The new Shopping lens that received so much publicity in the last month, both positive and negative, could be illegal in Europe.
The integration of a Shopping and an Amazon lens in Ubuntu 12.10 is like a gift that keeps on giving. Unfortunately for Canonical, these new features provided a lot more headache than anyone could have thought it possible. Moreover, it seems that Canonical's problems are just starting now.
According to an analysis made by Luís de Sousa, on this blog
, Canonical is in breach of European laws that prevent third-party entities to store and access private data.
When users search anything in the Unity Dash, the search terms and the IP of the user is stored on Canonical's server, without consent.
The European Directive 95/46/EC
is specifically designed for these problems and it stated very clearly what exactly is defined by “personal data.”
“For the purposes of this Directive:
(a) 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”
Further down the line, the seventh article of the same directive instructs that the data can't be given without consent, and the processing of data is completely forbidden.
Other important questions can be raised. What happens to the data, once it leaves the computer? Where is it stored? Is the server on EU territory?
If Canonical wants to push these features onto our computers, with the next operating system update, it has to warn users that personal details will be sent back to Canonical. If the user refuses, the online search feature must be disabled automatically.
Once Ubuntu 12.10 will be officially launched, on October 18, some of these problems will intensify or they will go away, but it's all up to Canonical.