The European Commission has started legal action against the UK Government following its failure to protect the privacy of British internet users. The case was instigated following trials of Phorm; a system that analyses an individuals internet traffic and content for the purposes of targeted advertising. UK telecoms giant, British Telecom, has admitted to secretly testing Phorm without user’s consent during 2006 and 2007.
As we reported in March, Sir Tim Berners-Lee addressed members of the UK Government about his fears for internet privacy following the introduction of Phorm and other deep packet inspection systems. Viviane Reding, the European Union Commissioner for Information Society and Media, announced the first stage of the action:
Technologies such as internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules.
A person’s information can only be used with their prior consent. We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored, in exchange for a promise of “more relevant” advertisements. I will not shy away from taking action where an EU country falls short of this duty.
The European Commission has received hundreds of complaints from UK internet users regarding the Phorm trials. Following discussions with the UK Government, the Commission is concerned that personal data is not being adequately protected. Furthermore, there are problems with the way the UK has implemented EU rules regarding the confidentiality of electronic communications:
- Although UK law makes it an offence to unlawfully intercept communications, the scope of this offence is limited to “intentional” interception only.
- According to the same law, interception is considered to be lawful when the interceptor has “reasonable grounds for believing” that consent to interception has been given.
The Commission has given the UK Government two months to respond to their infringement proceeding. Ultimately, the case could be referred to the European Court of Justice for an alleged breach of EU directives.
In addition, both Amazon and Wikipedia have recently announced they are opting out of Phorm’s controversial targeted advertising technology.
Is this the end for deep packet inspection systems? Will it be necessary for more high-profile websites to opt-out? Or is it too late to stop internet traffic snooping?
Craig is a freelance UK web consultant who built his first page for IE2.0 in 1995. Since that time he's been advocating standards, accessibility, and best-practice HTML5 techniques. He's created enterprise specifications, websites and online applications for companies and organisations including the UK Parliament, the European Parliament, the Department of Energy & Climate Change, Microsoft, and more. He's written more than 1,000 articles for SitePoint and you can find him @craigbuckler.