[JURIST] The European Commission (EC) [official website] formally notified [press release] the UK Tuesday that it is starting infringement proceedings [EC backgrounder] against the UK for failure to follow EU Internet privacy and data protection rules [text]. The commission specifically referred to "Phorm" [BBC report], an internet technology used by UK Internet service providers (ISPs) to monitor user web-surfing habits and deliver personalized advertising without the user's consent. The program was stopped after public outrage [Guardian report], but the EC said it was unsatisfied with the official response to "Phorm" and pointed that out weak UK laws meant that the authorities could do little to actively protect user privacy. In calling for an overhaul of the UK laws, the EC said:
Under UK law, which is enforced by the UK police, it is an offence to unlawfully intercept communications. However, the scope of this offence is limited to 'intentional' interception only. Moreover, according to this law, interception is also considered to be lawful when the interceptor has 'reasonable grounds for believing' that consent to interception has been given. The Commission is also concerned that the UK does not have an independent national supervisory authority dealing with such interceptions.The infringement proceedings give the UK two months to change their laws to comply with EU regulations. If the UK fails to respond, the commission may then issue a "reasoned opinion" in the matter, and finally, if necessary, refer the matter to the European Court of Justice (ECJ) [official website].
Initially, the UK government had said that "phorm" was legal and compliant [BBC report] with British and EU telecommunication laws. According to that source report, British Telecom (BT) [corporate website] had used the technology to track approximately 36,000 Internet users as they surfed the web in 2006 and 2007. Other UK ISPs, including Virgin Media [corporate website] and Talk Talk were set to deploy the technology before the news broke.