Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

AlexanderHanff · 03-04-2008, 14:37

Privacy and Electronic Communications (European Directive) Regulations 2003

Confidentiality of communications
6. - (1) Subject to paragraph (4), a person shall not use an electronic communications network to store information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment -

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) is given the opportunity to refuse the storage of or access to that information.

(on (a) clearly this requirement has not been met since BT did these trials in secret.)
(on (b) clearly this requirement has not been met since (yup you guessed it) BT didn't ask the subscriber/user for consent because they conducted the trials in secret.)
...

(4) Paragraph (1) shall not apply to the technical storage of, or access to, information -

(a) for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

...

(7)(3) Traffic data relating to a subscriber or user may be processed and stored by a provider of a public electronic communications service if -

(a) such processing and storage are for the purpose of marketing electronic communications services, or for the provision of value added services to that subscriber or user; and

(b) the subscriber or user to whom the traffic data relate has given his consent to such processing or storage; and

(c) such processing and storage are undertaken only for the duration necessary for the purposes specified in subparagraph (a).

(on (b) clearly this requirement has not been met as BT carried out these trials in secret and did not seek consent)
...

Further provisions relating to the processing of traffic data under regulation 7
8. - (1) Processing of traffic data in accordance with regulation 7(2) or (3) shall not be undertaken by a public communications provider unless the subscriber or user to whom the data relate has been provided with information regarding the types of traffic data which are to be processed and the duration of such processing and, in the case of processing in accordance with regulation 7(3), he has been provided with that information before his consent has been obtained.

(for fear of sounding like a broken record, these trials were carried out in secret; requirement of 8. above NOT MET!)
...

Modification of contracts
27. To the extent that any term in a contract between a subscriber to and the provider of a public electronic communications service or such a provider and the provider of an electronic communications network would be inconsistent with a requirement of these Regulations, that term shall be void.

(Could this possibly mean that simply changing terms and conditions would not work???)

...

Request that the Commissioner exercise his enforcement functions
32. Where it is alleged that there has been a contravention of any of the requirements of these Regulations either OFCOM or a person aggrieved by the alleged contravention may request the Commissioner to exercise his enforcement functions in respect of that contravention, but those functions shall be exercisable by the Commissioner whether or not he has been so requested.

(on 32 - so the IC is supposed to exercise his enforcement functions irrespective of whether an official complaint is made or not!)

Technical advice to the Commissioner
33. OFCOM shall comply with any reasonable request made by the Commissioner, in connection with his enforcement functions, for advice on technical and similar matters relating to electronic communications.
(Commissioner is referring to the Information Commissioner)

...

Amendment to the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
34. In regulation 3 of the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000[16], for paragraph (3), there shall be substituted -

" (3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector so permits.".

In relation to the last point above re: Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000:

(a) monitoring or keeping a record of communications -

(i) in order to -

(aa) establish the existence of facts, or

(bb) ascertain compliance with regulatory or self-regulatory practices or procedures which are -

applicable to the system controller in the carrying on of his business or

applicable to another person in the carrying on of his business where that person is supervised by the system controller in respect of those practices or procedures, or

(cc) ascertain or demonstrate the standards which are achieved or ought to be achieved by persons using the system in the course of their duties, or

(ii) in the interests of national security, or

(iii) for the purpose of preventing or detecting crime, or

(iv) for the purpose of investigating or detecting the unauthorised use of that or any other telecommunication system, or

(v) where that is undertaken -

(aa) in order to secure, or

(bb) as an inherent part of,

the effective operation of the system (including any monitoring or keeping of a record which would be authorised by section 3(3) of the Act if the conditions in paragraphs (a) and (b) thereof were satisfied); or

(b) monitoring communications for the purpose of determining whether they are communications relevant to the system controller's business which fall within regulation 2(b)(i) above; or

(c) monitoring communications made to a confidential voice-telephony counselling or support service which is free of charge (other than the cost, if any, of making a telephone call) and operated in such a way that users may remain anonymous if they so choose.

