Phorm kicks off its next trial

Online profiling and advertising exchange Phorm has started its next trial with partner BT. This stage of Phorm’s rollout was enabled after City Police confirmed that they are taking no further action in their investigation into previous trials, and the Information Commissioner’s Office ruled that Phorm’s service complies with the UK Data Protection Act, subject to ensuring that users opt-in rather than opting out.

Opinions about the trial are mixed: clearly Phorm are delighted at this next stage, although protesters are incensed that it has been allowed to proceed. The trial will involve 10,000 volunteers from BT’s customers. As an aside, Phorm reported increased losses of £13.8m in the first half of 2008 – which sounds enormous, but is not so scary in the context of the sort of burn rates we saw during the dot-com boom.

The most important issue here is whether an IP address can be considered to be Personally Identifiable Information (PII). Much of Europe takes the opinion that IP does count as PII – after all, an ADSL connection can maintain a consistent IP address over a long period, which would permit detailed profiling of the user(s) on that address. The influential Article 29 Working Party thinks IP addresses are PII. The UK, on the other hand, does not treat them as PII.

My concern here is that we will build an ecosystem of influential commercial enterprises that rely on being able to profile IP data without having to worry about the Data Protection Act. Once sufficient companies are involved, they will carry far greater parliamentary influence than protesters and privacy advocates, and it’s going to be very hard indeed to turn back the clock to bring us in line with Europe. The sooner that Parliament faces facts and reviews this situation, the less trouble we will store up for the future.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

the trial is not running, this is just more of the Phorm propaganda in attempt to bolster the shares on the back of another year of them frittering investors monies away on high times and castles in the sky. the business model is dependent on the user ignorantly giving up their privacy and nations handing over their populations rights to that of a smarmy marketeer.
The ICO would not investigate fully my DPA complaint against BT in relation to the 2007 trials because my limited company paid for the broadband connection. "As you may be aware the provisions of the DPA applies only to the processing of personal data, that is information relating to a living individual. Information relating to a limited company would not therefore be covered by the provisions of the DPA." "... the BT account in question in your case was a business account for your limited company. Information relating to an IP address allocated to an account for a limited company is unlikely to constitute your personal data. As it does not appear that personal data has been processed in your case we are not in a position (or under a duty) to assess your case under the DPA." I work from home. I give permission to myself and my family to use the 'broadband connection' for personal use in accordance with Inland Revenue Homeworking guidelines. The DPA is flawed in that it will not protect my family from infringements because the connection is paid for by the business. If, however, I dig out my old 56K modem, connect to the Freeserve dial up account then my DPA rights are protected. If you run your own business, whether a single person IT consultant or a small, medium or large company you will not be protected by the DPA unless you pay for your internet browsing personally.
For me, the "most important issue here is" not IP addresses. Its the mass Copyright theft, and industrial espionage that Phorm conduct. They obtain no copyright consent. They abuse web content. And they gather intelligence about the people who visit a web site, and sell that data to competitors. I'd call that reasonably important. It has the potential to 'revolutionise' the internet alright; leading to widespread use of strong encryption and/or BT internet customers finding themselves excluded from a portion of the internet. Hopefully BT will soon face immense Copyright claims which will add to their already crippling £10Bn debt levels. As for personal privacy issues, a corrupt and/or utterly incompetent government have sacrified the privacy, security, and integrity of UK data communications. Expect email, VOIP, SMS, instant messaging and any other method of unencrypted comms to follow soon in order that your behavioural profile can made more accurate as an 'enhancement' to your service, an enhancement the UK police believe doesn't require BT to seek your consent. Or you could call BT, get your MAC code, and move to a trustworthy ISP now.
William has pointed out the Open Rights Group legal warning that bars Phorm from profiling your website: The contents of this site, and communications between this site and its users, are protected by database right, copyright, confidentiality and the right not to be intercepted conferred by section 1(3) of the UK Regulation of Investigatory Powers Act 2000. The use of those contents and communications by Internet Service Providers or others to profile or classify users of this site for advertising or other purposes is strictly forbidden.