Feeds

BBC seen to yield over website snooping

Auntie discovered in bed with big brother

Boost IT visibility and business value

The BBC has dropped a controversial tracking system from its UK website after privacy activists complained that it was reporting personal information including their post codes to a US company.

Until recently, the BBC was sending copies of cookies dropped on bbc.co.uk visitors to Visual Sciences, a web analytics operation bought in 2007 by Omniture, a Utah-based online marketing firm.

Posters at NoDPI, an internet privacy forum, noticed the accompanying browser redirects to a server owned by Omniture last September. Further investigation showed information sent by the BBC included each user's IP address and post code, which bbc.co.uk collects to target weather reports and other location-specific content.

A trawl of the BBC's privacy policy revealed it did not disclose that it was handing over post codes and IP addresses to Omniture, prompting complaints to the corporation's Information Policy and Compliance Unit (IPC).

In January the IPC replied that the data sharing was part of an initiative by BBC Worldwide, the national broadcaster's commercial arm, "for the purposes of understanding consumption of the site by country (via GeoIP conversion) and to track consumption based on the number of user sessions".

The NoDPI member who raised the issue, an IT expert who asked not to be named, said: "Information given to Omniture included my IP address, my country, my post code, the dates and times I visited the site, the news stories I read and details of every news video clip I watched. You could derive a great deal of information by mining that data."

"Given that the BBC is supposedly licence-funded in the UK, there was no justification for it to provide an online marketing/behavioural targeting company with this data. For purely statistical purposes, the BBC has its own system."

The IPC argued in its response that because Omniture is based in the US it satisfied EU data protection requirements. But it conceded that the BBC privacy policy should "reflect the processing of IP addresses by this US-based, safe harbour-registered service provider".

But now the BBC has decided to stop sending UK users' data to Omniture altogether. In an email sent on Wednesday, it told the NoDPI member: "The BBC has ceased using Omniture in relation to UK users visiting bbc.co.uk or bbc.com from the UK and this has been achieved via geoIP restriction. This means that BBC Worldwide is still able to report on its international audience but that the bbc.co.uk homepage is unaffected by our commercial subsidiary's use of the Omniture/Visual Sciences product."

The broadcaster added that it had updated its privacy policy to disclose its continued Omniture data sharing to international visitors.

The BBC had not responded to a request from The Register to explain the decision at the time of publication. A spokesman said the relevant executive was unavailable.

The NoDPI member who raised the issue said he was pleased the BBC had seemingly reacted to his privacy worries. "I was particularly concerned because my children are regular users of CBeebies online," he added. In its email, the corporation said children's sites had never been included in its Omniture reporting.

Omniture was at the centre of a controversy early last year over the way Adobe software was reporting user activity to the firm's servers. Creative Suite 3 was connecting to Omniture via an unusual URL (192.168.112.2O7.net - note the capital letter "O") that critics charged was deliberately designed to look like an IP address to avoid suspicion.

Omniture insisted that the URL's construction was innocent, but the episode clinched the firm a poor reputation among internet privacy watchers. ®

Next gen security for virtualised datacentres

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Fast And Furious 6 cammer thrown in slammer for nearly three years
Man jailed for dodgy cinema recording of Hollywood movie
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Ballmer leaves Microsoft board to spend more time with his b-balls
From Clippy to Clippers: Hi, I see you're running an NBA team now ...
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Assange™: Hey world, I'M STILL HERE, ignore that Snowden guy
Press conference: ME ME ME ME ME ME ME (cont'd pg 94)
Call of Duty daddy considers launching own movie studio
Activision Blizzard might like quality control of a CoD film
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?