Contact the ICO
Complaints under the Data Protection Act
The deal between ISPs and Phorm may contravine certain principals of the Data Protection Act (which is monitored and enforced by the Information Comissioner's Office) namely :
Personal information may not be used, held or disclosed
As the ISPs deal with Phorm was concluded and their intent to give a third party access to personal information (namely the detail and content of the websites you visit) without giving users any opportunity to comment in advance or object this may constitute an unfair use of data.
Likewise, while it is acknowledged and understood that ISPs collect clickstream data for their own internal use and to fulfill legal obligations, permission has never been sought nor given by subscribers for this data to be sold commercially.
Finally, the security of Phorm's systems has not been and cannot be verified. Indeed a report by their own audtor indicates that "Because of inherent limitations in controls, error or fraud may occur and not be detected." That does not sound like 'proper security' to me.
So on these grounds alone there should be a case for a complaint under the Data Protection Act. That needs to be made firstly to the ISP (see the previous section on complaining to your ISP) and then to the ICO.
The form needed to complain to the ICO can be found here (pdf). You should read it carefully and remember to sign it before posting! The more people who lodge complaints the more likely the ICO is to investigate the issue so please don't leave it to someone else - your voice counts!
The ICO also has a word version of the complaint form here and can accept online submissions here
Legal note : I am NOT a lawyer. This page constitutes opinion, not legal guidance.
The deal between ISPs and Phorm may contravine certain principals of the Data Protection Act (which is monitored and enforced by the Information Comissioner's Office) namely :
Personal information may not be used, held or disclosed
- unfairly
- for a reason other than the one it was collected for
- without proper security
As the ISPs deal with Phorm was concluded and their intent to give a third party access to personal information (namely the detail and content of the websites you visit) without giving users any opportunity to comment in advance or object this may constitute an unfair use of data.
Likewise, while it is acknowledged and understood that ISPs collect clickstream data for their own internal use and to fulfill legal obligations, permission has never been sought nor given by subscribers for this data to be sold commercially.
Finally, the security of Phorm's systems has not been and cannot be verified. Indeed a report by their own audtor indicates that "Because of inherent limitations in controls, error or fraud may occur and not be detected." That does not sound like 'proper security' to me.
So on these grounds alone there should be a case for a complaint under the Data Protection Act. That needs to be made firstly to the ISP (see the previous section on complaining to your ISP) and then to the ICO.
The form needed to complain to the ICO can be found here (pdf). You should read it carefully and remember to sign it before posting! The more people who lodge complaints the more likely the ICO is to investigate the issue so please don't leave it to someone else - your voice counts!
The ICO also has a word version of the complaint form here and can accept online submissions here
Legal note : I am NOT a lawyer. This page constitutes opinion, not legal guidance.
