Home Office consults on interception law

Home Office consults on interception law

Summary: The UK government wants to tighten privacy and data protection laws after being referred to the European Court of Justice by the European Commission

TOPICS: Security

The government has launched a consultation on UK privacy and interception law, after being referred to the European Court of Justice over its response to behavioural advertising tests.

The Home Office consultation, launched on Wednesday, seeks to clarify the Regulation of Investigatory Powers Act (Ripa) so that people must give explicit consent for companies to intercept communications.

The move comes in response to the European Commission referring the government to the European Court of Justice over inadequate implementation of European data protection law. The case originally stemmed from complaints over secret BT tests of behavioural advertising service Phorm.

Read this

Commission refers UK to court over privacy laws

The European Commission has asked the ECJ to rule on whether the UK's privacy laws are adequate, in a case that began with complaints about BT's trials of Phorm advertising technology

Read more+

The Home Office recognised that UK data protection laws such as Ripa do not adequately transpose European data laws, including the Data Protection Directive and the E-Privacy Directive.

One of the problems lies in Ripa saying that interception of communications is permissible if the organisation performing the interception has "reasonable grounds for believing" that consent has been given. European laws states that consent must be "freely given, specific and informed".

"The current provisions do not provide the required clarity," said the consultation document. "This is because 'reasonable grounds for believing' is open to different interpretations."

In addition, although intentional interception without consent is unlawful for communications service providers (CSPs), unintentional interception without consent is not adequately covered by UK law, said the document.

The government proposed two options for interception without consent: the imposition of a criminal penalty, or a civil penalty. The criminal sanction would carry a maximum fine of £10,000 for interception without consent, unless carried out by police. The civil penalty should also carry a maximum fine of £10,000, and be overseen by the Interception of Communications Commissioner, said the Home Office.

A spokesman for the Internet Service Providers Association (ISPA) said that the industry body was in the process of formulating a response to the Home Office consultation.

The Information Commissioner's Office (ICO), which regulates data protection in the UK, said it too would respond to the consultation. "We will be responding on points where the consultation crosses over into data protection," an ICO spokesman told ZDNet UK on Thursday.

BT caused controversy when it tested Phorm behavioural advertising in two trials in 2006 and 2007 without getting customer consent. "We are aware of the consultation, and will be considering shortly whether we want to contribute," a BT spokeswoman told ZDNet UK.

TalkTalk, which was criticised by the ICO over URL scanning in September, had not responded to a request for comment at the time of writing.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Both options are flawed. The I.C.O. was a player in the attempted cover-up in this criminal act. Let’s not forget that having ruled that it MUST be opt in, and then removed all evidence of that very public decision from the planet. Opting in was then replaced with opting out. That can only be called a cover up. It also shows that perhaps they are not as independent as they are expected to be, and will legalize the illegal if instructed to do so. The whole judiciary from investigation to prosecution has in the last couple of years shown that they can also be manipulated into cover-up mode. The derailed investigation into this crime is a perfect example, along with the Jean Charles de Menezes and Princess Diana killings. The Future of data privacy must involve total independence from government and government departmental influence, and close monitoring from Europe is a must to ensure massive cover-ups such as this are quickly identified.