The European Commission
(EC) has opened an infringement proceeding against the UK after a series of complaints by Internet users, and extensive communication with UK authorities, about the use of Phorms behavioural advertising technology by broadband Internet Service Providers (ISPs). The move follows warnings last month by the EU that it could extend its investigation of Deep Packet Inspection (DPI) technology to include Phorm
Phorm works with UK ISPs, such as BT
(WebWise), to monitor what websites you visit for use in targeted advertising campaigns, though its methods have raised more than a few fears about invasions of privacy. Both Virgin Media
(The Carphone Warehouse) are also known to have been in discussions with Phorm, although to date neither has introduced it. BT
angered many when it emerged in early 2008 that they had run two secret trials on customers, without their consent, during 2006 and 2007.
The new EC proceeding will address several problems with the UK's implementation of EU ePrivacy and personal data protection rules, under which EU countries must ensure, among other things, the confidentiality of communications by prohibiting interception and surveillance without the user's consent. These problems emerged during the Commission’s inquiry into the UK authorities’ action in response to complaints from internet users concerning Phorm.
“Technologies like internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules. These rules are there to protect the privacy of citizens and must be rigorously enforced by all Member States,
" said EU Telecoms Commissioner Viviane Reding.
“We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of EU rules on the confidentiality of communications. I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications.
This should allow the UK to respond more vigorously to new challenges to ePrivacy and personal data protection such as those that have arisen in the Phorm case. It should also help reassure UK consumers about their privacy and data protection while surfing the internet.
The Commission are known to have written several letters to the UK authorities since July 2008, asking how they have implemented relevant EU laws in the context of the Phorm
case. The EU appears to have been unhappy with what it has been told and has concerns about structural problems in the way the UK has implemented EU rules ensuring the confidentiality of communications.
Under UK law, which is enforced by the police, it is an offence to unlawfully intercept communications (only applies to intentional interception). However interception is considered to be lawful when the interceptor has ‘reasonable grounds for believing
’ that consent has been given.
The City of London Police dropped an investigation of Phorm
last year, specifically BT’s secret 2006/2007 trials, because it would have cost too much money, been too complex and those taking part in the trials were curiously deemed to have given their “implied consent
”. The Commission is also concerned that the UK does not have an independent national supervisory authority dealing with such interceptions.
The UK has now been given two months to reply to this first stage of an infringement proceeding, with a letter of formal notice being sent today. Lack of a satisfactory reply will result in the proceedings being taken further and could ultimately lead to the EU referring the case to the European Court of Justice.UPDATE @ 15th April 08:42am:
Phorm has offered the following statement in response to the EU's investigation of their service:
The EU Commission has announced today that it is starting infringement proceedings against the UK Government concerning the alleged failure of UK legislation to conform in certain respects with EU e-privacy and personal data protection rules. This is obviously a matter for the Commission and the UK Government. However, in so far as the Commission's announcement references Phorm's technology, we should like to make the following points clear.Consumer Focus's
Phorm’s technology is fully compliant with UK legislation and relevant EU directives. This has been confirmed by BERR and by the UK regulatory authorities and we note that there is no suggestion to the contrary in the Commission's statement today. We do not envisage the Commission’s proceedings will have any impact on the company’s plans going forwards.
Furthermore, Phorm's system stands out from other online advertising systems in that it does not store personal data, or browsing histories. Finally, consistent with UK and EU legislation, and in anticipation of any changes that may be made to the law in the future, our system offers un-missable notice and clear and persistent choice to consumers.
This release clarifies any misunderstandings that may have arisen following the Commission's announcement.
Linda Weatherhead has also added her thoughts on the matter:
“While phone tapping is clearly illegal and unacceptable, it seems that spying on digital communications and activity is not. Information is being collected on our internet viewing habits ‘behind the screens’ and few of us have any choice. It seems that by simply turning your computer on we are consenting to the collection of your personal information.
Consumers need options to protect their privacy. The Government must take the lead so consumers can trust and have confidence in the digital world. Consumer Focus would like to see a set of digital rights - a basic set of protections for consumers to operate in the digital world.
Elsewhere the NoDPI
anti-phorm campaign site appears to confirm that both LiveJournal and Amazon have now opted-out of having their websites tracked by Phorm's BT
implementation (WebWise).UPDATE @ 15th April 1:02pm:
Added a video of the EU's original announcement.