UK to be tried by European Court for Failing to Implement Data Protection Rules

The European Commission has commenced ‘infringement proceedings’ against the UK government, alleging it has breached EU data protection laws. The decision follows a year-long investigation into whether UK law provides sufficient safeguards against the interception and surveillance of internet traffic.

Concerns were initially raised when the EC received complaints from citizens about a British telecom firm’s use of behavioural advertising. In 2006-2007, BT tested behavioural advertising technology on its broadband users, without the consent of the customers involved in the trial. The advertising system, known as Webwise, was invented by Phorm – a US-based company which specialises in advertising software. Once an ISP has signed up to the service, Webwise is able to ‘trawl’ sites visited by its users in order to build up a profile of the users’ interests and habits. The information can be exploited by advertisers who are then able to target customers on the sites they visit thereafter. What sets Phorm’s technology apart from other behavioural advertising systems, is that it works in conjunction with ISPs, rather than simply relying on data shared between associated websites. Although BT later rejected the technology, and no other UK ISPs are known to have used it since, the UK government failed to give a satisfactory verdict on the legality of the BT trials. It did, however, conclude that the technology itself is legal so long as users have actively given their consent, and web-sites can easily opt out of the system.

Having considered the situation in the UK, the Commission concluded that data protection in the UK is not sufficiently robust to fulfil its obligations under the e-Privacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC. The Commission identified three areas of potential infringement:

(1) The UK has failed to establish an independent national authority to supervise the interception of internet communications.

(2) Current UK law authorises the interception of communications, not only where the persons involved have given their consent, but also where the person intercepting has “reasonable grounds” for believing that consent has been given.

(3) Current UK law only provides sanctions where unlawful interception is “intentional”.

If the Court finds in favour of the Commission, the UK will be obliged to implement the measures necessary to comply with the judgment. If the UK subsequently fails to take the steps required, a financial sanction will be imposed by the Court.


For further reading:

Europa

BBC

The Guardian


By Katey Dixon