The deal allows ISPs a cut of ad revenue in return for providing
data on customers' web use and has attracted controversy since its
announcement four weeks ago, with some users fearing for their
privacy.
The Information Commissioner's Office (ICO) requested details of
the technology and the deal from Phorm and the ISPs involved, BT,
Virgin Media and Carphone Warehouse.
"At our request, Phorm has provided written information to us
about the way in which the company intends to meet privacy
standards," said an ICO spokesperson. "We are currently reviewing
this information. We are also in contact with the ISPs who are
working with Phorm and we are discussing this issue with them."
The technology takes information about a user's web surfing
habits and delivers that to advertisers so that they can show users
ads that they think are targeted to the user's interests. Though
ad-targeting systems have long been used, they have not till now
used data directly from an ISP. More traditional systems use small
files called cookies, which can be used to record a user's activity
on a single website or across numerous websites that share
an advertising network such as DoubleClick's.
Phorm has said that the information about a user's
activity is not connected to individual identities, which
protects user privacy.
OUT-LAW.COM has sought answers to a series of questions from
Phorm since the announcement of the deal weeks ago, but the company
has not provided answers or made a representative available for
interview.
Company chief executive Kent Ertegrul
told The Register last week, though, that he believes users
should have no privacy concerns.
"The privacy story that it is is about how you can run an
advertising service and store nothing," he said. "Look at what's
happening with Google and the debate about storing stuff for a year
or two – we've come up with a way of storing nothing. If you're
concerned about privacy this is the best thing that's happened.
There's no data mine here."
The company commissioned Simon Davies from privacy pressure
group Privacy International to analyse the technology. He said he
was satisfied that what he saw was sound from a privacy point of
view.
"It is true to say that from everything we saw, and we think we
saw everything, the system seems to not use personally-identifiable
information," he told OUT-LAW.COM. "It works on the basis of a
cookie that seems to have no information on the machine it's
embedded in. I can't see where their system can draw any inferences
or information about the computer or the user."
“The Information Commissioner’s Office has spoken with the
advertising technology company, Phorm, regarding its agreement with
some UK internet service providers," said the ICO spokesperson.
"Phorm has informed us about the product and how it works to
provide targeted online advertising content."
