All five UK mobile phone networks have monitored users' web surfing habits and submitted the data to an industry body to help generate advertising. Users' permission was not sought but the GSM Association says the project did not break privacy laws.
Industry body the GSM Association (GSMA) hired media monitoring company comScore to analyse the mobile phone surfing habits of UK users using data gathered directly from the networks. The data was anonymised and used to produce a list of the most visited sites by mobile internet users.
A storm of controversy was generated last year by technology developed by a company called Phorm. It works with internet service providers (ISPs) to monitor the browsing habits of their customers and deliver them highly-targeted advertising when they visit participating websites.
Phorm's technology was trialled by BT on some of its ISP customers, without the customers being asked to consent to their web use being monitored. That trial angered many privacy advocates, though a subsequent trial has been run in which participants gave consent.
The GSMA's director of media and entertainment, Henry Stevens, said that the technology and its aims were quite different from those of Phorm and the ISPs it worked with.
"This is about creating aggregated results about website traffic, like TV ratings audience research or press circulation figures," he said. "We are not engaged in trying to serve particular ads to particular individuals."
Stevens said that the mobile networks take the traffic data and remove the internet protocol (IP) address and the mobile phone number, because these are personal identifiers. The traffic data is given a new identifier and passed to comScore. There, its identifier is changed again to further anonymise it, he said.
"The non-relevant information is then removed from the URL [website address]; a unique URL that might identify someone will not be processed, only things that have been accessed multiple times will be processed," said Stevens.
That information is then used to build the chart of the most popular websites as ranked by visits from mobile devices.
The GSMA has also published demographic data about the kinds of users that use certain sites, but Stevens said that this comes from a totally separate, more traditional market research firm with a pool of people who opt-in to their traffic being surveyed.
The GSMA said in a statement that the data would allow advertisers to get a far clearer picture of how mobile phone users use the internet and which sites are popular.
"The output of the GSMA's Mobile Media Metrics programme will allow brands, publishers and agencies access to rich, aggregated user behaviour data, enabling comparison with other media," said the GSMA statement. "For example, mobile users accessing Facebook spend an average of 24 minutes per day on the site, similar to the 27.5 minutes spent by PC users. Mobile users on Facebook averaged 3.3 visits per day versus 2.3 visits per day by PC users."
The GSMA hopes that this data will help to boost the till-now slow growth of mobile internet advertising.
The controversy surrounding Phorm centred on consent, which was needed because communications were being intercepted.
Stevens said that the GSMA's process does not raise the same issues.
"This is not on an opt-in basis because there is no personal information involved," he said. "The information we are dealing with does not fall under the definition of personal data in the Data Protection Act."
Privacy law expert Rosemary Jay of Pinsent Masons, the law firm behind OUT-LAW.COM, said that the system does not seem to raise major privacy problems, according to Stevens' description.
"A common sense litmus test is: could this technology be used for something invasive, is it disproportionate and unfair?" she said. "I think in this case the answer is no – it is so highly anonymised and could not feed back to individuals."
The mobile networks are still processing the personal web traffic data of their subscribers without their knowledge of permission in order to anonymise it. Stevens denied that this processing is in contravention of the Privacy and Electronic Communications Regulations (PECR).
"As I understand it the processing of electronic information for the purposes of anonymising it is an allowable form of processing," he said.
Jay said that the law did not state that, but that in practical terms it was unlikely to be a major issue.
"There is nothing in PECR that says one way or another that anonymising is use of the data, but I think you would be hard pressed to persuade a court to criticise it," she said.