Privacy Compliance & Data Security : Data Security Lawyer & Attorney : Fox Rothschild Law Firm : Privacy Rights, Security Breach Responses

As with NebuAd here in the United States, the Phorm service in Europe is under constant and increasing attack.  The business model for both is basically to team up with Internet service providers, track and collect Internet usage data, and then use that information to serve interest-based ads to the Internet user.  Take a trip to a popular gadget web site, and expect to be served advertisements that offer gadgets for sale.  Visit a travel interest web site, and expect to start noticing advertisements from travel sites in other web pages. 

Announcing that the European Union has "opened an infringement proceeding" to investigate Phorm’s activities, the European Union's Commissioner for Information Society and Media, Viviane Reding, said in a video message that "European privacy rules are crystal clear: a person's information can only be used with their prior consent. We cannot give up this basic principle, and have all our exchanges monitored, surveyed and stored in exchange for a promise of 'more relevant' advertising! I will not shy away from taking action where an EU country falls short of this duty."

The legal action commenced by the European Union basically consists of an inquiry and warning to Britain, inquiring into Britain’s interpretation of the privacy regulations and rules in place, and an explanation of how operations by Phorm comply with those privacy regulations and rules.  In other words, the European Union wants Britain to explain why it has not commenced any action against Phorm.  Britain has two months to respond, and additional inquiries and warnings may follow before the European Union forces Britain into court.

• Email This
• Print
• Comments
• Trackbacks

Starting April 6, 2009, European Union telecommunications companies and Internet service providers (ISPs) suddenly found themselves required to store even more data about their users.

Under existing requirements under the 2006 Data Retention Directive, telecommunications providers are required to retain records (when calls were made and the origination/destination details) regarding telephone calls made over their lines.

Now, The Data Retention Regulations 2009, those European telecommunication providers, and for the first time some ISPs (other than ISPs that also provide voice over IP services, which have always been covered), must retain details of Internet traffic and electronic mail transmissions for a period of six (6) to twenty-four (24) months from origination.  The United Kingdom has determined that the period of retention shall be twelve (12) months.  Sweden has threatened to “ignore” these new requirements.

Although the new regulations do not require the retention of the actual data (i.e., the telephone conversations, Internet content or the electronic mail content), affected European telecommunication providers and ISPs must retain the details of the transmissions (e.g., origination and destination telephone numbers, length of telephone calls, IP address of the user, but not the destination IP addresses, and electronic mail addresses, time of transmission).

• Email This
• Print
• Comments
• Trackbacks