EU Commission to monitor Virgin DPI trials
The European Commission has announced it will closely monitor planned trials of deep packet inspection (DPI) which will be used by Virgin Media to monitor the amount of illegal file sharing on its network. No personal or identifying data will be collected or stored by the Virgin system so users will not see action coming from this, but the system could potentially be modified in the future to support this.
Privacy International does not see DPI as a legal thing for Virgin to do, and has advised that it would lodge a criminal complaint against Virgin if it goes ahead with the trial as it believes that under RIPA, ISPs don't have the right to monitor communications without consent or a court order. Similar complaints happened when BT ran it's trial of Phorm, and the City of London Police did not deem that any wrong doing had occurred. The European Commission weren't impressed with the way the trial was run and opened its own investigation in to how the UK are implementing European data protection laws.
The Commission have so far identified three gaps in UK law. Firstly, there is no independent national authority to supervise the interception of communications, required under the ePrivacy and Data Protection Directive. The RIPA act authorises interception of communications where the party has reasonable grounds for believing that consent has been given which doesn't comply with EU rules defining consent. The RIPA act also only prohibits interception where it intentionally occurred, rather than the EU law that requires Member States to prohibit any unlawful interception.
Whilst Virgin may or may not fall foul of current UK law as it stands, they may do so of EU law, but until the UK pull their foot out and fix things up to EU standards, there may not be any sanctions except financial penalties to the UK government for not conforming to EU law.