Amendments aim to tighten up UK's online privacy laws following the Phorm debacle and legal action by the European Commission
The Home Office plans to change UK law after the European Commission (EC) started legal proceedings against the Government.
The EC identified problems with the way people’s data was protected online. Now, the Home Office plans to amend the Regulation of Investigatory Powers Act 2000 (RIPA) to bring it into line with European regulations.
This tightening up of UK law will aim to create a clear 'opt-in policy' if information exchanged between internet service provider (ISP) and consumer is to be shared with a third party. There will also be a new sanction added for " unintentional unlawful interception".
The issue centres on BT's use of internet monitoring software developed by marketing company Phorm. In 2008 it was discovered that BT had carried out secret trials of Phorm’s Webwise technology in 2006 and 2007. The Webwise software monitored users’ internet activity in order to deliver targeted advertising.
There was controversy from the outset, with Cambridge University privacy expert Dr Richard Clayton calling the software "unlawful " and stating it is "a clear breach of RIPA".
Reacting to consumer outrage at the trials, the Department for Business Enterprise and Regulatory Reform said that Phorm’s activities were within UK law. In a statement released in July 2008, it said that Phorm could continue to operate “with the knowledge and agreement of the customer".
In April 2009, the EC launched legal proceedings against the UK Government for non-compliance of privacy laws. Speaking at the time, Viviane Reding, EU telecommunications commissioner said: "The rules are quite clear. A person's information can only be used with their prior consent."
Then, in September of this year, the EC announced that it planned to take the UK Government to court, highlighting three areas in which UK law failed to meet EU requirements. It stated that the UK didn’t have the required independent authority to supervise web traffic interception and that UK law allowed for data to be intercepted without prior consent providing there were "reasonable grounds for believing" that consent to do so had been given.
