The European Commission is threatening to take the UK to
courtover itsfailure to protect consumers' online
privacy.
The Home Office said in response: "We are firmly committed to
protecting users' privacy and data. We are considering the
commission's letter and will respond in due course."
The exchange of letters is a sequel to earlier disquiet at the
commission over the UK's tolerance of
deep packet inspection technology sold by behavioural marketing
technology supplier Phorm.
The European Commission said the UK implementation of EU rules
on online data protection fell down in three ways.
There was no independent national authority to supervise
interception of communications, in particular to hear complaints
regarding interception of communications, as required.
The current UK law (the Regulation of Investigatory Powers Act
2000 or RIPA) authorises interception of messages where the
interceptor has reasonable grounds for believing the person has
opted in to have his or her messaged intercepted. EU rules required
consent to be freely given, specific and informed, the commission
said in a statement.
RIPA prohibits and provides sanctions against unlawful,
intentional interception only. EU law sanctions against any
unlawful interception, intentional or not.
BT ran secret tests on its internet subscribers using Phorm's
technology.
When the tests were exposed it created a controversy. BT,
Virgin Media and others who were considering using Phorm's
technology subsequently ditched their plans.
Targeting advertising based on a user's online behaviour has
attracted controversy around the world. It is the basis for
Google's AdWords and similar advertisement-serving
technology.
The US
Federal Trade Commission has issued guidelines on the issue, as
has the UK Internet Advertising Bureau (IAB). Those
complying with the IAB's guidelines include AOL, Google,
Microsoft/MSN and Yahoo, while those signed up to support the
IAB's principles include Phorm and 24/7 Real Media.
Nick Stringer, head of regulatory affairs at the IAB, said
consumer information should be clear and explicit about how to deal
with served advertising, show how to switch it off, and how to opt
out of receiving it.
The IAB has set up a dedicated website,
youronlinechoices.com,
where consumers can opt out of receiving advertisements.
Consumers who want to opt out of receiving targeted advertising
can also go to the
Network
Advertising Initiative (NAI) where they can delete scores of
tracker cookies (small programs that tell the advertiser where you
go online) at a single click.
This may give temporary relief from unwanted advertising.
Companies that build internet routers and switches are
building deep packet inspection tools into the hardware of next
generation equipment.
This will make it easier for internet service providers to see
what content their servers carry, and who sends and receives it.
They could then sell this information to advertisers or give it to
law enforcement officials when they detect unlawful content or
suspicious users.
Video – Online privacy: industry
self-regulation in practice