The European Commission is calling for the UK to change its laws to protect people's privacy from issues raised by Phorm, after complaints from internet users.
The behavioural advertising company has been the focus of a privacy debate since top internet service providers (ISPs) such as BT, Virgin and Talk Talk signed up for the system, which uses deep packet inspection to better target ads.
"Technologies like internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules. These rules are there to protect the privacy of citizens and must be rigorously enforced by all Member States," said EU telecoms commissioner Viviane Reding, in a statement.
The commission launched the legal action after investigating "several" user complaints regarding Phorm. The proceeding flags up failures in the way the UK is following European privacy law, specifically to do with interception of data and surveillance without consent, the commission explained.
"I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications," Reding added.
"This should allow the UK to respond more vigorously to new challenges to ePrivacy and personal data protection such as those that have arisen in the Phorm case. It should also help reassure UK consumers about their privacy and data protection while surfing the internet."
The UK has two months to reply to the commission. If it does not reply, or cannot convince the commission that it is indeed following EU laws, the case could eventually reach the European Court of Justice.
In its statement, the commission also said it was concerned that the UK lacks an independent authority to deal with communication interceptions.
In a statement, Phorm said: "This is obviously a matter for the Commission and the UK Government."
But it added: "Phorm's technology is fully compliant with UK legislation and relevant EU directives. This has been confirmed by BERR and by the UK regulatory authorities and we note that there is no suggestion to the contrary in the Commission's statement today. We do not envisage the Commission's proceedings will have any impact on the company's plans going forwards."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Forcing Apple to allow alternative app stores might cause major security risksAnalysis Apple will be forced to allow third-party marketplaces on its devices, but some experts have raised serious security concerns
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
New EU vulnerability disclosure rules deemed an "unnecessary risk"News The vulnerability disclosure rules in the Cyber Resilience Act could also cause a “chilling effect” on security researchers
-
Are you ready for NIS2?WEBINAR Find out what you should be doing to prepare for the EU’s latest data protection regulation and UK equivalent with our free webinar
-
EU regulators are digging their heels in despite big tech’s Data Act pushbackAnalysis EU regulators are no strangers to big tech regulatory push back, so why do companies still persist?
-
Nintendo hacker forced to pay company 25-30% of earnings for lifeNews Gary Bowser pled guilty to hacking charges in 2021
-
Microsoft's EU Data Boundary will begin staggered rollout in January 2023News Public sector and commercial customers will be the first to benefit when the rollout begins on 1 January across all of Microsoft's core services
-
EU watchdog fights against rules permitting Europol's ‘unlawful’ data practicesNews The pushback follows allegations that Europol was allowed to write its own rules when it came to handling sensitive data
