The European Commission has called upon the UK government to reform its data protection laws.
The EC alleges that the government failed to protect the privacy of British internet users by not calling a halt to trials of the controversial web-analytics service Phorm.
Phorm uses deep packet inspection to deliver targeted advertising based on browsing habits, a methodology that is in breach of European data privacy laws, the EC claims.
Faced with a deluge of complaints last year over the secret tracking trials, the City of London police claimed that BT customers had given ‘implied consent’ to the provider and moreover, there was a lack of criminal intent.
However, the UK’s Information Commissioner’s Office indicated that Phorm would only be legal were it explicitly an ‘opt-in’ service, while an EC spokesman said the UK government should fine the companies involved.
The European Union’s Commissioner for Information Society and Media, Viviane Reding, acknowledged in a statement that while “technologies such as internet behavioural advertising can be useful for businesses and consumers”, but added that “they must be used in a way that complies with EU rules. These rules are there to protect the privacy of citizens and must be rigorously enforced by all member states.”
Her video message on the EC’s website was somewhat sharper. “In spite of the many advantages of technological development, there is an undeniable risk that privacy is being lost to the brave new world of intrusive technologies,” she said.
“A person’s information can only be used with their prior consent. We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored, in exchange for a promise of more relevant advertisements.”
"I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications," said Reding. "This should allow the UK to respond more vigorously to new challenges to e-privacy and personal data protection, such as those that have arisen in the Phorm case. It should also help reassure UK consumers about their privacy and data protection while surfing the internet."
Unless the UK government makes a satisfactory response within two months, Reding can make one further request for a change in the law. Following that, the dispute may well go to court.
“European privacy rules are crystal clear,” said Reding. “I will not shy away from taking action where an EU country falls short of this duty.”