Consumers are being misled about online behavioral advertising and what happens to their data, said Europe’s biggest consumer rights organization.

The European Consumers’ Organization, BEUC, has hit out at the self-regulatory Framework for Online Behavioral Advertising calling it weak, misleading and potentially harmful to consumers’ rights.

The voluntary code of conduct was drawn up by the Interactive Advertising Bureau Europe and the European Advertising Standards Alliance. But BEUC considers the initiative “an incomplete patch-work solution which does not necessarily include all scenarios where Online Behavioral Advertising (OBA) takes place and does not offer consumers the opportunity to express their consent to be tracked.”

In a letter to the Article 29 Working Party, which represents the data protection authorities of the E.U. member states as well as the European Commission, BEUC complained that weak wording in the framework’s guidelines could be interpreted to exclude companies that deliver advertisements on their own sites or on sites owned by any company within its group.

The voluntary framework proposes that an icon be placed on websites that carry OBA ads. By clicking on this icon, consumers would be given more information about what data is tracked and what is done with it. However, according to a TRUSTe survey in the U.S. with a comparable logo, only 56,000 out of 20 million consumers accessed the information.

The use of a graphical icon is an insufficient and potentially counterproductive means of notice for consumers, BEUC said. “Further, the guidelines seem to allow for certain flexibility about where the icon could be placed, only stating it should be placed ‘on websites, in/or around the advertisement.’ This flexibility could be interpreted so as to mean that the icon can be placed in a less visited page of the website, or at the bottom of a page.”

“In addition, the information displayed misleadingly highlights the benefits of behavioral advertising, using arguments such as that the advertisement is tailored to consumer’s preferences, that the information collected is not personal and that this kind of commercial activity supports the access to a “free” Internet. What consumers are not told are the associated risks to their privacy that targeting and profiling entail, what other companies have access to the collected information, how it is processed and shared, and so on,” continued Monique Goyens, BEUC director general.

According to a recent Eurobarometer survey, 64 percent of European consumers said they were concerned about whether organizations that held their personal data handled this data appropriately and 82 percent of respondents who were Internet users thought that data transmission over the Internet was not sufficiently secure. The study also found that only 27 percent of E.U. citizens were aware of all their rights in relation to data privacy.

“Consumers do not always realize information about their Web activities is being collected. Some may like getting targeted information that matches their interests – however, they may not realize that they might not be getting the full range of options available because of records of previously visited websites. Consumers do not control where their data is going and in many cases would not know how to exercise their rights under the relevant data protection laws,” Goyens said.