. At some point early this year Google extended its ‘personalized search’ function onto all users, not matter if they were logged into any Google service or not (explanation found >>here<<).

I was first confronted with this topic at the Suma e.v. conference in Berlin 2007. Hendrik Speck (a indeed humble man who even has a ‘My Quotes’ section on his website) mentioned in his speech search engine log files and talked in detail about how much information search engines could gain out of analysing them. In the example provided by Speck he talked -as far as I remember about an overweight, sick old lady who had some kind of fixation on cats. I didn’t really like the example and labelled the whole idea as ‘Google-Bashing‘.

My next encounter with this topic was when I was playing around with the Google Dashboard and was surprised to see that how precisely Google kept track of what I did and was even kind enough to tell me on which days I had been lazy, not doing much research for my blog or my thesis.


Then, last week I stumbled across a ‘cute’ YouTube-video, on the German Basic Thinking Blog, telling a romantic story, just by showing the queries a user had typed in.


Cute, as I’ve said, right? But… let’s take the idea a bit further:

I have repeatedly reported lengthy a service called TweetPsych which allows users to create kind of an psychological profile of any twitter feed, analysing the language used, the topics covered, the frequency of the posts, etc… The first worrying thing about this service is, that it works quite well. The second worrying thing is the idea of spreading this idea from a person’s twitter feed, which he deliberately had decided to publish freely on the internet, to a users search queries. Doing this we would be able not only to analyse a person’s interests but also its mood and even living habits.


Most of you will now say, yes that’s what Google (Google Insight) does anyway. True. But the difference is that Google, at least that’s what they’ve communicated only do this on a large scale.

Interest in the search term 'Michael Jackson'... not so much apparently until his unexpected death


Doing the same with just a single user takes the whole thing to a completely new level. I am not saying this because I am just another privacy-prayer hoping to get ‘street cred‘ for his words but to rephrase an idea I’ve heard from THE Austrian privacy activist (Hans Gerhard Zeger). [I know this idea isn’t entirely new, but I do think its worth being repeated many, many times…]


If data/information about everybody is available, authorities will start searching the data for unusual patterns to be able to investigate or even predict potentially malicious behaviour. So, the second a user types in ‘uncommon’ queries, he/she thus would be under suspicion. And here comes the point; under such circumstances, the whole principle of “presumption of innocence” (ei incumbit probatio qui dicit, non qui negat) is actually turned over. Then the authority won’t have to proof that the user has done anything wrong, but the user would be under the obligation to prove that he/she hasn’t.


I guess, nobody is feeling comfortable about being tracked/logged. At the same time we all appreciate the benefits of this technique. So as always a compromise has to be found as stubborn search engine bashing will just blur the whole situation and allow competitors to use the confusion and find loopholes to put things into practise, big corporations are still struggling to be allowed. Example? While some 70 year old Austrian even attacked an Google Streeview car last week with a pick-axe, nobody seems to care that an Austrian company (Herold Straßentour) has already recorded most of Vienna’s inner city, using pretty much the same technique. So shall Google be punished for at least openly speaking about their plans while others ‘just do it‘?

*Sect. 26 Austrian Data Prodection Act – Lex Imperfecta?

A highly controversial, but somehow “heart-warming presentation” was held at the 3rd Austrian IT-Law congress by a representative of a credit-worthiness database-company who explained the audience that their service was absolutely essential to mankind as without an entry in their database people just wouldn’t be able to conclude any contracts (e.g. signing up for a mobile-phone contract or opening a bank account) any more.  Yes, they appear all to be truly altruistic at heart ans I reckon they just have to “sell” the data to cover their fix-costs. To sum it up what the gentleman from the Deltavista GmBH and a representative of the Austrian Kreditschutzverband, sitting in the audience, said: As grown up human being I shall be no longer contractually capable, unless I am registered in a creditworthiness database!


After the presentations I chatted with my colleagues about the reality of Data protection / creditworthiness databases in Austria and I was told that it is pretty pointless to try to get information from your bank and that the last colleague who tried to do so, in the end changed his bank.


As I am a curious person myself I took a look at the central section Section 26 of the Austrian Federal Act concerning the Protection of Personal Data (de/en version) which states:

“Sect. 26 (1) The controller [Auftraggeber]shall provide the data subject [Betroffener] with information about the data being processed and relating to him, if the data subject so requests in writing and proves his identity in an appropriate manner. Subject to the agreement of the controller, the request for information can be made orally. The information shall contain the processed data, the available information about their origin, the recipients or categories of recipients [Empfängerkreise] of transmissions [Übermittlungen], the purpose of the use of data [Datenverwendung] as well as its legal basis in an intelligible form. Upon request of the data subject, the names and addresses of processors [Dienstleister] shall be disclosed in case they are charged with processing data relating to him. With the consent of the data subject, the information may be provided orally alongside with the possibility to inspect and make duplicates or photocopies instead of being provided in writing.”


(3) Upon inquiry, the data subject has to cooperate in the information procedure to a reasonable extent to prevent an unwarranted and disproportionate effort on the part of the controller.

(4) Within eight weeks of the receipt of the request, the information shall be provided or a reason given in writing why the information is not or not completely provided. The information may be refused if the data subject has failed to cooperate in the procedure according to para. 3 or has not reimbursed the cost.

(6) The information shall be given free of charge if it concerns the current data files [Datenbestand] of a use of data and if the data subject has not yet made a request for information to the same controller regarding the same application purpose [Aufgabengebiet] in the current year. In all other cases a flat rate compensation of 18,89 Euro may be charged; deviations are permitted to cover actually incurred higher expenses. A compensation already paid shall be refunded, irrespective of any claims for damages, if data have been used illegally or if the information has otherwise led to a correction.


Taking all these things into account I approached my bank ( 08.06.2009), my mobile-phone provider (11.06.2009) as well as the Deltavista GmbH (letter posted on the 15.06.2009 as I’ve received no answer to my email). So, let’s see what will happen. I’ll keep you informed!

This Satelite Doesn’t Beep But It ‘Tweets’

Please click here if you want to follow this blog on Twitter.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 94 other followers

Author’s Rights - Online reporting hotline for child pornography and nationalsocialist content on the internet
JuraBlogs - Die Welt juristischer Blogs

Previous Posts:

RSS Goldman’s Tech & Marketing Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS Class 46 Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS WIRED Epicenter

  • An error has occurred; the feed is probably down. Try again later.
wordpress stat