EU steps into digital rights debate

Digital rights management is a threat to individual privacy, according to a draft document from the European Union.

Jo Best Special to CNET News.com

Feb. 8, 2005 5:50 p.m. PT

2 min read

The European Union has issued a draft document on the implications of the spread of digital rights management, which is often used to protect copyrighted material such as software and music.

The EU's advisory body on data protection and privacy is specifically concerned about the way that digital rights management (DRM) can be combined with digital watermarks tags to identify individuals and thus track people unfairly or unnecessarily.

According to the EU's recently released "working document on data protection issues related to intellectual property rights," new technologies to identify or trace people "are being established at the level of exchange of information as well as at the platform level."

The public has until March 31 to comment on the document.

The working document adds that where information is exchanged over the Internet, more and more digital watermarks tags are being used to track people and their preferences--for example, when a music track is purchased online, the purchaser has to enter account information and a unique identifier. That information--identity and musical taste--is then used in some cases to target marketing campaigns.

"Electronic copyright management systems (ECMS) are being devised and offered which could lead to ubiquitous surveillance of users by digital works," according to the document. "Some ECMS are monitoring every single act of reading, listening and viewing on the Internet by individual users thereby collecting highly sensitive information about the data subject concerned."

One example of how data has been collected and then used to track individuals, the document states, relates to file swappers. File sharers have found their identities shared with record industry watchdogs as a result of information gathered by their Internet service providers.

"The research conducted by rights holders is usually based on the collection of the IP address of the users. This information is then combined with users' data as detained by ISPs; in some cases the rights holders directly request the identity of the user to the ISP in order to send cease and desist letters to the users," the report states.

This practice, the EU notes, varies from country to country.

The document "deems it necessary, in this changing context, to recall the main data protection principles and the extent to which they apply in the framework of digital right management."

Jo Best of Silicon.com reported from London.