A new UK advertising service called Phorm has created controversy over internet privacy because it plans to roll out highly targeted ads based on users´ surfing habits. It has deals in place with three large UK internet service providers (ISPs).
Privacy advocates say Phorm´s data has been illegally retrieved and want the three ISPs partnering with Phorm to abandon their agreements.
In what is the UK’s first such case, Phorm’s stock fell over 30% last week when the controversy first broke out. A privacy advocacy group called the
Foundation for Information Policy Research says that the data has been illegally retrieved and warns that Phorm’s system violates data protection laws.
But the three mainstream UK ISPs BT, Virgin Media and TalkTalk, which will run Phorm’s ads say they will stand by the company. On its website, Phorm says it runs ‘proprietary ad serving technology [which] uses anonymised ISP data to deliver the right ad to the right person at the right time - the right number of times.’ In its defense the company has stressed that the data is completely anonymous and that it can not be traced to individuals.
No matter what, privacy advocates from FIPR claim in an
open letter sent March 17th to the governmental Information Commissioner’s Office, that the new ad-serving system should be stopped. A person´s political opinions, sexual preferences and religious views and search terms input on search engines are all recorded by the company´s tracking technology. Without consent. What´s more, FIPR says users are still identifiable from the scanned data content. For instance, web-based emails are included as well as the information entered on social networking sites.
In its letter, FIPR cites the Regulation of Investigatory Powers Act 2000, and the Data Protection Act which it says are violated. It accuses Phorm of classifying data without the content being made available to the person doing the classifying.
Users can opt out of the service, Phorm says, but this statement has caused annoyance rather than understanding, because a computer user would have to go through complicated cookie procedures to avoid being eavesdropped on. “It would be specially objectionable if opting out were to depend on the maintenance by the user of a cookie, since many reasonable users regularly clear all cookies; nor should users be expected to opt out by blocking one or more websites, since many may not understand how to do this or may make errors in trying to do so,” FIPR argues in its letter.
Similar upset
recently occurred in the US, where privacy advocates are voicing concerns to the Federal Trade Commission. The main worries concern DoubleClick (the firm that
Google bought last week for $3.1 billion) and Tacoda Technologies. Both of these firms are collecting data from unsuspecting web surfers. The FTC last December advised that advertisers tell consumers when they collect their information but no regulation is in place. Facebook of course also came in for heavy criticism at that time and it remains to be seen whether it really will brush up its act beyond this week´s
announcement that it is increasing user control over what private information friends are allowed to see.
In the UK, the battle is only just starting. But the country is a lot smaller than the US and that is an advantage for activists who need to wake up the sleeping online demography.
disclosure: Angelique van Engelen writes
reporTwitters, a blog about journalism and Twitter.
