Skip to main content

European Commission Sues Britain Over Phorm and Internet Privacy

European Commission Sues Britain Over Phorm and Internet Privacy

The European Commission has launched an infringement case against the United Kingdom over Phorm behavioral advertising technology, saying the technology violates EU ePrivacy and personal data protection rules in the ways it targets online advertisements at individual Internet users.

“We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of EU rules on the confidentiality of communications,” said EU Telecoms commissioner Viviane Reding, in a statement. “Technologies like internet behavioral advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules. These rules are there to protect the privacy of citizens and must be rigorously enforced by all Member States.”

Phorm’s ad-serving technology aims to deliver highly-targeting advertising to individual Internet users using deep packet inspection: essentially, working in partnership with ISPs, Phorm looks at the content of essentially every bit of information destined for particular Internet users, analyses it, and then serves ads from its inventory to those users based on perceived similarities between the offered goods and services and a user’s online usage. Phorm maintains the data it collects are completely anonymous and cannot be tracked back to individual Internet users; nonetheless, Phorm’s technology has sparked controversy among technologists and consumer activists objecting to inspection and surveillance of their Internet usage.

Last year, BT admitted to conducting limited tests of Phorm technology in 2006 and 2007 without informing its customers; it also conducted an invitation-only test of Phorm at the end of 2008.

Britain has two months to respond to the charges. The European Commission is calling on the UK to change its laws to honor EU confidentiality rules; in particular, the EC is concerned that under UK regulations interception of Internet traffic is considered legal of an ISP could reasonably believe consent had been given. The EC is also concerned the UK does not have a national regulatory authority to deal with the technology and privacy issues.

If the UK does not comply, the EC can bring the matter to the European Court of Justice, which, in theory, could force the UK to change its laws.

Editors' Recommendations