Home Office consults on interception law

Summary:The UK government wants to tighten privacy and data protection laws after being referred to the European Court of Justice by the European Commission

The government has launched a consultation on UK privacy and interception law, after being referred to the European Court of Justice over its response to behavioural advertising tests.

The Home Office consultation, launched on Wednesday, seeks to clarify the Regulation of Investigatory Powers Act (Ripa) so that people must give explicit consent for companies to intercept communications.

The move comes in response to the European Commission referring the government to the European Court of Justice over inadequate implementation of European data protection law. The case originally stemmed from complaints over secret BT tests of behavioural advertising service Phorm.

The Home Office recognised that UK data protection laws such as Ripa do not adequately transpose European data laws, including the Data Protection Directive and the E-Privacy Directive.

One of the problems lies in Ripa saying that interception of communications is permissible if the organisation performing the interception has "reasonable grounds for believing" that consent has been given. European laws states that consent must be "freely given, specific and informed".

"The current provisions do not provide the required clarity," said the consultation document. "This is because 'reasonable grounds for believing' is open to different interpretations."

In addition, although intentional interception without consent is unlawful for communications service providers (CSPs), unintentional interception without consent is not adequately covered by UK law, said the document.

The government proposed two options for interception without consent: the imposition of a criminal penalty, or a civil penalty. The criminal sanction would carry a maximum fine of £10,000 for interception without consent, unless carried out by police. The civil penalty should also carry a maximum fine of £10,000, and be overseen by the Interception of Communications Commissioner, said the Home Office.

A spokesman for the Internet Service Providers Association (ISPA) said that the industry body was in the process of formulating a response to the Home Office consultation.

The Information Commissioner's Office (ICO), which regulates data protection in the UK, said it too would respond to the consultation. "We will be responding on points where the consultation crosses over into data protection," an ICO spokesman told ZDNet UK on Thursday.

BT caused controversy when it tested Phorm behavioural advertising in two trials in 2006 and 2007 without getting customer consent. "We are aware of the consultation, and will be considering shortly whether we want to contribute," a BT spokeswoman told ZDNet UK.

TalkTalk, which was criticised by the ICO over URL scanning in September, had not responded to a request for comment at the time of writing.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.