The European Union started legal action against Britain on Tuesday for not applying EU data privacy rules that would restrict an Internet advertising tracker, called Phorm, from watching how users surf the web….
The European Commission said Britain should outlaw Internet traffic interception and monitoring unless users give explicit consent that their behavior can be tracked and analyzed.
It said it had received numerous complaints about BT Group PLC, which tested Phorm in 2006 and 2007 without informing customers involved in the trial. Phorm analyzes Internet users' behavior so it can target them with advertising that might appeal to them.
"Such a technology in the view of the European Commission and European data protection law can only be used with the prior consent of the user," said EU spokesman Martin Selmayr.
In its decision to pursue legal action against Britain regarding "behavioral advertising," the EC is pretty upset over the lack of "consent":
At the heart of the legal action by the EC is whether users have given their consent to have their data intercepted by the advertising system….
A spokeswoman from the commission [said] that the EC wanted the UK to ensure there were procedures in place to ensure "clear consent from the user that his or her private data is being used."…
"Technologies like Internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules," the EU's Telecoms Commissioner Viviane Reding said in a statement.
In her weekly radio message, Reding was very clear about her position:
Another privacy concern repeatedly mentioned to the European Commission these days is behavioural advertisement… Now, European privacy rules are crystal clear: a person's information can only be used with their prior consent. And we cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored, in exchange for a promise of "more relevant" advertisement.
It's great to see a government body protecting Internet users from secret and unapproved searches of their information. Now that the EC is safeguarding "basic principles," we can all rest easy.
It looks like the idea of "consent" is a one-way street. On April 6, with little fanfare, the EU's revised Data Retention Regulations 2009 went into effect:
…The 'Data Retention Regulations 2009' EU directive places legal obligations on every ISP to retain personal details of Internet users. This includes Internet telephony, email and web browsing history.
These powers will be limited to data such as a time, date and IP address and won't extend to actual email content. They will however store your entire browsing history including all pages you've visited or attempted to visit. Details of fixed and mobile calls will go even further, providing the government with the geographical data of the call. The act has been around for a while but has only now been updated this week to include the law on Internet communication.
So advertising trackers and Internet Service Providers must offer users a chance to opt out of behavioral advertising, while storing ISP customers' personal data is mandatory? There's mixed signals here. Well, so much for consent and "crystal clear" privacy rules. Looks like it's back to the drawing board PC's paint program.
In the great 2004 cover story, Reason contributor Declan McCullagh explains the upside of zero privacy. In February, Senior Editor Jacob Sullum wrote about the UK's secret plan to monitor everything. Reason's private stash here.