The European Commission (EC) has officially referred the United Kingdom (UK) to the EU's Court of Justice for failing to fully implement its internet and email privacy rules (ePrivacy Directive 2002/58/EC and Data Protection Directive 95/46/EC). The original case was brought after BT angered many by running two secret trials of Phorm technology, which many likened to Spyware, on broadband customers, and without their consent, during 2006 and 2007.


Phorm controversially worked with broadband ISPs, including BT (Webwise), TalkTalk and Virgin Media UK (the last two never reached implementation), to monitor (Deep Packet Inspection) what websites you visited for use in targeted advertising campaigns. BT was the only one to pursue the technology in any kind of practical way. A lengthy campaign against Phorm and related technologies soon began and ultimately resulted in the services major UK supporters scrapping their plans.

However the UK government consistently failed to tackle the problem, which eventually triggered the EC into launching an Infringement Proceeding against the UK during April 2009. EU laws state that member states must ensure the confidentiality of people's electronic communications by prohibiting their unlawful interception and surveillance without the user's consent. These rules were never fully implemented into national UK law.

Summary of Key EU Concerns

1. There is no independent national authority to supervise the interception of some communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications.

2. Current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as "freely given, specific and informed indication of a person’s wishes".

3. Current UK law prohibiting and providing sanctions in case of unlawful interception are limited to ‘intentional’ interception only, whereas EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.

Despite several attempts to resolve this problem the EU has never managed to gain a completely satisfactory response from the UK government, both old and new. This is particularly concerning because the new coalition government had pledged to crack down on state surveillance and toughen related regulation to prevent abuse.


In fairness the new government has only been in power since May 2010, which would not have been enough time to effectively address all of the past failings. However it is good to finally see some progress, especially with TalkTalk now in the firing line of privacy campaigners over its controversial new URL monitoring system (here).