European Commission raps U.K. over ad-targeting technology

The United Kingdom is being accused of breaking European privacy rules in allowing the use of a British technology that targets ads at internet users based on their online behaviour.

The EuropeanCommission launched infringement proceedings against the U.K. Tuesday over concerns abouthow wellconfidentiality is being protected during the use of a technology developed by Phorm Inc.

"We have been following the Phorm case for some time and have concluded that there are problems in the way the U.K. has implemented parts of EUrules on the confidentiality of communication," said EU telecoms commissioner Viviane Reding in a statement.

Phorm, in partnership with internet service providers, uses a technique called deep-packet inspection to intercept and examine information as it passes through the internet. That information, such aswhat websites the user visited and what search terms they used, is then analyzed to deliver ads that the user is more likely to be interested in.Phorm says privacy protection is built into the technology so that:

• Internet users remain anonymouswhile their information is collected and analyzed.
• No informationthat could identify someone isstored by the company.
• Browsing behaviour is only stored when it matchespre-approved categories that do not include sensitive topicssuch as illegal activities.

Nevertheless, the European Commission said that since April 2008, it has received several questions from U.K. citizens and U.K. members of the European Parliament about Phorm. In response, the commission wrote several letters to U.K. authorities starting in July 2008 asking how they implemented EU privacy laws in the context of the Phorm case. Analysis of the answers pointed to "structural problems" in implementation of the rules, the European Commission said in a news release.

Specifically, the EU is concerned because U.K. allows interception of communications if:

• It is not considered "intentional."
• The interceptor has "reasonable grounds for believing" that it had consent to intercept the communications.

The EU sent a letter of notice about the proceeding to the U.K. Tuesday, and the U.K. has two months to reply. If the commission does not receive a satisfactory reply, it may issue a "reasoned opinion" about the case. If the country does not respond to the commission's satisfaction oris still considered in breach of the law after that, the case will be referred to the European Court of Justice.

Commission cracking down

Telecoms commissioner Reding said in an online video Tuesday that Europeans have the right to control their personal information and the commission will take action whenever member states fail to ensure that new technologies respect that right.

Phorm refers to its technology as "open internet exchange" and sells the technology in a package called Webwise thatincludes security and customization features.The companyannounced last week that it willlaunch its servicesometime in the next year. It has already conducted tests withat least oneBritish ISP.

The company drew fire after a memo leaked lastspring showedBritish Telecomtested Phorm's technology on 30,000BT subscriberswithout their consent and raised questions about thePhorm's claims about its privacy protection measures. BT has since conducted new, invitation-based trials. Two other British ISPs, Virgin Media Group and the Carphone Warehouse PLC (which owns the Talk Talk brand) have also signed agreements with Phorm.

Brooks Dodds, chief privacyofficer for Phorm,has written anessay on his company's technologyfor a special website on deep-packet inspection launched by the Privacy Commissioner of Canada last month.