The European Commission is looking into how mobile Internet providers are managing data across their networks, opening up a new storm of debate around the idea of net neutrality. The review is in part gearing up for a new European telecommunications law, which takes effect May 25.

Ars Technica's Nate Anderson writes that there's a reason for interested parties to be concerned about the issue,

As today's Commission report noted, throttling of file-sharing and video streaming traffic has been reported in France, Greece, Hungary, Lithuania, Poland, and the United Kingdom. Blocking or charging extra fees for VoIP has been reported on mobile operators in Austria, Germany, Italy, the Netherlands, Portugal, and Romania.

It's not clear that the new law will give sufficient guidance. PCWorld's Jennifer Baker writes,

There is no set definition of "net neutrality" in the European Union, but it will be a legal requirement when the new Telecoms Package comes into force on May 25. This new law, which sets out rules on transparency, quality of service and the ability to switch operator, must be applied in a way "that ensures open and neutral Internet principles are respected in practice." However, it does not specify how member states may achieve this, leading to confusion in some countries about how to adopt the law.

Some companies and organizations are complaining that there are already big problems with how European carriers treat data traveling on the mobile Internet, writes the New York Times,

Advocates of network neutrality criticized the inquiry as insufficient, saying that the fact-finding mission was superfluous and ignored obvious, continuing problems with the mobile Internet. Operators, for example, do not connect Skype calls over their networks because the Internet calling company's services would siphon revenue from their own businesses.

"The European Union appears to be alone in the developed world in tolerating on such a wide scale these types of arbitrary restrictions on Internet use," said Jean-Jacques Sahel, the director of government and regulatory affairs for Skype in London. "It has to cease and we look to European authorities to unambiguously protect consumers."

Though the European Union is well known for the hard line it took with Microsoft in its antitrust investigation, it's not yet clear how the Commission will position itself in this case. In a press conference, Neelie Kroes, European vice president for the digital agenda, toed a careful line between the interests of the operators and those of their opponents, saying,

Today's report shows a general consensus that traffic management can be useful. For example, it is important to keep video calls running smoothly even if that means an email is delayed by a few seconds. Consumers have the right to choose services, and operators have the right to deliver services, that can meet these expectations. I do not like the blocking or degrading of certain services. But if there is such blocking or degradation, then the customer needs to be clearly informed in advance so that they can make an informed choice about the operator that gives them what they want. It is clearly not OK to block or degrade lawful services by stealth, without informing the customer.

The Wall Street Journal reported this weekend that some Facebook applications--such as games--share the unique number assigned to each of the social network's half-a-billion members with third-party companies including advertising firms. But this latest Facebook privacy scare has actually been brewing for more than a decade. It's all down to a "vulnerability" that was described back in 1999 by Tim Berners-Lee and others working on version 1.1 of the HTTP standard, and which underlies the Web: "The Referrer header allows reading patterns to be studied and reverse links drawn. Although it can be very useful, its power can be abused if user details are not separated from the information contained in [it]."

Here's what that means: Every time your browser loads a new Web page, or a section of one, the server providing the data gets to know the address of the page that sent you there. The same process is at work when you're interacting with an app inside Facebook, which means the app gets a Referrer header containing your unique Facebook ID. That ID is not exactly on a par with a Social Security number. It's a public number that can be used to pull up the public version of a person's profile page, which shows no more than a person has allowed to be seen publically. In most cases it's enough to reveal a person's name, though.

It's not unusual for apps and Web services of all kinds to bundle up metrics and data on their users to share with third parties, and The Wall Street Journal says that bundles from some apps have contained user IDs. Facebook says that in most cases app makers "did not intend" to share IDs and it has reinstated some apps that suddenly disappeared after the Journal's story appeared. As yet, there seems to be no evidence that user IDs were sold intentionally, or used to guide marketing efforts. It's also debatable whether your ID number counts as personal information, and the extent to which Facebook was culpable. On the latter point, it's clear that anyone with a good technical knowledge of the Web would be familiar with this somewhat ancient feature/bug of HTTP, including many at Facebook and elsewhere.

That being the case it seems surprising that, first, there's apparently no established way to cash in on it and, second, no systems exist to head off the issue. As for a fix, one approach would be for companies like Facebook to design their systems to alter this built-in behavior. Another would be a clean-slate redesign of the Web, preventing the need for case-by-case fixes.