EC Sues The UK Over Phorm Privacy Failure

The government is being sued by the European Commission over its failure to act against BT over its use of Phorm, a scanning software that builds a profile of users habits and interests. The application scans for keywords on websites visited and then assigns relevant ads.

The EC has accused the government of privacy violations through oversight of loopholes in UK legislation. If the government loses the case, it will be fined millions of pounds per day until UK law is brought in line with EC standards.

Home Office In The Dock

The Home Office is now faced with a case referral to the European Court of Justice because the EC’s patience has worn thin after 18 months of negotiations. The full statement from the European Commission has been published.

The problem lies in the fact that that BT performed trials without the consent of its customers and the EC has argued that the failure of the government to take action contravenes the Data Protection Directive and the ePrivacy Directive. The problem is that there is no legal mechanism in place to allow action to be initiated.

BT customers who complained to the Information Commissioner were told that the department had no powers to investigate. The only other body to approach was the Investigatory Powers Tribunal but this only acts when data is intercepted by governments. There is no middle ground.

The EC is highly critcal of the Regulation of Investigatory Powers Act (RIPA). This UK law allows commercial interception of data when a company believes it has “reasonable grounds” to believe that consent has been given. The Commission pointed out that the Act allowed the City of London police to drop their investigation of the BT trials merely because BT said it believed it had customers’ consent.

Jim Killock, executive director of the Open Rights Group, said, “This is great news. Phorm showed there are big holes in the UK privacy laws. We need an official body to deal with citizens’ complaints about illegal commercial interception and enforce our legal privacy rights. More and more technologies can break our privacy rights. UK law needs to provide real protection.”