Skip Navigation

EU opens case over privacy and personal data
Wednesday 15 April 2009 11:08:19 by Andrew Ferguson

It seems Phorm is continuing to have a rocky ride to being a live product in the UK, the European Commission has sent a formal notice starting an infringement proceeding, concerned mainly with how the UK has implemented European data protection laws and how these relate to Phorm and potentially other behavioural advertising systems.

"The Commission has written several letters to the UK authorities since July 2008, asking how they have implemented relevant EU laws in the context of the Phorm case. Following an analysis of the answers received the Commission has concerns that there are structural problems in the way the UK has implemented EU rules ensuring the confidentiality of communications.

Under UK law, which is enforced by the UK police, it is an offence to unlawfully intercept communications. However, the scope of this offence is limited to ‘intentional’ interception only. Moreover, according to this law, interception is also considered to be lawful when the interceptor has ‘reasonable grounds for believing’ that consent to interception has been given. The Commission is also concerned that the UK does not have an independent national supervisory authority dealing with such interceptions.

The UK has two months to reply to this first stage of an infringement proceeding, the letter of formal notice sent today. If the Commission receives no reply, or if the observations presented by the UK are not satisfactory, the Commission may decide to issue a reasoned opinion (the second stage in an infringement proceeding). If the UK still fails to fulfil its obligations under EU law after that, the Commission will refer the case to the European Court of Justice."

Extract from press release

The emphasis is on ensuring that customers of an ISP whose browsing habits are being tracked have given clear informed consent to the system being used on their connection. Under current UK law there only needs to be "reasonable grounds for believing" someone has consented.

This does not mean that this is the end for Phorm, there is nothing it seems stopping it deploying the system under an opt-in system that exceeds UK law requirements and satisfies European law. What it does mean is that we may see this case drag on depending on the UK response, with the final stage being appearing at the European Court of Justice. A win for the EU in the European Court would force changes to UK law.

The BBC amongst other websites has covered the news, and Nicholas Bohm from FIPR appears to back an additional requirement that would require sites to give consent so that they can be trawled. In theory this can be accomplished easily with websites utilising a robots.txt file, however that could exclude them from search engines which is a price they wouldn't want to pay.


Posted by carrot63 over 8 years ago
I can't wait to see the government try to spin this as EU interference.

As to robots.txt, there's no reason at all sites couldn't tell phorm to refrain from scanning pages but allow legit search engines. All phorm have to do is specify a unique user agent as any SE would. However robots.txt is purely advisory and I doubt many would trust phorm to honour their commitment to it. It would in any case (unlike proper SEs) almost certainly be impossible to verify compliance as phorms kit would be invisible to the site, except as the users BT IP. BT users might be in for a lot of 403s.
Posted by _TRIaXOR_ over 8 years ago
Now Amazon has announced it will block Phorm from scanning its website..

Posted by jelv over 8 years ago
Phorm already does look at robots.txt - if you exclude Google Phorm won't scan your pages. Now I wonder why thousands of web sites haven't taken this action?

The only puzzle to me is why Google haven't kicked up a fuss about this.
Posted by carrot63 over 8 years ago
Jelv, phorm are only offering to respect generic robots.txt entries, so if you exclude:

User-agent: *
Disallow: /

they claim to respect it, but that entry would disallow ALL bots including google, yahoo etc, not just phorm. However robots.txt allows for excluding specific SEs via their user agent string:

User-agent: 192.comAgent
Disallow: /

would only affect the bot listed. Some bots will respect the rule that most closely applies to them (google state this), so you could disallow all, then allow specfic bots, but this is not univerally adopted AFAIK (anyone know better currently?)...
Posted by carrot63 over 8 years ago
...(cont) So what phorm are offering is disingenuous to say the least. They know that most sites will not block all SE traffic just to block them, but by offering 'something' they look magnanimous to the uninitiated while offering nothing at all to those who value their Google rankings - most I'd say. All they have to do is offer up a specific UA string (LeechingScum for example) for blocking and we're done, although the issue of trust still remains as robots.txt is not binding.

Just another way phorm twists the truth.
Posted by Dawn_Falcon over 8 years ago
There are ways round that, Carpet (noteably serving different page versions to bots), but there's absolutely no reason why Phorm shouldn't obey websites rules on User-agent: Phorm
Posted by CARPETBURN over 8 years ago
^^^ Why the heck are you even talking to me when i havent made a comment on this story?? Has it got to the stage now where you attack me for things your imagination thinks i said??? I have to assume so as nobody with a username of "Carpet", "Carpetburn" or anything close to similar have commented.
Posted by Dawn_Falcon over 8 years ago
Oh sorry, when it comes to dogma your name allways immediately crops up. Must be something to do with your posting habits.
Posted by CARPETBURN over 8 years ago
^^^ Or just something to do with you having the same attention span when it comes to reading as the local infants school?
Posted by Dawn_Falcon over 7 years ago

No, it's you.
Posted by CARPETBURN over 7 years ago

Funniest and most unrealistic thing ive ever read.
Posted by michaels_perry over 7 years ago
How does this now sit with the Government's announced plan to monitor all internet traffic on the excuse (?) of tracking terrorist activities when the vast. vast majority merely send /receive email or surf the net. Isn't such tracking without prior consent also contrary to the EU legislation?
Posted by CARPETBURN over 7 years ago
quote"How does this now sit with the Government's announced plan to monitor all internet traffic on the excuse (?) of tracking terrorist activities when the vast. vast majority merely send /receive email or surf the net. Isn't such tracking without prior consent also contrary to the EU legislation?"

The day this government manages that will be the day a pig takes flight, this government cant even manage its own laptops and CDs let alone paper documents... Monitor the whole net? In their deluded dreams maybe
You must be logged in to post comments. Click here to login.