Infringement procedure against UK for lack of privacy protection

By EDRi · April 22, 2009

This article is also available in:
Deutsch: [Übergriffsverfahren gegen GB wegen Mängel beim Datenschutz |]

On 14 April 2009, Viviane Reding, the European Union’s Commissioner for
Information Society and Media, reasserted the intention of the European
Commission to take action if EU Member States failed to ensure the right of
the citizens to control how their personal information is used by new
technologies such as behavioural advertising (e.g. Phorm, Radio Frequency
Identification (RFID) chips or online social networking).

Viviane Reding warned that RFID chips integrated in products to send radio
signals, should be used “by the consumer and not on the consumer. No
European should carry a chip in one of their possessions without being
informed precisely what they are used for, with the choice to remove or
switch it off at any time.”

The Commissioner also asked the social networking companies which she
considered businesses based on the use of information considered private, to
reinforce privacy protection online: “Privacy must in my view be a high
priority for social networking providers and their users. I firmly believe
that at least the profiles of minors must be private by default and
unavailable to internet search engines. The European Commission has already
called on social networking sites to deal with minors’ profiles carefully,
by means of self-regulation. I am ready to follow this up with new rules if
I have to.”

The EU Commission has also decided to start infringement proceedings against
the UK as a result of the complaints about the Phorm interception and
profiling technology. The Commission’s action does not only refer to the
Phorm case but addresses several problems with UK’s implementation of EU
ePrivacy and personal data protection rules, that have occurred during the
Commission’s inquiry on Phorm secret trials made in UK by BT. After having
sent several letters to the UK authorities since July 2008 asking for
clarifications on the Phorm case, the Commission considered the answers of
the UK Government as unsatisfactory.

“We have been following the Phorm case for some time and have concluded that
there are problems in the way the UK has implemented parts of EU rules on
the confidentiality of communications. I call on the UK authorities to
change their national laws and ensure that national authorities are duly
empowered and have proper sanctions at their disposal to enforce EU
legislation on the confidentiality of communications. This should allow the
UK to respond more vigorously to new challenges to ePrivacy and personal
data protection such as those that have arisen in the Phorm case. It should
also help reassure UK consumers about their privacy and data protection
while surfing the internet,” stated Reding.

According to the UK law, it is an offence to unlawfully intercept
communications but the scope of the offence is limited to “intentional”
interception and the interception is considered lawful when the interceptor
has “reasonable grounds for believing” that consent to interception has been

The Commission is also concerned by the fact that the UK does not have an
independent national supervisory authority dealing with such interceptions.
It asked that the UK change its legislation to protect communications from
surveillance or interception more in line with European Union directives on
the issues.

“Technologies like internet behavioural advertising can be useful for
businesses and consumers but they must be used in a way that complies with
EU rules. These rules are there to protect the privacy of citizens and must
be rigorously enforced by all Member States,” said the Commissioner.

The UK has been given two months to react to this stage of the infringement
proceeding, and in case there is no reply or the answer is not satisfactory,
the Commission may consider issuing a reasoned opinion (the second stage in
an infringement proceeding). If, further on, the UK still fails to fulfil
its obligations under the EU law, the Commission will then refer the case to
the European Court of Justice.

Citizens’ privacy must become priority in digital age, says EU Commissioner
Reding (14.04.2009)

EU Commissioner threatens action on social networking, RFID privacy

EU targets online behavioural adverts (15.04.2009)

UK’s privacy laws illegally inadequate, says Europe (14.04.2009)

Commission launches case against UK over privacy and personal data
protection (14.04.2009)

Phorm, Commission v. UK – Implications for Ireland? (15.04.2009)

EDRI-gram: Phorm – under scrutiny at the European level (8.04.2009)