This article is also available in:
Deutsch: Übergriffsverfahren gegen GB wegen Mängel beim Datenschutz
On 14 April 2009, Viviane Reding, the European Union's Commissioner for Information Society and Media, reasserted the intention of the European Commission to take action if EU Member States failed to ensure the right of the citizens to control how their personal information is used by new technologies such as behavioural advertising (e.g. Phorm, Radio Frequency Identification (RFID) chips or online social networking).
Viviane Reding warned that RFID chips integrated in products to send radio signals, should be used "by the consumer and not on the consumer. No European should carry a chip in one of their possessions without being informed precisely what they are used for, with the choice to remove or switch it off at any time."
The Commissioner also asked the social networking companies which she considered businesses based on the use of information considered private, to reinforce privacy protection online: "Privacy must in my view be a high priority for social networking providers and their users. I firmly believe that at least the profiles of minors must be private by default and unavailable to internet search engines. The European Commission has already called on social networking sites to deal with minors' profiles carefully, by means of self-regulation. I am ready to follow this up with new rules if I have to."
The EU Commission has also decided to start infringement proceedings against the UK as a result of the complaints about the Phorm interception and profiling technology. The Commission's action does not only refer to the Phorm case but addresses several problems with UK's implementation of EU ePrivacy and personal data protection rules, that have occurred during the Commission's inquiry on Phorm secret trials made in UK by BT. After having sent several letters to the UK authorities since July 2008 asking for clarifications on the Phorm case, the Commission considered the answers of the UK Government as unsatisfactory.
"We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of EU rules on the confidentiality of communications. I call on the UK authorities to change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications. This should allow the UK to respond more vigorously to new challenges to ePrivacy and personal data protection such as those that have arisen in the Phorm case. It should also help reassure UK consumers about their privacy and data protection while surfing the internet," stated Reding.
According to the UK law, it is an offence to unlawfully intercept communications but the scope of the offence is limited to "intentional" interception and the interception is considered lawful when the interceptor has "reasonable grounds for believing" that consent to interception has been given.
The Commission is also concerned by the fact that the UK does not have an independent national supervisory authority dealing with such interceptions. It asked that the UK change its legislation to protect communications from surveillance or interception more in line with European Union directives on the issues.
"Technologies like internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules. These rules are there to protect the privacy of citizens and must be rigorously enforced by all Member States," said the Commissioner.
The UK has been given two months to react to this stage of the infringement proceeding, and in case there is no reply or the answer is not satisfactory, the Commission may consider issuing a reasoned opinion (the second stage in an infringement proceeding). If, further on, the UK still fails to fulfil its obligations under the EU law, the Commission will then refer the case to the European Court of Justice.
Citizens' privacy must become priority in digital age, says EU Commissioner
Reding (14.04.2009)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/571
EU Commissioner threatens action on social networking, RFID privacy
(15.04.2009)
http://www.out-law.com//default.aspx?page=9948
EU targets online behavioural adverts (15.04.2009)
http://www.euractiv.com/en/infosociety/eu-targets-online-behavioural-a...
UK's privacy laws illegally inadequate, says Europe (14.04.2009)
http://www.out-law.com/default.aspx?page=9945
Commission launches case against UK over privacy and personal data
protection (14.04.2009)
http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/570&...
Phorm, Commission v. UK - Implications for Ireland? (15.04.2009)
http://www.tjmcintyre.com/2009/04/phorm-commission-v-uk-implications-f...
EDRI-gram: Phorm - under scrutiny at the European level (8.04.2009)
http://www.edri.org/edri-gram/number7.7/phorm-eu-scrutiny