Saturday, March 03, 2007

File Sharing and Privacy

I came across a news report from Sky News yesterday on file sharing and identity theft. Trying to find a repeat of the report (podcast) on Sky News website has proven difficult, but there is a short piece asking for views on file-sharing worries. On the report, though, one user on a peer-to-peer networking found, to his surprise that he was not merely downloading files, but also downloaded personal details belonging to individuals. Although he notified Sky News on this, it raises questions about personal data and protection of individuals' personal information online. No doubt, identity theft is a problem, but is the UK Data Protection Act 1998 or even the European Data Protection Directive 95/46/EC satisfactory in dealing with these difficult issues?
The UK Data Protection Act 1998 places a responsibility on "data controllers" (those who hold our personal information) to make sure that our personal information is carefully safeguarded (not the actual legal terminology, but see Schedule 1 of the DPA 1998 for a start). However, with file sharing, is it always identifiable who the data controller is? Probably technological means such as the data controller's IP address (of their computer) is one way of ascertaining the identity of the data controller, but even then, there is the question of being certain that the IP address belongs to the filesharer. No doubt, these will be issues that will have to be considered by the ICO.

No comments: