The Commission's investigation was sparked by outrage over
trials by BT of a system which monitors web use and tries to match
advertising to people's perceived interests. The trials were done
without BT customers' knowledge or permission.
The Commission has investigated complaints made to it and to
police and has found the UK's laws inadequate in protecting the
privacy of communications.
"The Commission has concerns that there are structural problems
in the way the UK has implemented EU rules ensuring the
confidentiality of communications," said a Commission
statement.
BT used technology made and promoted by Phorm to track users'
online activity. It has since run trials in which it did ask users'
permission. The Commission said that BT's trials have been the
subject of complaints to privacy regulator the Information
Commissioner's Office (ICO) and to police.
The Commission believes that UK laws do not properly implement
two Directives aimed at protecting privacy, the Privacy and
Electronic Communications Directive and the Data Protection
Directive.
The Privacy and Electronic Communications Directive outlaws
interception and surveillance of communication without either the
user's permission or a legalising process, such as a warrant. The
Data Protection Directive sets out rules for how personal data
should be collected and used, requiring the permission or in some
cases just the informing of a person, depending what data is
collected and why.
The Commission said that the laws stemming from these Directives
do not properly cover all interceptions, that their definitions of
'consent' are inadequate, and that the lack of an independent
supervising authority for interception is a worry.
"Under UK law, which is enforced by the UK police, it is an
offence to unlawfully intercept communications," said the
Commission statement. "However, the scope of this offence is
limited to ‘intentional’ interception only. Moreover, according to
this law, interception is also considered to be lawful when the
interceptor has ‘reasonable grounds for believing’ that consent to
interception has been given."
The Commission has begun proceedings against the UK for its
alleged inadequate protection of telecoms users' privacy.
"Technologies like internet behavioural advertising can be
useful for businesses and consumers but they must be used in a way
that complies with EU rules," said EU Telecoms Commissioner Viviane
Reding. “These rules are there to protect the privacy of citizens
and must be rigorously enforced by all Member States."
"We have been following the Phorm case for some time and have
concluded that there are problems in the way the UK has implemented
parts of EU rules on the confidentiality of communications," said
Reding. "I call on the UK authorities to change their national laws
and ensure that national authorities are duly empowered and have
proper sanctions at their disposal to enforce EU legislation on the
confidentiality of communications."
The Commission's actions come after it had quizzed UK
authorities about the action they took in the wake of complaints
about Phorm's technology. It said that once it had analysed UK
authorities' responses it realised there were "structural problems"
in the way the UK has implemented the EU laws.
Reding said that law changes were necessary. "This should allow
the UK to respond more vigorously to new challenges to ePrivacy and
personal data protection such as those that have arisen in the
Phorm case. It should also help reassure UK consumers about their
privacy and data protection while surfing the internet," she
said.
The UK has two months in which to issue a response to the
claims. If it does not respond at all to the process the Commission
can take the case to the European Court of Justice (ECJ).
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
