UK gov't rubber-stamps Phorm technology

In a response to EC queries regarding the ad-serving technology, the government has given its approval for future use but has not addressed questions over the legality of previous BT Phorm trials

The UK government has said it is confident that future Phorm ad-serving technology will conform to UK privacy and data protection laws, but has not commented on the legality of past Phorm trials.

The government gave this response to a letter sent by the European Commission in July, which queried the legality of two trials of Phorm's ad-serving technology by BT. The Commission was particularly concerned with the issues of whether BT customers had given their consent to the trials, and whether there had been any breaches of EU and UK law concerning interception of communications.

The UK government response, given by the Department of Business, Enterprise, and Regulatory Reform (BERR) on Monday, did not address the past trials, but merely covered future uses of the technology.

"The possible future use of Phorm technology has raised material concerns in this area and the UK authorities are working to ensure that, if it is introduced into the market for internet-based advertising services, this is done in a lawful, appropriate and transparent fashion," said BERR's statement. "After conducting its enquiries with Phorm, the UK authorities consider that Phorm's products are capable of being operated in this fashion."

Phorm's technology tracks visits to websites to build a profile of an anonymised user. BERR said Phorm's technology would comply with UK law if it met a number of criteria, including user profiling occurring with the knowledge and agreement of the customer.

At the time of writing, BERR declined to comment as to why its response had not addressed questions over the legality of the previous BT Phorm trials, which were conducted without the consent of customers. However, understands BERR has gathered responses from a number of government departments and enforcement agencies, including the Information Commissioner's Office (ICO), which is responsible for safeguarding data and privacy laws.

The ICO had not responded to a request for comment at the time of writing.

The Commission letter addressed two trials by BT — one in 2006 and one in 2007 — which security experts and campaigners say contravened several UK laws, including the Regulation of Investigatory Powers Act (RIPA), the Privacy and Electronic Communications Regulations (PECR), and the Data Protection Act (DPA).

The ICO is responsible for enforcing breaches of privacy and data laws. However, the ICO told in June that it would not be investigating the BT Phorm trials further.

The Commission told on Tuesday that it had received BERR's response, and was analysing the legal situation. "The Commission confirms that we received yesterday a reply from the UK authorities to our letter of 3 July regarding the use of the Phorm technology in the UK," said information society spokesperson Martin Selmayr. "The Commission services are currently analysing the reply and preparing a legal assessment of the situation."

Selmayr told in June that, to challenge a legal decision by a sovereign government or agency such as the ICO, the Commission must be convinced that a "serious mistake" had been made.

BT declined to comment on BERR's response. A BT spokesperson confirmed that further BT trials of Phorm technology would happen "soon", and said the delays to the trials, which have been "in the coming weeks" since April, were due to technical rather than legal reasons.

A Phorm spokesperson said: "The UK government's position on Phorm's technology reflects our common commitment to transparency and superior standards of online privacy. We will continue to engage with stakeholders from regulators to consumers and are excited about demonstrating how our system will benefit all of them by introducing a new way to help fund the future of the internet and its richness and diversity."