NEWS5 October 2009

Casro to publish guidelines on digital fingerprinting

Features North America Privacy

US— Guidelines on the use of digital fingerprinting technology are to be published later this month by the Council of American Survey Research Organisations (Casro), setting out requirements for disclosure, transparency and privacy protection when using the online survey fraud safeguard.

Casro said that use of the technology in accordance with its guidelines “is consistent with US privacy and data protection laws”.

Fears were raised last week, however, that the use of digital fingerprinting to detect and eliminate duplicate survey takers could fall foul of privacy laws in Canada and Europe.

The Marketing Research and Intelligence Association (MRIA) of Canada said the technology may not meet the “reasonableness test” of the country’s privacy laws, which places an obligation on organisations to “exhaust” other less intrusive alternatives before collecting personal information.

MRIA said it was “highly likely” that data collected by digital fingerprinting technology would constitute personal information.

It warned such issues may also apply in other markets including Europe, Argentina, Australia, New Zealand and Japan, which have “broadly similar” data protection laws.

Digital fingerprinting works by collecting information about a computer or web browser’s configuration, through which a ‘unique identifier’ is produced that can be used by research companies to check whether the same computer completes more than one of the same survey or takes too many surveys in a given amount of time.

Casro believes that “more data, research and input from providers and users of digital fingerprinting technology is needed before it can be determined whether the use of such technology complies with the privacy regulations of Canada or the EU”.

In a statement the trade association said: “Casro maintains that technologies designed to improve online data quality, including digital fingerprinting, if ethically and accountably managed, do not breach personal data and privacy protections.”