The European Commission has decided to refer the United Kingdom to the Court of Justice for not fully implementing EU rules on the confidentiality of electronic communications such as e-mail or Internet browsing. Specifically, the Commission considers that UK law does not comply with EU rules on consent to interception and on enforcement by supervisory authorities. The EU rules in question are laid down in the ePrivacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC. The infringement procedure was opened in April 2009 (IP/09/570), following complaints from UK internet users notably with regard to targeted advertising based on analysis of users’ internet traffic and arose as a by-product of arguments about Phorm. The Commission previously requested the UK authorities in October 2009 (IP/09/1626) to amend their rules to comply with EU law.
The Commission launched the legal action against the UK in April 2009 following complaints about how the UK authorities had dealt with their concerns about the use of behavioural advertising by ISPs (targeted advertising based on prior analysis of users’ internet traffic). These complaints were handled by the UK’s ICO and the police forces responsible for investigating cases of unlawful interception of communications.
The Commission considers that existing UK law governing the confidentiality of electronic communications is in breach of the UK’s obligations under the ePrivacy Directive 2002/58/EC and the Data Protection Directive 95/46/EC in three specific areas:
- there is no independent national authority to supervise the interception of some communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications
- current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as ‘freely given, specific and informed indication of a person’s wishes’
- current UK law prohibiting and providing sanctions in case of unlawful interception are limited to ‘intentional’ interception only, whereas EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.
