EC takes privacy infringement proceedings against UK a step further

The European Commission has given the Government two months to ensure online privacy measures for UK citizens comply with EU standards.

The move comes after the EC instructed the UK Government to take positive action to comply fully with EU rules under the ePrivacy Directive following complaints it received about behavioural advertising company Phorm in April.

A failure to do this means the EC has now moved to the second phase of its infringement proceedings against the UK. If after two months the EC still believes that the UK Government is not doing enough to ensure the confidentiality of people's electronic communications, including email and internet browsing, the case would be taken to the European Court of Justice.

Viviane Reding, EU Telecoms Commissioner said: “People's privacy and the integrity of their personal data in the digital world is not only an important matter, it is a fundamental right, protected by European law.

"That is why the Commission is vigilant in ensuring that EU rules and rights are put in place. Ensuring digital privacy is a key for building trust in the internet.

"I therefore call on the UK authorities to change their national laws to ensure that British citizens fully benefit from the safeguards set out in EU law concerning confidentiality of electronic communications.”

The furore arose earlier this year after it emerged that some major internet service providers (ISPs) including BT were considering using behavioural tracking software developed by Phorm.

The fear was this would be implemented without users' consent and BT did run secret trials of the Webwise software.

This would have tracked websites visited by internet users. However the ePrivacy Directive prohibits the interception and surveillance of electronics communications without the user's consent.

Specifically the Commission has identified three gaps in the existing UK rules governing the confidentiality of electronic communications.

There is no independent national authority to supervise interception of communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications.

Communications can be intercepted when the person intercepting has ‘reasonable grounds for believing’ that consent has been given, even though the EU defines consent as “freely given specific and informed indication of a person’s wishes”.

And thirdly the current UK law – the Regulation of Investigatory Powers Act 2000 (RIPA) – authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given.

These UK law provisions do not comply with EU rules defining consent as freely given specific and informed indication of a person’s wishes.