EU Commission monitors Virgin
The European Commission will closely monitor planned trials of deep packet inspection (DPI) which will be used by Virgin media to monitor the amount of illegal file sharing in its network. No personal or identifying data will be collected or stored, but the system could potentially be modified in the future to support this.
Privacy International does not see DPI as a legal thing for Virgin to do, and has advised that it would lodge a criminal complaint against Virgin if it goes ahead with the trial as it believes that under RIPA, ISPs don’t have the right to monitor communications without consent or a court order. Similar complaints happened when BT ran it’s trial of Phorm, and the City of London Police did not deem that any wrong doing had occurred. The European Commission weren’t impressed with the way the trial was run and opened its own investigation in to how the UK are implementing European data protection laws.
The Commission has identified three gaps in the UK law so far. First, there is no independent national authority to supervise the interception of communications, required under the ePrivacy and Data Protection Directive. The RIPA act authorises interception of communications where the party has reasonable grounds for believing that consent has been given which doesn’t comply with EU rules defining consent. The RIPA act also only prohibits interception where it intentionally occurred, rather than the EU law that requires Member States to prohibit any unlawful interception.
Although Virgin may or may not fall foul of current UK law as it stands, they may do so of EU law, but until the UK pull their foot out and fix things up to EU standards, there may not be any sanctions except financial penalties to the UK government for not conforming to EU law.