Frederik Borgesius published a very interesting thesis with the title “Improving Privacy Protection in the Area of Behavioural Targeting“.

In this thesis he describes the practices of the companies that collect information on individuals. He argues that legal measures are necessary to improve individual control over personal information. One of the measures is that the companies collecting personal information should be transparent about it and offer opt-out possibilities. He stresses that practical issues should also be taken into account.

He ends his conclusion with:

Behavioural targeting illustrates the difficulties that privacy protection faces in the twenty-first century. Gradually more objects are being connected to the internet. Transparency and individual control over personal data are difficult to achieve when people use computers and smart phones, but will be even harder to achieve when objects without a screen are used to collect data.

In conclusion, there’s no silver bullet to improve privacy protection in the area of behavioural targeting. While current regulation emphasises empowerment, without much reflection on practical issues, this study argues for a combined approach of protecting and empowering people. To improve privacy protection, the data protection principles should be more strictly enforced. But the limited potential of informed consent as a privacy protection measure should be taken into account. Therefore, the lawmaker should give more attention to rules that protect, rather than empower, people.

This thesis shows that new regulations are needed; regulations for the digital age.

More information:

• Thesis (490 pages)
• Summary and conclusion (31 pages)
• Short summary (9 pages)
• Page on the author at the Amsterdam Institute for Information Law (IvIR)