BT Could Face Criminal Action in the U.K. After Phorm Trials
U.K. Crown Prosecution Service mulls over suggestions that BT broke data protection laws.
U.K. Crown Prosecution Service mulls over suggestions that BT broke data protection laws.
Following BT’s secret trials of network-level behavioral targeting technology provided by Phorm, the U.K.’s Crown Prosecution Service said it is now considering legal action against the British Internet service provider.
Phorm effectively withdrew from the U.K. market last year following the collapse of relationships with ISPs there, but the CPS scrutiny is in relation to trials of the technology carried out by BT in 2006 and 2007 without the knowledge or consent of its customers. Privacy advocates submitted complaints to the CPS claiming that action breached the Regulation of Investigatory Powers Act (RIPA), which concerns the illegal interception of online communications.
In a statement, the CPS said it is “working hard to review the evidence in this legally and factually complex matter,” adding, “we are giving the matter meticulous attention and will reach a proper and considered decision as soon as it is possible for us to do so.”
Phorm’s technology tracks users’ surfing habits via their ISP in order to deliver behaviorally-targeted ads. The company claims user data is observed entirely anonymously, and the system does not log or store any personal information or IP addresses at any point.
Despite vocal objection from privacy advocates, U.K. regulators eventually decided Phorm’s technology could be implemented legally in the U.K., in line with RIPA, as long as it was done so with the informed consent of users. BT did not gain consent for its initial trials — which privacy advocates claim is a breach of data protection laws.
The CPS spokesperson stated, “We have requested various pieces of expert and technical evidence, some of which we have only recently received. We are currently awaiting advice from a senior barrister, which we will consider before coming to a conclusion.”
In April 2009 the European Commission itself announced it was taking legal action against the U.K. government as a result of the trials, claiming “there are problems in the way the U.K. has implemented parts of the EU rules on the confidentiality of communications.”
In the U.S., similar legal action was brought against Phorm competitor NebuAd in late 2008. The company and 26 of its ISP partners were the targets of a class-action suit claiming the parties committed illegal privacy and computer security breaches against Internet subscribers.