THE OFFICE OF THE PRIVACY COMMISSIONER
Spacer GifHOME > Resolution on Automatic Software Updates Spacer Gif Spacer Gif Spacer Gif Spacer Gif
Spacer Gif
Spacer Gif Media and Speeches
Spacer Gif Bullet Media Releases
Spacer Gif Bullet Speeches
Spacer Gif Bullet Privacy Awareness Week
Spacer Gif Bullet Privacy Matters Newsletter
Spacer Gif SPECIFIC PRIVACY
INFORMATION FOR:
Spacer Gif > Individuals
Spacer Gif > Business
Spacer Gif > Health
Spacer Gif > Government
Horizontal Rule
Spacer Gif > Federal Privacy Law
Spacer Gif > About the Office
Spacer Gif > Frequently Asked Questions
Spacer Gif > IT and Internet Issues
Spacer Gif > Media and Speeches
Spacer Gif > Publications
Spacer Gif > Privacy Links
Spacer Gif > International
Spacer Gif > Contact us

Spacer Gif

Resolution on Automatic Software Updates

View printable version of this page

25th International Conference of Data Protection & Privacy Commissioners Sydney, 12 September 2003

This resolution was adopted on Friday 12 September 2003

Resolution

The Data Protection Commissioners of Germany, the Czech Republic, Italy, the State Data Protection Inspectorate of the Republic of Lithuania, the Information and Privacy Commissioner of Ontario and the Swiss Federal Data Protection Commissioner propose that the International Conference resolve that:

1. The Conference notes with concern that software manufacturers worldwide increasingly use non-transparent techniques to transfer software updates to users' computers.
In doing so they

  • can read and collect personal information stored on the user's computer (e.g. browser settings, and information on the user's browsing habits) without the user being able to notice, to influence or to prevent it,
  • may gain at least partial control over the target computer thereby restricting the ability of the user to meet his legal obligations and responsibilities as a controller to ensure the security of any personal data he may be processing,
  • change the software installed on the computer which will then be used without any required testing or clearance and
  • may bring about malfunctions in the updated computer without the possibility to identify the update as the cause.

This may cause particular problems in government institutions and private companies to the extent that they are under specific legal obligations how to process personal information.

2. The Conference therefore calls on software companies

  1. to offer procedures to update software online only at the user's initiative or request, in a transparent way and without allowing unchecked access to the user's computer;
  2. to ask for the disclosure of personal data only with the informed consent of the user and insofar as it is necessary to carry out the online update. Users should not be forced to identify (as opposed to authenticate) themselves before they can initiate the download process;
  3. to provide for freedom of choice by offering online updates only as an alternative to other (offline) means of software distribution such as CD-ROM.

3. The conference encourages the development and implementation of techniques to update software which respect the privacy and autonomy of computer users.
Spacer Gif> Privacy Policy Spacer Gif> Copyright Spacer Gif> Site map Spacer Gif> Join Email List Spacer Gif> Glossary Spacer Gif> Calendar Spacer Gif> Newsletter