(2) Conduct is authorised by paragraph (1) of this regulation only if -

(a) the interception in question is effected solely for the purpose of monitoring or (where appropriate) keeping a record of communications relevant to the system controller's business;

(b) the telecommunication system in question is provided for use wholly or partly in connection with that business;

(c) the system controller has made all reasonable efforts to inform every person who may use the telecommunication system in question that communications transmitted by means thereof may be intercepted; and

(d) in a case falling within -

(i) paragraph (1)(a)(ii) above, the person by or on whose behalf the interception is effected is a person specified in section 6(2)(a) to (i) of the Act;

(ii) paragraph (1)(b) above, the communication is one which is intended to be received (whether or not it has been actually received) by a person using the telecommunication system in question.

(3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector[2] so permits.

---

Now what was that about ICO not being responsible for issues surrounding interception of communications again?

Alexander Hanff

---------- Post added at 14:33 ---------- Previous post was at 14:23 ----------

And here is Article 5 of Directive 97/66/EC:

Article 5

Confidentiality of the communications

1. Member States shall ensure the confidentiality of communications and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15(1). This paragraph shall not prevent technical storage which is necessary for the conveyance of a communication without prejudice to the principle of confidentiality.

2. Paragraph 1 shall not affect any legally authorised recording of communications and the related traffic data when carried out in the course of lawful business practice for the purpose of providing evidence of a commercial transaction or of any other business communication.

3. Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.

---

Maybe the ICO can explain to me again how unlawful interception is not covered by their office when the very regulations they claim to enforce on their web site create amendments to other legislation and regulations on interception specifically ?

Alexander Hanff

---------- Post added at 14:36 ---------- Previous post was at 14:33 ----------

*** Article 15(1) clearly doesn't state "For targetting customers with adverts":

Article 15

Application of certain provisions of Directive 95/46/EC

1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95/46/EC. To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1) and (2) of the Treaty on European Union.

---------- Post added at 14:37 ---------- Previous post was at 14:36 ----------

oops sorry for the long post...

I have just edited the original post to put my own comments in italics so they don't get lost in all the legalise.

