The European Commission is preparing legal actions against the British Government for breaching European privacy laws because it failed to reign in Phorm, a targeted advertising company that is infamous for working with ISPs to target ads by using deep packet inspection without the clear consent of the ISPs’ users.
While Phorm argues that its technology is compliant with both U.K. and European law, the European Commission alleges that Phorm continues to intercept user data without clear consent from the users.
Last year, Phorm claimed that its deals with various British ISPs gave it access to data from 70% of British households with broadband connections. British Telecom tested Phorm in 2006 and 2007, but failed to inform its customers about the trial, which quickly led to protests from privacy advocates who claimed that Phorm was using deep packet inspection to build behavioral profiles.
According to U.K. law, a system like Phorm, which intercepts communications between the user and a website at the ISP level, is legal as long as the interceptor has “reasonable grounds for believing” that the user has consented to this. According to the EU data protection directive, however, consent must be “freely given, specific and informed.”
Phorm, which continues to argue that its system is completely anonymous, is currently trying to change its image through a new advertising campaign and a series of “town hall” meetings.