The United Kingdom does not always provide sufficient protection for its internet users and could face action before the EU Court of Justice if it fails to comply with EU rules guaranteeing the confidentiality of electronic communications. It has two months to comply, according to the reasoned opinion (second step of infringement procedure) sent to it by the European Commission, on 29 October.

The case came up last April. At the time, the Commission had warned London to change its law after receiving complaints from internet users whose personal data had been used by a behaviour-based advertising technology, baptised Phorm, without their consent. British MEPs had also protested (see Europolitics3733). Phorm makes it possible to analyse browsing habits on an ongoing basis in order to determine users’ interests and send them targeted advertising when they visit certain sites. British Telecom, the incumbent operator, admitted that it tested Phorm in 2006 and 2007 without informing its subscribers. This is a serious infringement of EU legislation, which bans the interception or surveillance of communications without the consent of the users concerned, except where legally authorised.

This is the first time the Commission has launched an infringement procedure related to a problem of targeted advertising. After a close review of the British response to its letter of formal notice dated 14 April, the Commission concludes that London has not yet fully built these rules into its legislation.

The Commission has identified three gaps in Britain’s rules: 1. the absence of an independent national authority in charge of supervising the interception of communications and hearing related complaints; 2. an excessively wide interpretation of the principle of consent; 3. too limited a ban on interception of personal data.

OTHER VIOLATIONS

The Commission has also sent letters of formal notice, the first stage of the infringement procedure, to three member states:

- Romania must stop combining telecoms regulation with ownership/control in public enterprises. EU law requires an independent market regulator. In Romania, the Communications and Information Society Ministry has a regulatory role while simultaneously exercising ownership and control activities in two companies providing telecoms network and/or services (Romtelecom S.A. and S.N.R. S.A.). The Commission had already protested against the removal of the president of the national telecoms regulator. In response, Bucharest adopted, in March, a decree establishing guarantees of greater independence, but the decree has not yet been ratified by parliament.

- Polandhas to comply with the EU court’s ruling on subscribers’ rights, which also protects those using prepaid cards, who represent more than half of Polish mobile subscribers. Polish law limits the concept of ‘subscriber’ to those who have signed a contract.

- Germany is in breach of EU law for having assigned the 2,500-2,690 MHz frequency band to mobile services alone, although a 2008 Commission decision opened this band to all electronic communication services, both fixed and mobile.

The Commission has also written to the Italian regulator AGCOM to ask it to disclose the competition undertakings made by the incumbent operation Telecom Italia before approving them. “It is vital that AGCOM considers the undertakings, to which Telecom Italia committed, as regulatory remedies and has consulted the Commission and other regulatory authorities on those remedies in a transparent manner,” stated Information Society Commissioner Viviane Reding.

Phorm makes it possible to analyse browsing habits on an ongoing basis in order to determine users’ interests and send them targeted advertising