Digital TV and interactive services

18 October 2006

Debora Stella, Francesco Fulgoni

As a result of complaints, the Italian Data Protection Authority has issued guidance on use of customer data by interactive services such as pay-per-view and video on demand.

The connection of IT and TV devices to the service provider via a data communication line (a so called "return channel"), through decoders or set-top-boxes, etc means that the subscriber/user can interact directly with the service provider. Keyboard customers can obtain or purchase services or products offered by the service provider via the transmission of information by remote control.

This continuous transfer of information has a serious impact on the privacy of the subscribers, because the interactive TV service gives the service provider more opportunities to monitor and profile subscribers and other users that unknowingly disclose personal information to the service provider. This happens in particular when the subscribers use interactive systems, for instance, to purchase services such as movies and sport events, or to take part in opinion polls, games, tests or interactive advertising.

Normally the services which use such technologies involve the identification of the requesting subscriber or user and the processing of a huge quantity of personal data.

This recently caused claims to be filed before the Italian Data Protection Authority by customers who were unhappy with the approach taken by some providers in relation to the use of their personal data.

As a consequence, the Italian Data Protection Authority issued general guidance on the necessary and appropriate measures for legitimate processing of data collected through interactive services.

In addition to general obligations under the Italian data protection law the processing of data for interactive services must comply with detailed instructions including:

  • Data minimisation and proportionality
    Personal data obtained for billing purposes cannot be used to carry out research on connection duration, viewing of programmes or events, viewing times and/or interruptions, changes of channel, and viewer's behaviour during commercials, except where the information is needed for billing purposes.

    In addition, any request for individual users to identify themselves when sending information via the return channel must be checked by the Italian Data Protection Authority which may order the service provider to implement additional measures and precautions to strengthen the protection of users' personal data.

  • Information notices
    The information notice must specify the kind of traffic data processed in the supply of a service as well as the duration of processing and storage. The information notice must be positioned prominently on the form. In addition, any subscriber or other users accessing the interactive services should be informed (or re-informed) quickly and effectively about the possible use of his/her personal data through the display of a short initial notice containing detailed information which must be accessible by a simple click on a key.

  • Consent
    Where the provider wishes to process data for profiling and monitoring purposes or in order to transfer personal data to third parties, this should be clearly communicated in a detailed notice. The user's consent to the processing of the data for these purposes must be sought.

  • Sensitive data
    Generally no sensitive data can be processed in the provision of these services. Should the service require the processing of personal data, the provider must obtain (i) the authorisation of the Italian Data Processing Authority, and (ii) the consent of the users/subscribers. Sensitive data can only be communicated where there are authentication procedures and confidential passwords.

  • Payment and billing
    Interactive products and services available on digital TV can be accessed by users other than the subscriber. If the bill issued to the subscriber reports all the services purchased, this may cause violations of privacy of other users who have accessed the interactive services.

    In order to strike an appropriate balance between the need to protect the privacy of the users of the services and the need of the subscriber to verify the correctness of the invoice, the invoice for the services and products (for example, the pay-per-view products) must mention the total charges, dates and usage costs; however, the details of the titles or descriptions of the purchased events can be released only upon a specific subsequent request by the subscriber.

  • Data Retention
    The collection and retention of data is not allowed unless there is a specific need to invoice single products or services and the subscriber has given prior and separate consent to the profiling activities of the provider. In any case the retention period of such data is strictly limited by the Authority to 12 months in case of profiling or 3 months in case of administrative purposes.

  • Organisational measures
    Databases containing personal data cannot be shared with external outsourcers.