EU Challenges UK Over Internet Privacy Invasion

BRUSSELS, Belgium -- The European Commission launched legal action Tuesday against the British government over Internet advertising tracker Phorm, which it claims violates EU data privacy laws.

According to The Times in Britain, Internet Service Provider BT covertly used the controversial user-tracker several years ago. Phorm monitors a user's surfing habits and provides the information to clients for targeted advertising.

Viviane Reding, the European Union's Commissioner for Information Society and Media, announced the first round of legal moves Tuesday.

"Technologies such as Internet behavioral advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules," Reding said in a statement, The Times reports. "These rules are there to protect the privacy of citizens and must be rigorously enforced by all member states."

The European Commission claims BT conducted trials in 2006 and 2007 without the consent or knowledge of users and then followed with invitation-only trials last year, all of which has drew an uproar within the UK, including "hundreds of complaints" made to the EU.

"I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications," Reding said.

The UK signed on to EU ePrivacy Directive in 2002, which took effect in October 2003. But the European Commission said British laws are not matching up to the directive.

UK law makes it illegally to unlawfully intercept communications, but it's limited to "intentional" interception only, which is seen as too gray an area for Phorm and similar tracking services to sneak in. 

The EU privacy directive states user consent must be "freely given, specific, and informed", and also requires EU member states -- which includes Britain -- to impose sanctions should rules be violated.

London law enforcement declined to step in last year over the BT-Phorm trial, because of "implied consent" from ISP users and a lack of criminal intent on the part of either company.

The EC believes both companies should have been fined for their surreptitious actions. The UK government has two months to respond to the charges, which could ultimately lead to a decision in the European Court of Justice as well as daily fines.

In her weekly video message via the EC website, Reding lashed out further.

"Privacy is a particular value for us Europeans; a value reflected in European laws for many years." she said. "However, in spite of the many advantages of technological development, there is an undeniable risk that privacy is being lost to the brave new world of intrusive technologies. On the global information highways, personal information is increasingly becoming 'the new currency.' And I believe that Europeans... must have the right to control how their personal information is used."

"European privacy rules are crystal-clear," she continued. "A person's information can only be used with their prior consent. We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored, in exchange for a promise of 'more relevant' advertisements. I will not shy away from taking action where an EU country falls short of this duty."

In a related move, EU regulators also are considering proposals to order social networking sites such as Facebook or MySpace to hide minors' profiles from search engines, contending that protected the privacy of all minors is even more urgent than protecting adults.

The Times said Phorm has been investigated by UK police and government agencies because of privacy concerns. Meanwhile, its service has brought agreements with not only BT, but UK telecoms Virgin Media and TalkTalk, though no company has fully introduced the tracking system.

The Wall Street Journal reports English-based Phorm responded to the EC action Tuesday stating, "Phorm's technology is fully compliant with U.K. legislation and relevant European Union directives. We note that there is no suggestion to the contrary in the commission's statement."

The company also claimed it receives consent from users and does not store personal data or browsing histories.

Britain's Information Commissioner's Office would not comment on the EU actions.