Trials of an online ad system carried out by BT involving more than 30,000 of its customers were potentially illegal, says a leading digital rights lawyer.
BT has said it trialled a prototype of Phorm, which matches adverts to users' web habits, in 2006 and 2007.
The company did not inform customers that they were part of the trial.
Nicholas Bohm, of the Foundation for Information Policy Research, said tests without the knowledge of users were "an illegal intercept of users' data".
A spokesman for BT said the firm had no comment about the legality or illegality of the 2006 test.
In a statement the firm said the trial was "a small scale technical test of a prototype advertising platform".
"The purpose of the test was to evaluate the functional and technical performance of the platform."
It continued: "It is important for BT to ensure that before any new technologies are deployed, they are robust and fit for purpose. No personally identifiable information was processed, stored or disclosed during this test."
Earlier this month BT told BBC News that before the 2007 test it had taken "legal and other external advice... and on the basis of that advice commenced the small scale technical test in good faith".
Eighteen thousand customers were involved in the 2006 trial and BBC News understands that the 2007 test was on a similar scale.
Virgin Media and Talk Talk are also due to deploy the technology and there is no suggestion that the two companies have trialled the system in the past.
The Foundation for Information Policy Research has written to the Information Commissioner to argue that Phorm contravenes the Regulation of Investigatory Powers Act 2000 (Ripa), which protects users from unlawful interception of information.
Phorm and BT have said the technology does not breach any UK laws.
---------------------
Saying that no PI data was sent, processed or stored, is just silly. Perhaps they are legally right, but in reality...they are wrong.
People can commonly be identified by just the types of Google/Yahoo searches they conducted.
Does no one remember the AOL Search Scandal?
While none of the records on the file are personally identifiable per se, certain keywords contain personally identifiable information by means of the user typing in their own name (ego-searching), as well as their address, social security number or by other means....Although the searchers were only identified by a numeric ID, the New York Times successfully discovered the identity of several searchers, and with her permission, exposed search number 4417749 as Thelma Arnold, a 62-year-old Georgian widow.From the sound of it, Phorm was given MUCH, MUCH more than just search terms.
So what do you think?
Hi,
ReplyDeleteI work for Phorm’s comms team.
Webwise doesn't store personally identifiable information, doesn't store IP addresses OR browsing histories.
The technology simply observes anonymous behaviours and draws a conclusion about the advertising category that's most relevant.
All the data leading to that conclusion is deleted by the time each web page is loaded.
The data simply isn’t stored. This is one way that Webwise protects internet users’ privacy and anonymity.
If you’re interested, there’s more information about Webwise here: http://webwise.com/how-it-works/faq.html
Phorm Comms Team