There's been something rattling around at the back of my mind for a while. It's one of those things where you know that something is wrong but you don't what it is - well I do now.
Someone tell me if this has been discussed, debated and answered before because I'm sure I haven't seen it mentioned anywhere.
In all of the information given by BT and Phorm to customers, the ICO, 80/20 Thinking and anyone else involved it has always been asserted that Webwise does not collect any personally identifiable information.
Let's accept that this statement is accurate but look at what it really refers to.
BT and Phorm have only ever discussed PII in relation to the Webwise system but
BT's Privacy Policy states that:-
We sometimes use other companies to provide services to you or to provide services to us. To enable them to do this, we may need to share your personal information with them.
This means that BT can honestly say that Phorm will not gain access to any PII via Webwise but no official document or statement that I am familiar with says that Phorm have not or will not be given PII under the existing terms of BT's Privacy Policy.
This means that Phorm could already have personal information records of ALL of BT's customers. If Webwise is used then Phorm could have an entire file of millions of peoples personal information and access to vast amounts of personality profiles to match them against. Worse still, you can opt-out of Webwise but you can't opt out of BT's Privacy Policy.
Is it possible that BT and Phorm have been playing a crafty game in only ever mentioning PII in relation to Webwise and OIX?