03-04-2008, 14:37	#2108
AlexanderHanff Permanently Banned Join Date: Mar 2008 Posts: 1,028	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] Privacy and Electronic Communications (European Directive) Regulations 2003 Confidentiality of communications 6. - (1) Subject to paragraph (4), a person shall not use an electronic communications network to store information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met. (2) The requirements are that the subscriber or user of that terminal equipment - (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) is given the opportunity to refuse the storage of or access to that information. (on (a) clearly this requirement has not been met since BT did these trials in secret.) (on (b) clearly this requirement has not been met since (yup you guessed it) BT didn't ask the subscriber/user for consent because they conducted the trials in secret.) ... (4) Paragraph (1) shall not apply to the technical storage of, or access to, information - (a) for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user. ... (7)(3) Traffic data relating to a subscriber or user may be processed and stored by a provider of a public electronic communications service if - (a) such processing and storage are for the purpose of marketing electronic communications services, or for the provision of value added services to that subscriber or user; and (b) the subscriber or user to whom the traffic data relate has given his consent to such processing or storage; and (c) such processing and storage are undertaken only for the duration necessary for the purposes specified in subparagraph (a). (on (b) clearly this requirement has not been met as BT carried out these trials in secret and did not seek consent) ... Further provisions relating to the processing of traffic data under regulation 7 8. - (1) Processing of traffic data in accordance with regulation 7(2) or (3) shall not be undertaken by a public communications provider unless the subscriber or user to whom the data relate has been provided with information regarding the types of traffic data which are to be processed and the duration of such processing and, in the case of processing in accordance with regulation 7(3), he has been provided with that information before his consent has been obtained. (for fear of sounding like a broken record, these trials were carried out in secret; requirement of 8. above NOT MET!) ... Modification of contracts 27. To the extent that any term in a contract between a subscriber to and the provider of a public electronic communications service or such a provider and the provider of an electronic communications network would be inconsistent with a requirement of these Regulations, that term shall be void. (Could this possibly mean that simply changing terms and conditions would not work???) ... Request that the Commissioner exercise his enforcement functions 32. Where it is alleged that there has been a contravention of any of the requirements of these Regulations either OFCOM or a person aggrieved by the alleged contravention may request the Commissioner to exercise his enforcement functions in respect of that contravention, but those functions shall be exercisable by the Commissioner whether or not he has been so requested. (on 32 - so the IC is supposed to exercise his enforcement functions irrespective of whether an official complaint is made or not!) Technical advice to the Commissioner 33. OFCOM shall comply with any reasonable request made by the Commissioner, in connection with his enforcement functions, for advice on technical and similar matters relating to electronic communications. (Commissioner is referring to the Information Commissioner) ... Amendment to the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 34. In regulation 3 of the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000[16], for paragraph (3), there shall be substituted - " (3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector so permits.". In relation to the last point above re: Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000: (a) monitoring or keeping a record of communications - (i) in order to - (aa) establish the existence of facts, or (bb) ascertain compliance with regulatory or self-regulatory practices or procedures which are - applicable to the system controller in the carrying on of his business or applicable to another person in the carrying on of his business where that person is supervised by the system controller in respect of those practices or procedures, or (cc) ascertain or demonstrate the standards which are achieved or ought to be achieved by persons using the system in the course of their duties, or (ii) in the interests of national security, or (iii) for the purpose of preventing or detecting crime, or (iv) for the purpose of investigating or detecting the unauthorised use of that or any other telecommunication system, or (v) where that is undertaken - (aa) in order to secure, or (bb) as an inherent part of, the effective operation of the system (including any monitoring or keeping of a record which would be authorised by section 3(3) of the Act if the conditions in paragraphs (a) and (b) thereof were satisfied); or (b) monitoring communications for the purpose of determining whether they are communications relevant to the system controller's business which fall within regulation 2(b)(i) above; or (c) monitoring communications made to a confidential voice-telephony counselling or support service which is free of charge (other than the cost, if any, of making a telephone call) and operated in such a way that users may remain anonymous if they so choose. (2) Conduct is authorised by paragraph (1) of this regulation only if - (a) the interception in question is effected solely for the purpose of monitoring or (where appropriate) keeping a record of communications relevant to the system controller's business; (b) the telecommunication system in question is provided for use wholly or partly in connection with that business; (c) the system controller has made all reasonable efforts to inform every person who may use the telecommunication system in question that communications transmitted by means thereof may be intercepted; and (d) in a case falling within - (i) paragraph (1)(a)(ii) above, the person by or on whose behalf the interception is effected is a person specified in section 6(2)(a) to (i) of the Act; (ii) paragraph (1)(b) above, the communication is one which is intended to be received (whether or not it has been actually received) by a person using the telecommunication system in question. (3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector[2] so permits. --- Now what was that about ICO not being responsible for issues surrounding interception of communications again? Alexander Hanff ---------- Post added at 14:33 ---------- Previous post was at 14:23 ---------- And here is Article 5 of Directive 97/66/EC: Article 5 Confidentiality of the communications 1. Member States shall ensure the confidentiality of communications and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15(1). This paragraph shall not prevent technical storage which is necessary for the conveyance of a communication without prejudice to the principle of confidentiality. 2. Paragraph 1 shall not affect any legally authorised recording of communications and the related traffic data when carried out in the course of lawful business practice for the purpose of providing evidence of a commercial transaction or of any other business communication. 3. Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user. --- Maybe the ICO can explain to me again how unlawful interception is not covered by their office when the very regulations they claim to enforce on their web site create amendments to other legislation and regulations on interception specifically ? Alexander Hanff ---------- Post added at 14:36 ---------- Previous post was at 14:33 ---------- *** Article 15(1) clearly doesn't state "For targetting customers with adverts": Article 15 Application of certain provisions of Directive 95/46/EC 1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95/46/EC. To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1) and (2) of the Treaty on European Union. ---------- Post added at 14:37 ---------- Previous post was at 14:36 ---------- oops sorry for the long post... I have just edited the original post to put my own comments in italics so they don't get lost in all the legalise.