Half of UK sites ‘flout data laws’

Half of the UK’s most popular consumer websites are using customers’ information to drive unsolicited email marketing campaigns, in breach of data protection legislation, according to a new study.
Researchers from Brunel University in London and from the University of Reading found that 48 out of 100 most popular websites use personal information to send out commercial emails, even when customers have expressly refused to give their consent.
Only one out of six websites has an opt-in consent system in place, with the vast majority expecting customers to opt-out, which is in direct contravention of EU data protection laws, according to the study.
The researchers, Dr Maurizio Borghi and Dr Federico Ferretti from Brunel and Dr Stavroula Karapapa from Reading, also found evidence that sites collect personal information that is not relevant for the completion of the contract between them and the customers, and that they frequently sell on this data to third parties for direct marketing purposes.
“We were surprised to find that a large number of popular UK websites do not have a system that complies with EU data protection,” said Dr Borghi. “We don’t think that this is because they are deliberately flouting the law. It is more likely that they just don’t know what it says.”
Under EU legislation data protection is a fundamental right, but, said Dr Ferretti: “It seems that the law isn’t being implemented or supervised to an acceptable standard in the UK. Our research suggests that there is a link between this more relaxed approach towards data protection and the unlawful processing of personal data, such as unsolicited commercial emails, or even profiling.”
Dr Karapapa added: “Ticking a box is not a trivial matter. When registering to watch a movie or to buy a train ticket, or to go to the theatre, we have to provide data to complete the transaction. It is a legal requirement that the use of this information should not exceed what we have consented to. Our survey indicates that this requirement is not being respected”.
The researchers, a team of academics and students at Brunel Law School, collected their data in 2011to 2012 by registering with a sample of top consumer websites using assumed identities with valid email accounts, addresses and mobile phone numbers. Software was created to monitor unsolicited emails sent to all the accounts.