UK failed to protect privacy over Phorm, says EC

UK failed to protect privacy over Phorm, says EC

Summary: The European Commission is pursuing privacy-infringement proceedings against the government, saying UK privacy law does not comply with European legislation

SHARE:
TOPICS: Security
3

The UK government has failed to implement adequate communications privacy legislation and must take steps to strengthen privacy safeguards, the European Commission has found.

The Commission on Thursday went to the second stage of privacy infringement proceedings against the UK government, saying the government had not adequately enacted European privacy laws.

Commission spokesperson Martin Selmayr told ZDNet UK that the Commisision initially launched its infringement action following complaints from UK citizens. Members of the public and privacy campaigners approached the Commission after the UK government declined to take action following secret trials of behavioural advertising by BT in 2006 and 2007, which BT performed without gaining customer consent. BT had been trialling advertising technology from a company called Phorm.

"The Commission got many complaints from citizens and via email, and MEPs asked parliamentary questions. Our attention was drawn to that in quite a substantial way," said Selmayr."It's clear the Commission had to take action. This is the last chance [for the UK] to settle the matter."

Information commissioner Viviane Reding said in a statement on Thursday that the aim of the Commission was to bring about a change in UK law.

"People's privacy and the integrity of their personal data in the digital world is not only an important matter, it is a fundamental right, protected by European law," Reding said. "I therefore call on the UK authorities to change their national laws to ensure that British citizens fully benefit from the safeguards set out in EU law concerning confidentiality of electronic communications."

The Commission said the UK had failed to comply with both the European e-Privacy Directive and the Data Protection Directive. Selmayr said that, specifically, the UK had failed to form an independent national authority to supervise the interception of communications.

The Commission also criticised the Regulation of Investigatory Powers Act (Ripa) as it does nor require that people give informed, specific consent to their communications being intercepted for purposes such as behavioural advertising, while sanctions under Ripa only apply when unlawful interception is intentional rather than simply being unlawful.

The part of UK government responsible for Ripa is the Home Office. A Home Office spokesperson told ZDNet UK on Thursday that the government had received a letter from the Commission regarding the data-protection action.

"We are firmly committed to protect users' privacy and data," said the spokesperson. "We are considering the Commission's letter, and will respond in due course."

The UK government now has two months to respond to the letter. Should the Commission be dissatisfied by the UK response, it will launch proceedings against the UK government in the European Court of Justice (ECJ).

"If the UK government signals that it will start to change the law, we can stay the proceedings and wait for the legislative process to be completed", said Selmayr. "But the EU community is based on the rule of law. If the European Court of Justice becomes involved and says the UK violated the law, it is possible to ask for financial penalties."

The Commission launched the infringement proceedings against the UK in April 2009, after the Information Commissioner's Office, the UK government, the UK police and the Crown Prosecution Service said BT had not infringed UK law by performing the trials.

Privacy campaigner Alex Hanff, who pushed for a UK prosecution of Phorm and BT over the trials, welcomed the Thursday's announcement, but called it "a double-edged sword".

"It's good news that the Commission is upholding our rights, but it's disappointing it's taken the EC to do that — the UK government should already be upholding our rights," said Hanff. "If the case goes to the ECJ, it's the UK taxpayer that will foot the bill."

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Its about time..

    This government got a slap for its unconscious selfishness actions, weather they are fined or not it happened because they failed to safeguard us the UK population in the first place.
    CA-aba1d
  • New Labour Policies & The Home Office

    A standard behaviour of the present Government and, particularly, the Home Office has been to over regulate with complete disregard to the effects on, or wishes of,the citizens of this country.
    Not only do we need to remove the present poloiticians, but a great many of the permanent under secretaries need to go from public service.
    hampshirehog
  • New Labour Policies & The Home Office

    A standard behaviour of the present Government and, particularly, the Home Office has been to over regulate with complete disregard to the effects on, or wishes of,the citizens of this country.
    Not only do we need to remove the present poloiticians, but a great many of the permanent under secretaries need to go from public service.
    hampshirehog