Posted: 30th Sep, 2010 By: MarkJ
The European Commission (EC) has officially referred the United Kingdom (UK) to the
EU's Court of Justice for failing to fully implement its internet and email privacy rules (
ePrivacy Directive 2002/58/EC and
Data Protection Directive 95/46/EC). The original case was brought after BT angered many by running two secret trials of Phorm technology, which many likened to Spyware, on broadband customers, and without their consent, during 2006 and 2007.
Jim Killock, Executive Director of the Open Rights Group, said:"This is great news: Phorm showed there are big holes in the UK privacy laws. We need an official body to deal with citizens’ complaints about illegal commercial interception and enforce our legal privacy rights.
More and more technologies can break our privacy rights. UK law needs to provide real protection."
Phorm controversially worked with broadband ISPs, including BT (Webwise), TalkTalk and Virgin Media UK (the last two never reached implementation), to monitor (
Deep Packet Inspection) what websites you visited for use in
targeted advertising campaigns. BT was the only one to pursue the technology in any kind of practical way. A lengthy campaign against Phorm and related technologies soon began and ultimately resulted in the services major UK supporters scrapping their plans.
However the UK government consistently failed to tackle the problem, which eventually triggered the EC into launching an
Infringement Proceeding against the UK during
April 2009. EU laws state that member states must ensure the confidentiality of people's electronic communications by prohibiting their unlawful interception and surveillance without the user's consent. These rules were never fully implemented into national UK law.
Summary of Key EU Concerns
1. There is no independent national authority to supervise the interception of some communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications.
2. Current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as "freely given, specific and informed indication of a person’s wishes".
3. Current UK law prohibiting and providing sanctions in case of unlawful interception are limited to ‘intentional’ interception only, whereas EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.
Despite several attempts to resolve this problem the EU has never managed to gain a completely satisfactory response from the UK government, both old and new. This is particularly concerning because the new coalition government had pledged to crack down on state surveillance and toughen related regulation to prevent abuse.
General Home Office Statement
We confirm that we are in discussions with the EC about this directive, and are disappointed the Commission has decided to refer the case to the European Court of Justice. We are planning to make changes to address the Commission's concerns, and will be setting out more detail on any necessary amendments or legislation in due course.
In fairness the new government has only been in power since May 2010, which would not have been enough time to effectively address all of the past failings. However it is good to finally see some progress, especially with TalkTalk now in the firing line of
privacy campaigners over its controversial new URL monitoring system (
here).