It was almost two years ago that the infamous Shopping Lens feature was added to a beta preview of Ubuntu 12.10. Plenty of folk did not like the idea of having their Ubuntu suddenly transformed into an online shop; the inadvertently fashion in which the feature was announced only dumped more wood on the fire.
Throughout the following weeks the row focused on the awkward matching of unsolicited advertisements with free and open source software. In the meantime I started wondering if something far more serious could be at stake. Regarding previous experiences with data collection in my professional career and after carefully re-examining the European Directive on data privacy, I made public a series of concerns that lead me to a mini-saga, and Canonical to consider the matter in a totally different way.
Apart from some initial surprise, there was never much of a reaction from Canonical, at least publicly. I tried to engage the issue at the Ubuntu Forums, but my threads were persistently deleted or closed. I thus took the decision to trigger a formal investigation on the matter.
Absent a reply, and still feeling that the default activation of the Shopping Lens was not entirely conformal with the law, I decided to proceed with a formal complaint. This complaint could have been delivered at the data privacy office of any EU member state, but Canonical being seeded in the UK I opted for the Information Commissioner’s Office (IOC). It was not a straightforward process, requiring some insistence; eventually I would get notified of an investigation opening last December.
Nine months passed without any further information from the IOC. A few weeks ago I started preparing a complaint to submit in another member state, but it all came to an end with an e-mail from the IOC last week.
In essence, the ICO deems the various improvements introduced to the Shopping Lens during the past two years sufficient to render it conformal with the law. This reasoning also means that when it was first introduced, with Ubuntu 12.10, the feature was not legal. While my concerns were not fully acknowledge by the IOC, this latter fact makes this whole process well worthwhile. In spite of the conformance method, the law applies equally to open source software.