EC takes UK and Phorm to task over privacy

Phorm runs a behavioural marketing service used by several UK ISP's to serve contextual advertisements to ISP subscribers based on their surfing habits.

The service has been the subject of several complaints from privacy groups which claim Phorm's interception of user web surfing traffic is unlawful.

The European Commission says it has been in "extensive" consultations with the UK authorities over the complaints. Concerns remain, its said, around "structural problems in the way the UK has implemented EU rules ensuring the confidentiality of communications."

European Union privacy rules insist its member countries ensure "the confidentiality of communications by prohibiting interception and surveillance without the user's consent."

The Commission wishes the UK to establish an 'independent national supervisory authority' to deal with communications interceptions.

"Technologies like internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules," said EU Telecoms Commissioner Viviane Reding in a statement.

"These rules are there to protect the privacy of citizens and must be rigorously enforced by all Member States.

"We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of EU rules on the confidentiality of communications.

"I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications."

Controversy over Phorm erupted in April 2008 after BT revealed it had tested the service in 2006 and 2007 without informing its users. UK authorities also recieved a significant number of complaints after the ISP launched an invitation-based trial late last year.

The EC says it has the right to commence infringement proceedings against member states under the EC Treaty, and if unresolved can refer cases to the European Union's Court of Justice.

The UK Government has two months to respond to the infringement notice.