Advertisement
Promo

Security threats Toolkit

UK failed to protect privacy over Phorm, says EC

Tom Espiner ZDNet UK

Published: 29 Oct 2009 17:54 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The UK government has failed to implement adequate communications privacy legislation and must take steps to strengthen privacy safeguards, the European Commission has found.

The Commission on Thursday went to the second stage of privacy infringement proceedings against the UK government, saying the government had not adequately enacted European privacy laws.

Commission spokesperson Martin Selmayr told ZDNet UK that the Commisision initially launched its infringement action following complaints from UK citizens. Members of the public and privacy campaigners approached the Commission after the UK government declined to take action following secret trials of behavioural advertising by BT in 2006 and 2007, which BT performed without gaining customer consent. BT had been trialling advertising technology from a company called Phorm.

"The Commission got many complaints from citizens and via email, and MEPs asked parliamentary questions. Our attention was drawn to that in quite a substantial way," said Selmayr."It's clear the Commission had to take action. This is the last chance [for the UK] to settle the matter."

Information commissioner Viviane Reding said in a statement on Thursday that the aim of the Commission was to bring about a change in UK law.

"People's privacy and the integrity of their personal data in the digital world is not only an important matter, it is a fundamental right, protected by European law," Reding said. "I therefore call on the UK authorities to change their national laws to ensure that British citizens fully benefit from the safeguards set out in EU law concerning confidentiality of electronic communications."

The Commission said the UK had failed to comply with both the European e-Privacy Directive and the Data Protection Directive. Selmayr said that, specifically, the UK had failed to form an independent national authority to supervise the interception of communications.

The Commission also criticised the Regulation of Investigatory Powers Act (Ripa) as it does nor require that people give informed, specific consent to their communications being intercepted for purposes such as behavioural advertising, while sanctions under Ripa only apply when unlawful interception is intentional rather than simply being unlawful.

The part of UK government responsible for Ripa is the Home Office. A Home Office spokesperson told ZDNet UK on Thursday that the government had received a letter from the Commission regarding the data-protection action.

"We are firmly committed to protect users' privacy and data," said the spokesperson. "We are considering the Commission's letter, and will respond in due course."

The UK government now has two months to respond to the letter. Should the Commission be dissatisfied by the UK response, it will launch proceedings against the UK government in the European Court of Justice (ECJ).

"If the UK government signals that it will start to change the law, we can stay the proceedings and wait for the legislative process to be completed", said Selmayr. "But the EU community is based on the rule of law. If the European Court of Justice becomes involved and says the UK violated the law, it is possible to ask for financial penalties."

The Commission launched the infringement proceedings against the UK in April 2009, after the Information Commissioner's Office, the UK government, the UK police and the Crown Prosecution Service said BT had not infringed UK law by performing the trials.

Privacy campaigner Alex Hanff, who pushed for a UK prosecution of Phorm and BT over the trials, welcomed the Thursday's announcement, but called it "a double-edged sword".

"It's good news that the Commission is upholding our rights, but it's disappointing it's taken the EC to do that — the UK government should already be upholding our rights," said Hanff. "If the case goes to the ECJ, it's the UK taxpayer that will foot the bill."

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
11 out of 14 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

3 comments

  1. Its about time.. CA
  2. New Labour Policies & The Home Office 1000215420
  3. New Labour Policies & The Home Office 1000215420

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:












Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment

Watchdog reveals illegal sale of phone...

The Information Commissioner's Office is preparing a prosecution file against a mobile operator's employees who allegedly sold on thousands of customers' details to a competitor. The... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters