European regulators have dropped a legal case against the U.K. over failure to implement ePrivacy laws, saying that changes in the country's legislation mean it is now looking after the online privacy rights of its citizens.
The case was launched in April 2009 following several complaints to the European Commission about the use of behavioral advertising software by ISPs and about how the U.K.'s personal data protection authority, the U.K. Information Commissioner's Office, had handled complaints. The software, from a company called Phorm, works by constantly analyzing people's Web surfing to determine their interests and then deliver targeted advertising to them when they visit certain websites.
The E.U. directive on privacy and electronic communications requires E.U. member states to ensure confidentiality of communications by prohibiting unlawful interception and surveillance unless users have given "free and informed consent." Article 24 of the law also requires countries to establish appropriate sanctions for infringements.
In September 2010, the Commission referred the case to the European Court of Justice. Shortly afterward the U.K. amended its Regulation of Investigatory Powers Act (RIPA) by removing references to "implied consent." U.K. authorities also established a new sanction against unlawful interception and breaches of confidentiality in electronic communications, which previously fell outside the scope of RIPA.
The new sanction is administered by the Interception of Communications Commissioner (ICC), who has published information about how these new powers will operate in practice. Closing the infringement case on Thursday, the European Commission said it believes "U.K. law and institutions are now well-equipped to enforce the privacy rights of U.K. users."