• by Wendy Davis , Staff Writer @wendyndavis, March 31, 2009

European Commissioner Meglena Kuneva is sounding the alarm that Web companies don't adequately protect users' privacy.

"The status quo is not an option," Kuneva said today at a meeting in Brussels about behavioral targeting. "Currently, consumers have little awareness of what data is being collected, how and when it is being collected and what it is used for," said Kuneva, a consumer affairs commissioner from Bulgaria. "The current opt-out systems are partial, sometimes nowhere to be found, they are difficult or cumbersome and most of all, they are unstable."

Unlike the U.S., Europe has a sweeping data privacy law that limits companies' ability to collect data about individuals. But Web companies that engage in behavioral targeting argue that they don't collect personal data when they track users and send ads anonymously, via cookies placed on their computers.

Kuneva made it clear that the authorities view even anonymous targeting as problematic. "The current work on privacy has concentrated on eliminating personally identifiable information such as name or IP addresses from the public domain," she said. "Consumer policy needs to go beyond that and address the fact that users have a profile and can be commercially targeted based on that profile, even if no one knows their actual name."

European regulators have been especially troubled by Phorm -- a company that has offices in the U.S. but hasn't (yet) launched its behavioral tracking platform in America. Phorm's platform, which uses deep packet inspection technology, serves ads to people based on information about the sites they've visited gleaned through their ISPs. Phorm says that it doesn't store information about Web sites visited and that the targeting is anonymous, but the platform alarms privacy advocates because ISPs have comprehensive data about users.

In 2006, the Internet service provider BT Group secretly deployed Phorm's behavioral targeting platform in a two-week test that involved 18,000 users. Those tests, conducted without notice to users, potentially violated Europe's sweeping data privacy laws. Since news about them broke in The Register, European privacy regulators have pressed U.K authorities to take action.

Still, for all the tough talk today, Kuneva, like her counterparts at the Federal Trade Commission, seems to hope that Web companies come up with their own solutions. "As the new U.S. Federal Trade Commission Chairman, Jon Leibowitz said recently, any reliance on industry to improve the situation does not amount to regulatory retreat but rather to a last chance given to business to improve the situation," she said.