Font Size

UK infringes Data Protection laws


Lawdit Solicitors - Expert Author

Legal Articles
Submit Articles   Back to Articles

12th April 2009


The UK is in trouble yet again for infringing the EU Directive on privacy and electronic communications which requires EU Member States to ensure confidentiality of the communications and related traffic data by prohibiting unlawful interception and surveillance unless the users concerned have consented (Article 5(1) of Directive 2002/58/EC.

The EU Data Protection Directive specifies that user consent must be freely given specific and informed (Article 2(h) of Directive 95/46/EC. In addition Article 24 of the Data Protection Directive requires Member States to establish appropriate sanctions in case of infringements and Article 28 says that independent authorities must be charged with supervising implementation. These provisions of the Data Protection Directive also apply in the area of confidentiality of communications.

According to the Commission the UK has failed to adhere to this and has decided enough is enough.

For more than a year now the Commission has received several questions from UK citizens and UK Members of the European Parliament concerned about the use of a behavioural advertising technology known as Phorma by Internet Service Providers in the UK.

Phorm technology targets customers web surfing to determine users interests and then delivers targeted advertising to users when they visit certain websites. The crucial test is that BT admitted that it had tested Phorm in 2006 and 2007 without informing customers involved in the trial. It is in the absence of such testing that resulted in a number of complaints to the UK data protection authority - the Information Commissioner and to the UK police.

The Commission had expressed a number of concerns that there were structural problems in the way the UK has implemented EU rules ensuring the confidentiality of communications.

Under UK law, it is an offence to unlawfully intercept communications, the offence is an arrestable offence. However, the scope of this offence is limited to intentional interception only. BT and other ISPs were using these techniques to market a service more effectively.

Interception is considered to be lawful when the interceptor has reasonable grounds for believing that consent to interception has been given. So a user must give their consent. The Commission was also concerned that the UK did not have an independent national supervisory authority dealing with such interceptions.

The UK has two months to reply to this first stage of an infringement proceeding, the letter of formal notice sent today. If the Commission receives no reply, or if the observations presented by the UK are not satisfactory, the Commission may decide to issue a reasoned opinion (the second stage in an infringement proceeding). If the UK still fails to fulfil its obligations under EU law after that, the Commission will refer the case to the European Court of Justice.

Michael Coyle is a solicitor advocate with extensive experience in intellectual property law, media law, commercial law and information technology law. For more information please contact:- <>

About the Author

Lawdit Solicitors offer services and advice for litigation, commercial contracts, Intellectual Property and IT legal agreements. We are experts in commercial law with a heavy emphasis on Intellectual Property, Internet and e-commerce law. Lawdit is a member of the International Trademark Association, the Solicitors' Association of Higher Court Advocates and we are the appointed Solicitors to the largest webdesign association in the world, the United Kingdom Website Designers Association.

Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2009-05-19 15:50:16 in Legal Articles

All Articles

Copyright © 2004-2021 Scopulus Limited. All rights reserved.