p2pnet news view Advertising | P2P | Politics:- After 15 months of campaigning against Phorm and their illegal trials of their technology with BT in 2006, 2007 and 2008, on May 27th 2009, “I was invited to a meeting by the office of Commissioner Vivian Reding in Brussels,” anti-Phorm campaigner and NoDPI founder Alex Hanff tells p2pnet, going on »»»

Ms Reding contacted the UK government last summer asking them what they were doing with regards to Phorm’s trials and was not satisfied with their responses; so a month ago she initiated legal action against the UK for failing to enforce EU privacy directives which protect the EU public from the interception of communications without informed consent.

Below is a summary of that very interesting meeting:

In attendence:

EU Commission
Mr Rudolf Strohmeier, Head of Ms Viviane Reding’s cabinet
Mr Michael Shotter, Member of Ms Reding’s Cabinet
Ms Paraskevi Michou, Head of DG INFSO Unit Implementation of Regulatory Framework (I)
Mr Martins Prieditis, of Ms Michou’s unit

Jim Killock, Director of the Open Rights Group
Alexander Hanff, NoDPI and Privacy International
Neil Maybin, NoDPI

The meeting began with introductions and quickly moved on. We had a number of specific points we wanted to discuss with the Commission and they had some equally specific points they wanted to discuss with us; as it turns out both were pretty much the same.

We discussed the issue of informed consent vs implied consent. I raised my concerns that Phorm, BT and the Home Office are all stating that consent can be implied with regards to data published on the world wide web. The Commission responded very strongly on this stating that EU Law does not recognise implied consent and that consent must be explicit and informed and that all such services must be Opt-In.

The other issue central to this point is on whether or not the use of DPI by Phorm’s model can be classed as intercepting communications. It is important to realise that content which is “broadcast” is not covered by RIPA with regards to interception, so one has to establish whether or not web transactions are broadcast or communicated. The Commission were again very strong in their support of our argument that web transactions are communications rather than broadcasts and that indeed this is increasingly the case as more web based services strive to deliver personalised content to their users. It is this very personalisation that Phorm seek to take advantage of as it is that data which gives their model value to the commercial sector.

We also discussed the criminal complaint I made to City of London Police (which they seemed to be unaware of before the meeting). They were confused as to why the City of London Police chose not to take action and agreed that the claim of “no criminal intent” was a very foolish argument. They asked how things were going with the Crown Prosecution Service and were very interested to discover that the CPS have had the case since November but have not been seen to take any action.

Another issue on the agenda was the disparity between the EU’s definition of what constitutes personally identifiable data and that of the UK’s. In Europe IP addresses and Unique ID’s (UID) are regarded as personally identifiable as they link directly to an individual, this is not the case in the UK. I mentioned that 100 years ago, in order to identify someone you would need their name and address and would probably need to live in the same geographical region in order to identify someone; but in the present and more so in the future, the task is significantly simplified. With modern data mining techniques and technology the most non-specific pieces of microdata when put into context with vast quantities of other microdata can be used to very quickly identify an individual as was highlighted by the AOL scandal a few years ago. I explained that in my opinion it is incredibly dangerous to statically define personally identifiable data because as technology and methods evolve so the definition needs to evolve as well. The Commission agreed with this completely and stated they too were very concerned with how to define such data; they also agreed that anonymising data does not work and should not be seen as a solution.

The lack of enforcement powers within the Information Commissioner’s Office was also discussed at length and the Commission agreed it is a big problem which needs addressing, they were equally concerned that it is not limited to the UK and that they felt a number of EU States suffered the same problems, so they are very eager to address these problems. They were particularly interested to learn that NebuAd have settled in the UK and that the UK (and increasingly the EU as a whole) is becoming a safe haven for unethical commercial practices which impact on privacy.

They were very helpful in recommending other EU bodies we should engage with in order to progress the issues towards a solution. The overall feel from the meeting was that they were very concerned and that they agreed with the concerns raised by us and the general public. I suspect this relationship with the EU Commission is going to develop further and I certainly look forward to continued discussion with them.

Mr Rudolf Strohmeier stated that in all his years working at the Commission there had only been 1 or 2 other issues which had generated such a high volume of written complaints from the public so they were taking the matter very seriously, which is why they initiated infringement action against the UK Government last month.

The Commission also agreed that Privacy is one of the keystones of democracy and a failure to enforce privacy regulations is not only a danger to democracy itself but also begins to normalise the view that privacy doesn’t matter to the current and future generations. They agree that education is critical to prevent the complete devolution of our fundamental human rights.

Excellent, Alex.

Follow p2pnet on Twitter.

May, 2009