I think for your typical internet user, the awareness and understanding of behavioural targeting is limited, but still of a major concern — typically coming to the conclusion that ‘Big-Brother is watching you’. I think it is interesting that a major concern that is commonly expressed (particularly in the US) is that the government is utilising big data and behavioural profiling to actively survey individuals. I guess my stance on this (although I do accept the privacy regulations in the public sector are also limited) is that the greater concern would be the private sector information gathering. Within the US, there are not a huge amount of regulations on what private companies can do with your information and private data, and a lot of it is self regulated. Surely government would be more trustworthy in holding your data, or their servers are less likely to be hacked than that of a private company with your information, or would they be a bigger target for other nation states?
I think it is pleasing to see that initiatives such as the European Commission to reform data protection rules, covering regulations in both the private and public sector. I like your three suggestions as a ‘here and now’ approach, but I would suggest that normalised legal processes for the digital age need to be adopted centrally. At the end of the day, the internet is a huge part of life and becoming more so, as well as expanding into untapped populations around the world. There is going to be more personal data online than ever before, and it simply needs to be regulated the same as medical, industrial and financial commerce (mainstream) sectors.
I would be interested to see if you have similar views.