Legal Eye: Who's tracking your online trail?

Do you know how your personal data is being used online? If you value your privacy, you should, says lawyer Ruth Hoy.

With the advent of social networking and the expansion of search engine capabilities, even the most reluctant web 2.0 Luddite is likely to be leaving a sizeable digital footprint.

And that means everyone from ex-colleagues and employers to prospective partners or would-be criminals can, with relatively little effort, now access your personal information by following the trail we leave online, deliberately or otherwise.

Online privacy
Key issues

1.Setting a precedent: The increase in high-profile online privacy cases and breaches

2.How best to police information online: Self-regulation vs mandatory opt-out legislation

3. Move to international standards: The growing need for, but challenges of, creating a global and uniform set of standards relating to websites' use of personal information

Are internet users doing enough to protect their information online or are search engines and social networking sites lulling them into a false sense of security by failing to put privacy before profit?

This month has put online privacy firmly in the spotlight. While celebrating its 10th anniversary, Google has conceded to pressure and added a link to its privacy statement on its home page and reduced its data retention time limit from 18 to 9 months.

Soon after the Information Commissioner's Office has called for consumers to take better care of how their personal information is gathered and stored by third parties - and to make better use of the protection afforded to them by current legislation such as the Data Protection Act.

Our own recent research at DLA Piper has revealed a worrying level of user negligence when it comes to online privacy. The vast majority of internet users have never read or don't remember ever reading the terms and conditions or privacy statements relating to the search engines or social networks they use. Well over a third don't bother to change their default privacy settings either.

There is no doubt the default settings on some sites provide little active protection and the privacy terms and conditions are often buried on a hard-to-find web page.

But the fact of the matter is that personal data is being made available voluntarily and will continue to be volunteered by the very individuals the law seeks to protect.

Where then does the responsibility for ensuring the integrity and safety of our identities lie?

Clearly users need to take some responsibility for their level of online exposure and how they choose to make personal information available. Recent cases, such as that of businessman Mathew Firsht who successfully fought against a false Facebook profile, have highlighted the need for caution. Some sites have settings that are automatically set to the most private level; others will allow all the information you post to be seen by all other users. But it's ultimately up to the user to check.

That said, as phishing and false social networking profile scams increase in sophistication, and social media advertising and behavioural targeting spreads, the law may soon need updating to provide extra help to users and mandate an opt-out for the sharing of personal information.

Either way, self-regulation by both the individual and the site is not going to be sufficient in the long term. Until there is a unified set of privacy laws and global minimum standards to protect personal data online (and that time is most certainly coming) individual users need to be more savvy about the information they're making available and where it might end up.

Ruth Hoy, partner, DLA Piper's technology, media and commercial group