Home » Topics » Cybersecurity » EC threatens to take UK to court over Phorm trials

EC threatens to take UK to court over Phorm trials

by Stefano Maruzzi

The European Commission has called upon the UK government to reform its data protection laws.

The EC alleges that the government failed to protect the privacy of British internet users by not calling a halt to trials of the controversial web-analytics service Phorm.

Phorm uses deep packet inspection to deliver targeted advertising based on browsing habits, a methodology that is in breach of European data privacy laws, the EC claims.

Brussels expressed particular concern over alleged secret trials that BT conducted with Phorm in 2006, profiling 18,000 broadband customers. A report documenting a second secret trial was leaked last year. That report suggested that over 18 million page requests made by BT customers had ad-serving JavaScript embedded into the responses.

Faced with a deluge of complaints last year over the secret tracking trials, the City of London police claimed that BT customers had given ‘implied consent’ to the provider and moreover, there was a lack of criminal intent.

However, the UK’s Information Commissioner’s Office indicated that Phorm would only be legal were it explicitly an ‘opt-in’ service, while an EC spokesman said the UK government should fine the companies involved.

The European Union’s Commissioner for Information Society and Media, Viviane Reding, acknowledged in a statement that while “technologies such as internet behavioural advertising can be useful for businesses and consumers”, but added that “they must be used in a way that complies with EU rules. These rules are there to protect the privacy of citizens and must be rigorously enforced by all member states.”

Her video message on the EC’s website was somewhat sharper. “In spite of the many advantages of technological development, there is an undeniable risk that privacy is being lost to the brave new world of intrusive technologies,” she said.

“A person’s information can only be used with their prior consent. We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored, in exchange for a promise of more relevant advertisements.”

"I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications," said Reding. "This should allow the UK to respond more vigorously to new challenges to e-privacy and personal data protection, such as those that have arisen in the Phorm case. It should also help reassure UK consumers about their privacy and data protection while surfing the internet."

Unless the UK government makes a satisfactory response within two months, Reding can make one further request for a change in the law. Following that, the dispute may well go to court.

“European privacy rules are crystal clear,” said Reding. “I will not shy away from taking action where an EU country falls short of this duty.”

Related Topics

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise