Privacy Groups Warn On ISPs’ ‘Widespread’ Use Of Deep Packet Inspection

Privacy campaigners have accused some 186 European internet service providers, including major mobile network operators, of making illicit use of deep packet inspection (DPI) and flouting EU net neutrality regulations on the issue.

A group of 45 NGOs and academics from 15 countries said ISPs’ actions, and national telecoms regulators’ failure to enforce rules that have been in place since 2016, means network neutrality is increasingly being worn away.

DPI is widely used across Europe in order to offer zero-rating packages, commercial promotions that omit certain services from data caps, said the organisations, led by digital rights group EDRI.

“With the proliferation of zero-rating in all but two European countries, the industry has started to deploy DPI equipment on a large scale in order to charge certain data packages differently or to throttle services and cram more internet subscribers in a network already running over capacity,” they said in an open letter to EU authorities.

Image credit: European Commission


In a separate statement, EDRI said most regulators had “so far turned a blind eye” to the use of packet inspection.

“Instead of fulfilling their enforcement duties, they seem to now aim at watering down the rules that prohibit DPI,” the group said.

Aside from its use to undermine network neutrality, the groups said deep packet inspection has worrying privacy implications, since it involves the analysis of which websites and services users access.

“The evaluation of these types of data can reveal sensitive information about a user, such as preferred news publications, interest in specific health conditions, sexual preferences, or religious beliefs,” they said in the letter.

Data protection

The groups referred to an analysis in January 2019 by campaign group that found 186 European ISPs were employing DPI, in spite of net neutrality rules prohibiting it.

National communications regulators do not appear to be working with data protection authorities on the privacy implications of DPI, the letter said.

“We observe a lack of cooperation between national regulatory authorities for electronic communications and regulatory authorities for data protection on this issue,” the groups wrote.

“Given the scale and sensitivity of the issue, we urge the Commission and BEREC (the Body of European Regulators for Electronic Communications) to carefully consider the use of DPI technologies and their data protection impact in the ongoing reform of the net neutrality regulation and the guidelines,” the letter reads.

The EU and national telecoms regulators are currently negotiating new net neutrality rules behind closed doors, with a public consultation expected this autumn and final rules to be decided in March of next year.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Warns Of Italian Spyware On Apple, Android Phones

Italian company's hacking tools have been used to spy on Apple, Android smartphones in Italy…

19 hours ago

Intel Signals Delay To Ohio Factory Over US Chips Act Dispute

Chip maker warns new factory in Columbus, Ohio could be delayed or scaled back, over…

19 hours ago

Silicon UK In Focus Podcast: Sustainable Business

How do sustainable businesses use technology to innovate? And as businesses want to connect sustainability…

21 hours ago

Australia Fines Samsung Over Water-Resistance Claims

Samsung rapped over the knuckles by Australian regulator because of 'misleading' Galaxy smartphone water-resistance claims…

1 day ago

Amazon Reveals Alexa Option To Mimic Any Person’s Voice

Bereavement aid for those in mourning? Amazon's Alexa voice assistant could be programmed to sound…

1 day ago