the DPA requires permission
for ANY processing taking place no matter were it is, including in the UK (hence the entrys in all the consumer T&Cs you look at).
and also as a seperate matter, it required permission to
Export said personal data outside the UK (for the likes of the contracted offshore Ccare processing).
Peter Fairbrother this morning on the
http://www.theregister.co.uk/2008/03...ripa/comments/
makes the RIPA clear enough.
they NEED the permission of
both the sending AND the receaving ends to intercept any such traffic lawfully.
"
Some RIPA points answered
By Peter Fairbrother
Posted Wednesday 5th March 2008 05:10 GMT
Re: opt-out, opt-in
Opting in would give BT "reasonable grounds to believe" that you have consented to the interception - but not opting-out would not, as failing to object to something is not the same as granting consent, and granting consent, or a reasonable belief that that has happened, is what is required under the Act.
And accepting a cookie you never see on your browser is not granting consent!
However, in any case the granting of consent must be done by _both_ parties if it's to make the interception lawful:
Re: What about the data being sent by websites to the customer?
_Both_ the sender _and_ the intended recipient have to agree for consensual interception to become lawful under S.3(1).
I raised this very point with Peter Sommer last week, so I doubt he got it wrong - but perhaps he thinks the data is only looked at if it comes from sites which have agreed to Phorm intercepting it, and only when the customer has also agreed - though that is contrary to the little we have been told of how Phorm operate...
Re: Difficult Call- Contradictory RIPA :
S.3(3) The "purposes of a telecommunications system" - and note, it's a system, not a service or an ISP - are defined in S.2(1) to be the "transmission of communications". There is no "out" here for storing or passing on anything more than traffic data.
S 1(6) is about private telecomms systems - BT is not a private telecomms system as far as RIPA goes. There is no contradiction.
I can't see anything which would or even could make the interception lawful.
in fact I can't see any grounds to suppose what they are doing could possibly be considered not to be interception, or could possibly be considered to be lawful interception - and unlawful interception, unlike most breaches of the Data Protection Acts, is a criminal offense punishable by up to 2 years in prison.
Which is where they belong. All of them. Though whether the wimpy Commissioner, or the DPP, will agree to a prosecution is another matter ..
BTW, if you want to break your contract with BT, Virgin etc - this is good grounds to do so. They are breaking the law. It's also good grounds to sue them ..
"
---------- Post added at 13:31 ---------- Previous post was at 13:20 ----------
Quote:
Originally Posted by brundles
Well that provides a pretty good starting point - and I agree that ideally they shouldn't be doing that, but just thought I'd throw it out as a suggestion. I must say I hadn't realised they had so many other ways to make their business more efficient - shame they haven't either!
Actually, dav - that's another point that perhaps someone on here can answer. Is the VM infrastructure up to seperating out business connections from residential in the Phorm system? I'd imagine that businesses would be deserting en-masse if they thought all their confidential, commercially sensitive data was going via Russia!
|
VM, BT, and the other one would be MAD to include any business class BB contracts in this Phorm mess, and the commercial businness would
NOT be leaveing before they took VM/BT to the courts and cleaned them out good and proper.
one point you might consider though, the ordinary consumers that have taken the business class VM package in the hopes to improve their lot, are in a bit of a mess as far as their T&Cs are concerned, as they are not covered by the same consumer contracts and safegards the ordinary users are.
the general rule for the UK consumer classes are they are to lazy to do much of anything to harm the UK ISPs in court etc,so we can do as we please type boadroom/upper management thinking..
---------- Post added at 14:50 ---------- Previous post was at 13:31 ----------
another BT/Phorm item from thereg again
http://www.theregister.co.uk/2008/03/05/bt_phorm_trial/
"BT targets 10,000 data pimping guinea pigs
Privacy policy being ripped up for Phorm
By
Chris Williams →
More by this author
Published Wednesday 5th March 2008 14:22 GMT
BT is preparing to test Phorm's advertising targeting technology on 10,000 of its customers this month, to gauge people's reaction to their web browsing being exploited for extra revenue.
The trials will begin mid-March and guinea pigs will be drawn from BT Retail's consumer broadband subscriber base. The firm believes customers will be impressed by what it calls a "safer, more relevant experience".
Phorm will read the websites the test subjects visit and use their contents to serve up targeted advertising when that computer is used to visit other popular sites, including The Guardian and MySpace.
BT sent us this statement about the imminent experiment:
The trial invitation will be presented through a special web page that will appear when those customers start a web browsing session. At this point, those customers invited can choose to switch on BT Webwise, choose not to take part, or to find out more information.
The www.bt.com/webwise site also contains detailed information on the service and a one-click option to switch the service off, which can be activated at any point during the trial. The BT Privacy Policy and BT Total Broadband Service Terms will be amended accordingly.
BT's current privacy policy states: "We do not use this [browsing] information to analyse your visits to any other websites." Once Phorm is deployed that is obviously no longer true.
...
"
---------- Post added at 15:03 ---------- Previous post was at 14:50 ----------
http://www.guardian.co.uk/technology...internet.phorm
Phorm fires privacy row for ISPs
Web users are up in arms over what they see as an invasion of privacy by a company that will track surfing patterns to serve targeted ads
Charles Arthur guardian.co.uk,
Wednesday March 5 2008Marc Burgess has the sound of a man trying to keep a pack at bay. "Our privacy claims have been audited by Ernst & Young; they have been through our system and seen that it does what we say it does," he says.
Privacy International have done a privacy impact assessment, and they will be doing spot checks. We have spoken to the Information Commissioner's Office. All of the privacy groups in the US, UK and Europe have been impressed by our approach."
The problem for the senior vice-president of technology at Phorm, an Aim-listed company which recently tied up a deal with the UK's three biggest internet service providers - BT, Virgin Media and TalkTalk, who between them have more than 10 million customers - is that it's not the privacy groups who he really needs to convince.
It's the millions of people whose services will be affected by Phorm's scheme, because some are up in arms over what they see as an invasion of their privacy through Phorm's intention to categorise all of their web-surfing habits in order to target online ads at them.
...
The data about what websites you tend to visit is then categorised to generate a profile.
When you then visit a page whose adverts are sourced from the Open internet Exchange (
oix.net) - set up by Phorm - your browser will see adverts targeted to your profile.
(Adult, gambling, political, drugs and smoking-related adverts are not allowed.) Your browsing history is not retained; instead the profile for the cookie is refined as it "sees" more of your browsing.
Sites that join OIX are told they will get a better per-click payment than with other services. (Disclosure:
The Guardian is one of a number of media websites that are signed up to OIX.)
...
"