The European Commission is taking the UK to court over problems with the UK's implementation of EU ePrivacy and personal data protection rules.
EU countries must ensure, among other things, the confidentiality of communications by prohibiting interception and surveillance without the user's consent. Phorm critics believe Phorm's technology breaches this requirement, hence making its use illegal.
BT has trialled Phorm three times, twice without users' knowledge, and once publically. It has not revealed the results of the trials.
The commission wrote to the UK government last year to ask whether Phorm or its customers breached the law. A study by several government departments, including the Information Commissioners' Office, concluded that Phorm's operation was legal, provided that users were given notice of it, and were required to "opt in" to receive advertisements served by Phorm as they surfed the web.
EU Telecoms Commissioner Viviane Reding said, "We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of EU rules on the confidentiality of communications."
She called on the UK to change its national laws and to ensure that national authorities were duly empowered and had "proper sanctions" available to enforce EU legislation on the confidentiality of communications.
"This should allow the UK to respond more vigorously to new challenges to ePrivacy and personal data protection such as those that have arisen in the Phorm case. It should also help reassure UK consumers about their privacy and data protection while surfing the internet," she said.
The European Commission analysed the UK's answers on Phorm and concluded there are structural problems in the way the UK has implemented EU rules ensuring the confidentiality of communications.
It said that under UK law, which is enforced by the UK police, it is an offence to unlawfully intercept communications. But this is limited to "intentional" interception only.
It said UK law also considers interception to be lawful when the interceptor has "reasonable grounds for believing" that consent to interception has been given.
The European Commission was also concerned that the UK does not have an independent national supervisory authority to deal with such interceptions.
Reding said technologies such as internet behavioural advertising could be useful for businesses and consumers but they had to comply with EU rules. "These rules are there to protect the privacy of citizens and must be rigorously enforced by all member states," she said.
Phorm technology works by constantly analysing customers' web surfing to determine users' interests and then deliver targeted advertising to users when they visit certain websites.
The UK has two months to reply to this first stage of an infringement proceeding, the letter of formal notice sent today. If the European Commission receives no reply, or if the observations presented by the UK are not satisfactory, the European Commission may decide to issue a reasoned opinion (the second stage in an infringement proceeding). If the UK still fails to fulfil its obligations under EU law after that, the European Commission will refer the case to the European Court of Justice.