EE 4G Customer Data ‘Offered To Police’

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

EE is accused of betraying customers’ trust but it firmly denies it has done nothing of the sort

EE has received a tongue lashing from privacy campaigners after customer data it passed on to Ipsos Mori was offered to police.

The telecoms giant allegedly sold customer details, including gender and age information, postcodes and communications data, to the analytics company, which was then offered to the Metropolitan Police, according to The Sunday Times.

The Met confirmed to TechWeekEurope it held an initial meeting with Ipsos Mori to discuss whether their research could “assist with tackling crime in London”.

“The MPS has made no offer to purchase data from Ipsos Mori nor has any intention of doing so,” a spokesperson said.

EE data for sale

EE Store 2The Met may have been put off by the quality of the data, which was believed to contain limited comms information, which police are keen to get their hands on for investigations as it tells them who called who, from where and when.

However, Ipsos Mori evidently thought it was sitting on information that would have been valuable enough for law enforcement use. TechWeekEurope asked Ipsos Mori for more details on the meeting with the Met, but the company had not responded at the time of publication.

Google had also reportedly shown an interest in using the data, but it also had not responded to a request for comment at the time of publication.

EE and Ipsos Mori both sternly denied the accusations personal data was passed on, saying the information was anonymised and they had not breached the Data Protection Act. They said the information was used to better understand customer trends

“The suggestion that we sell the personal information of our customers to third parties is misleading to say the least,” an EE spokesperson said.

“The information is anonymised and aggregrated, and cannot be used to identify the personal information of individual customers. We would never breach the trust our customers place in us.”

Ipsos Mori said it only ever handled data in chunks of 50 or more customers. It said it did not have access to names, personal addresses, postcodes and phone numbers, nor detail of individual visits to websites.

The companies’ defences have not convinced privacy advocates, however, who have called for fresh laws to stop businesses selling customer data.

“This data can paint an incredibly detailed picture of your life, and the idea that because names were omitted it is somehow acceptable to cash in is frankly offensive to EE customers whose privacy has been sold out on a spectacular scale,” Nick Pickles, director of the Big Brother Watch, told TechWeekEurope.

“Customers are kept in the dark about how much information is collected, how long it is stored and how it can be used and the law needs urgently strengthening to give consumers proper control over this data and to ensure companies are not prepared to do shady deals like this.

“I suspect EE is not the only company looking to cash in on our our private lives like this.”

Danvers Baillieu, lawyer and COO at VPN provider HideMyAss, added: “It is true that ‘Big Brother’ is watching users going about their lawful, private business whether on smartphones or computers.

“It is all the more disturbing that major consumer brands such as EE are enthusiastic participants in such monitoring for their own commercial benefit.”

UPDATE: The Information Commissioner’s Office (ICO) said the regulator would not be investigating the matter, as it had spoken to the companies and is convinced they are acting legally.

“We have spoken to Ipsos Mori and Everything Everywhere who explained that the information being sold is anonymised and aggregated, and so should not allow for a specific individual to be directly or indirectly identified, in line with our ‘Anonymisation Code of Practice’ which provides guidance on managing data protection risk when anonymising data,” a spokesperson said.

“We have no plans to take any further action at this stage.”

Ipsos Mori has also responded to our request for comment, explaining its relationship with the Met. “We are talking to a range of public bodies as well as the private sector about analysing network usage to understand population flows, traffic patterns etc. as well as web usage – the Met police are one of these bodies,” a spokesperson told TechWeek.

“It was a general discussion about how a new area of analysis might be helpful in better communications and understanding population flows in London – not about targeting any individuals – all the personal data remains with EE securely, and Ipsos Mori will never ever release data that allows an individual to be identified.

“To be quite clear, we do not have direct access to EE’s database. They share anonymised and aggregated data to us in response to certain projects – we could never extrapolate the levels of detail suggested by the Sunday Times.”

Are you a pedant on privacy issues? Try our quiz!

Read also :