Feeds

EU mulls intervention over BT's secret Phorm trials

Your views sought

Beginner's guide to SSL certificates

The European Commission is considering intervening over the failure of UK data watchdogs to punish BT for the way it secretly co-opted tens of thousands of customers into trials of Phorm's profiling system to serve them targeted advertising.

At the end of May, the Information Commissioner's Office told Stephen Mainwaring, whose web browsing was tapped and profiled during the 2007 trial, that it would not pursue BT over alleged breaches of the European Privacy and Electronic Communications Regulations (PECR).

The ICO's letter claims that because it would have been hard for BT to explain to customers what it was doing with their broadband connections, regulators should let the secret trials pass. "Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT," the regulator wrote.

Now however, the European Commission is considering calling BT to account in lieu of a domestic response. A European Commission spokeswoman told The Register on Monday: "We are continuing to monitor this closely. If need be we will take action."

People who feel strongly about the trials or believe they were unwittingly profiled in 2006 or 2007 should write to Viviane Reding, the European Commissioner for Information Society and Media, the spokeswoman said. The Downing Street petition calling for government action has now passed the 14,000 signature mark.

Reding's spokesman told The Register: "This is first of all a matter for the UK authorities to deal with, as it is their responsibility to apply EU law in the UK."

"In case of incorrect application of EU data protection law by a national authority, the Commission could start infringement proceedings against the country concerned." He wrote that the European Commission does not currently have "indications that the UK authorities, in assessing the Phorm case, would have acted illegally".

Mainwaring now intends to approach Reding unless he receives a satisfactory response from the ICO to a complaint he has sent to it detailing objections to its response. He has asked regulators to reconsider their view that "there is no evidence that the trials generally involved significant detriment to individuals, or privacy risks to individuals". Mainwaring says he lost countless business hours attempting to identify the cause of unsusal activity on his BT Business broadband line, having been told by BT he most likely had a spyware infection.

He told us: "I believe the ICO is failing in its duty to protect personal information."

In a statement, the European Commission said: "The ePrivacy Directive [PECR] obliges Member States to ensure the confidentiality of communications and related traffic data through national legislation. In particular, they are required to prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than the users without their consent, which must be freely given, specific and informed indication of the user's wishes."

Anti-Phorm campaigners are set to picket BT's Annual General Meeting at the Barbican in London on the morning of 16 July. They will later hand a dossier of evidence to the Metropolitan Police in the hope that a criminal investigation will be launched under the Regulation of Investigatory Powers Act and Computer Misuse Act. Among the documents to be turned over is the internal BT report on the 2006 experiment that we revealed in April.

Conservative peer David Carnegie, the Earl of Northesk, backed the campaigners' bid to have BT fully investigated. "On the face of it the spirit if not the letter of the law has been breached," he said. "Criminally, I hasten to add. What's the point of having laws if they are not going to be enforced?"

He said that although police are under-resourced to deal with breaches of communications and computer laws, the BT trials are too significant an issue to be ignored.

BT maintains its statement that the advice it took ahead of the trials said they would be legal. Despite the ICO's view that it is impossible, BT aims to explain to customers what the Phorm "Webwise" system does when it begins a third trial, this time with permission, at some unspecified date soon. ®

Intelligent flash storage arrays

More from The Register

next story
TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'
iPhones bent in Norwich? As if the place wasn't weird enough
Consumers agree to give up first-born child for free Wi-Fi – survey
This Herod network's ace – but crap reception in bullrushes
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
Sea-Me-We 5 construction starts
New sub cable to go live 2016
New EU digi-commish struggles with concepts of net neutrality
Oettinger all about the infrastructure – but not big on substance
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
Surprise: if you work from home you need the Internet
Buffer-rage sends Aussies out to experience road rage
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.