Privacy war steps up a gear

In recent news from our friends in Brussels it seems that the war on privacy piracy is stepping up a gear or three and now the UK will be in the European courts after failing to respond to infringement charges last year. The backlash from Brussels was brought about after a campaign of complaints by UK citizens surrounding illegal traffic interception being used for behavioural targeting. The EU goes on to say that consent is defined as “freely given, specific and informed” and was required before BT Broadband started trials of behavioural targeting using Phorm‘s platform.

The basis of the privacy movement, backed by Open Rights Group, is whether users had given their consent to have their private data intercepted by the advertising system. This has been bumbling along now for a couple of years but the recent announcement by European Commission has given a clear signal that this issue will simply not go away.

The EU Directive on privacy and electronic communications requires EU Member States to ensure confidentiality of the communications and related traffic data by prohibiting unlawful interception and surveillance unless the users concerned have consented to this (Article 5(1) of Directive 2002/58/EC ). The EU Data Protection Directive specifies that user consent must be ‘freely given specific and informed’ (Article 2(h) of Directive 95/46/EC ). Moreover, Article 24 of the Data Protection Directive requires Member States to establish appropriate sanctions in case of infringements and Article 28 says that independent authorities must be charged with supervising implementation. These provisions of the Data Protection Directive also apply in the area of confidentiality of communications.

A detailed overview of telecoms infringement proceedings is available here.

With no independent UK body supervising the interception of communication, Europe is getting a little impatient with the frequency and ease with which these transgressions continue. How far this will get is yet to transpire but as the stakes are raised it is becoming clear that organisations will have to be a lot more careful and aware of what they are doing with site visitor information.