EU take UK to court over privacy and data protection rules
UK law does not comply with EU law on consent of the interception of data in electronic communications according to the European Commission. After launching an infringement procedure in April 2009, and requesting the UK authorities adjust their laws in October 2009, the Commission has now decided to refer the UK to the European Court of Justice for failing to take action to address the deficiencies in UK law.
The UK law's are in breach of the ePrivacy Directive and the Data Protection Directive in three specific areas:
- there is no independent national authority to supervise the interception of some communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications
- current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has 'reasonable grounds for believing' that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as "freely given, specific and informed indication of a person's wishes"
- current UK law prohibiting and providing sanctions in case of unlawful interception are limited to 'intentional' interception only, whereas EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.
The case stems from complaints with regards how the UK dealt with the Phorm advertising system which was secretly trialled by BT on its users without their consent. This effectively resulted in interception of data, but the UK authorities failed to find that either BT or Phorm had committed a criminal offence.