The Rise of the Machines (Phorm and Data Protection)

Earlier last month the Office of Fair Trading announced a review of the targeting of “online behavioural advertising and customised pricing”. I think this is a result of the EU threatening legal action against the UK.

The dispute centres around BT’s secret trials in 2006 and 2007 of “behavioural advertising” technology developed by UK tech firm Phorm. The technology was presented to BT internet customers on an opt-out basis, and cheerily described as being designed to provide greater protection from online fraud. (Cheekily, tailoring of advertising was glossed over as a secondary feature.) If you didn’t opt-out then advertising you saw on your browser was duly based on previous web browsing activity – so that the adverts more closely matched the browser’s interests. This secret trial was uncovered by some impressive detective work by BT customers.

The explanation is fairly technical, and it’s hard to decipher without being reminded of The Terminator or The Matrix or any of the other 100 dystopian sci-fi films which tell you that technology is only going to make things horrible for humans. But it’s enough to understand that some BT customers began to note that anytime they visited a new website their browsers were exchanging information with a mysterious domain, and the truth was unravelled from there. (It’s not quite as heroic as saving the future of mankind by fighting an unstoppable cyborg assassin who has been sent back from the year 2029 by a collective of artificially intelligent computer-controlled machines – but it’s still pretty heroic in its own way.)

The discovery of this sneaky secret trial led to complaints to the Information Commissioner, the UK police and MEPs, and a dialogue was opened between the Information Commissioner and the European Commission about possible problems in the way in which the UK has implemented parts of EU rules on the confidentiality of communications.

A subsequent government investigation, by the Department for Business, Innovation and Skills concluded that the Phorm technology did not breach European laws on data protection. Nevertheless, the E-Privacy Directive clearly requires EU Member States to ensure confidentiality of the communications and related traffic data by prohibiting unlawful interception and surveillance unless the users concerned have consented. And the Data Protection Directive also specifies that user consent must be “freely given specific and informed”. Does an obscure opt-out amount to “freely given” or “informed” consent? The EC thinks not, and is also concerned that the UK does not have an independent national supervisory authority that deals with such interceptions.

The EC also thinks that the application of UK surveillance law (as set out in the Regulation of Investigatory Powers Act (RIPA) isn’t being regulated properly.

The UK which now has two months in which to respond to the Commission. If the Commission is unsatisfied with the response it could take the case to an EU court and perhaps force a change in UK law.

0 Responses to “The Rise of the Machines (Phorm and Data Protection)”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter: @BrodiesTechBlog feed

November 2009
« Oct   Dec »

%d bloggers like this: