Privacy & Information Security Law Blog

On October 29, 2009, the European Commission (the “Commission”) proceeded to the second phase of infringement proceedings against the UK relating to the UK’s implementation of EU e-privacy and personal data protection laws.  EU Member States must ensure the confidentiality of communications by prohibiting interception and surveillance without user's consent.  The Commission maintains that the UK has failed to fully implement these requirements into its national laws and has identified three specific flaws in the existing UK laws governing the confidentiality of electronic communications:

• The UK does not have an independent national authority responsible for (i) supervising the interception of communications and (ii) complaints about unlawful interception of electronic communications, despite the requirement to this effect contained within EU laws and imposed on Member States;

• UK national laws permit the interception of communications not only where the persons concerned have consented to interception, but also when the person intercepting the communications has “reasonable grounds for believing” that consent has been given.  The Commission believes that these provisions do not comply with the EU concept of “consent,” which must be a freely given, specific and informed indication of a person’s preferences or wishes; and,
• under UK law, only “intentional” interception is prohibited and may be sanctioned, whereas EU laws require Member States to prohibit and sanction any unlawful interception, irrespective of whether it is intentional.

The Commission has confirmed that it is sending a “reasoned opinion” to the UK as a result of the UK government’s failure to take positive action to comply fully with the EU e-privacy and data protection laws.  The reasoned opinion will set out the grounds for the legal proceedings being taken by the Commission and will require the UK to address the issues raised by a specified date; failing to do so may result in the Commission commencing formal proceedings in the European Court of Justice.  The UK has been given two months to provide the Commission with a “satisfactory response” to the proceedings.

Editor's Note:  These proceedings originally commenced in April 2009 following numerous complaints about the use of behavioral advertising technology by internet service providers.