NEWS29 October 2009

EC ramps up legal action over secret Phorm trials

Legal UK

UK— The European Commission has launched the second phase of infringement proceedings against the UK over the way it handled tests of Phorm’s online targeted advertising software.

The commission says it will issue the UK government with a “reasoned opinion” setting out its case that there are “three gaps in existing UK rules governing the confidentiality of electronic communications”.

It began investigating following complaints about BT’s secret trials of Phorm’s software, which tracks the websites a user visits in order to match them with relevant advertising. The UK government had looked at the technology following outcry over the tests but ruled it legal in the UK on the condition that customers of ISPs were made fully aware that they were being profiled and were given the option to opt out at anytime.

The EC launched the first stage of its infringement proceedings in April, at which time it flagged “concerns that there were structural problems in the way the UK had implemented EU rules ensuring the confidentiality of communications”.

Dissatisfied with the UK government’s response to this first stage, the EC has now set out its complaint in detail. Firstly, it says, there is “no independent national authority to supervise interception of communications”, even though such authority is required under the EU’s ePrivacy and Data Protection Directives.

The EC also says UK rules on interception – which is authorised with the consent of individuals and in cases where the person intercepting the communications has ‘reasonable grounds for believing’ that consent has been given – do not comply with EU rules which define consent as “freely-given, specific and informed indication of a person’s wishes”.

Finally, the EC takes the UK government to task for only providing sanctions in cases where unlawful ‘intentional’ interception has occurred, whereas EU law requires Members States to ensure sanctions against any unlawful interception regardless of whether it has occurred intentionally or not.

EU telecoms commissioner Viviane Reding (pictured) said: “Ensuring digital privacy is a key for building trust in the internet. I therefore call on the UK authorities to change their national laws to ensure that British citizens fully benefit from the safeguards set out in EU law concerning confidentiality of electronic communications.”

A spokesman for the Home Office said: “We are firmly committed to protecting users’ privacy and data. We are considering the commission’s letter and will respond in due course.”

The UK has two months to reply. If the EC again feels that its response is unsatisfactory the case may be referred to the European Court of Justice.

@RESEARCH LIVE

1 Comment

15 years ago

From your article: "...the EC takes the UK government to task for only providing sanctions in cases where unlawful ‘intentional’ interception has occurred, whereas EU law requires Members States to ensure sanctions against any unlawful interception regardless of whether it has occurred intentionally or not." Can we just be very clear about this "intention" and the issue. BT paid a company called Phorm (ex-adware/spyware firm 121Media) to put a system in place that was to snoop on all the data going to selected customers and the websites they visit. This was to intentionally test if it would work. It involved intentionally changing web page contents as part of the test. Phorm's intentions were/are to intentionally watch what people use the internet for, so they can make money from displaying adverts to them. It's no mistake that the government has now instigated a report into price fixing and personalised pricing on the internet. Let's face it, if I know you want something in particular I could charge a different price depending on what I have learned about you. And this does not require any "personal data" like your name. Oh no. This just requires a unique number to reference you, and I can make up that number the first time I snoop on you. As you can see, this is not about "nothing to hide, then you have nothing to worry about" because you clearly do have something to be concerned about, whoever you are and however innocent you are when you shop/bank/chat/whatever on line. BT did not ask for permission to do this in 2006 or 2007. They only asked, after pressure was brought to bear, in 2008. And there's littel evidence they ran the scheme in 2008. They know it was wrong. What we need is someone in the UK to actually test this in law. Why are they not doing this??? Very odd. Very odd indeed.

Like Report