Is the joint venture between the UK's biggest telcos going to cause a customer backlash, and is it against the law?
When the UK's three biggest mobile operators, O2, Vodafone and EE, decided to band together to create the joint venture Project Oscar, the move had tongues wagging, particularly given the difficulty it had securing permission from the European Commission (EC) to launch its mobile payment service.
Nearly two years on, and having at last gained approval from the EC, the telcos have launched the m-payment service, now called Weve, in association with MasterCard. But they haven't stopped there: the companies have also released details about a new mobile display advertising service that Tesco is trialling. The service aims to deliver targeted ads to mobile users using anonymised information gathered from the telecoms firms' customers.
Gartner analyst Carsten Casper said the joint venture's services remind him of an online privacy scandal that broke out between BT and contextual advertising software provider Phorm several years ago.
Phorm's idea was to intercept all of the web pages that BT, TalkTalk and Virgin Media customers visited, scan them for keywords and build up a picture of the customer's interests. Then, Phorm would target advertising on websites that had signed up to Phorm's system. The problem was that they did it without the consent of many users, resulting in investors backing out of Phorm, which has since retreated from the UK market. The Home Office then published changes to the Regulation of Investigatory Powers Act to close loopholes around interception by private companies, and both Phorm and BT were lucky to escape punishment.
In retrospect, any telco would be brave to enter a space that is entangled with privacy issues - but according to Weve CEO David Sear (pictured), privacy is at the forefront of all three telcos' thinking.
"We believe we are creating a new standard in privacy, because it is difficult for consumers who don't really know what the deal is, they don't know whether they are giving that data to someone and if that data is being used responsibly, and who has access to their identity," he told Computing.
"Whatever happens with a consumer's data they always remain anonymous, so the advertiser might know they're a particular age, sex and their experience but they won't know who they are; they will know where they live but not down to the level where they will be able to identify exactly who the person is. So we've created software as a shield that stops that data moving beyond Weve," he added.
And this is all legally above board, as long as consumers have given their consent to it, according to Ann Bevitt, data protection lawyer at Morrison Foerster.
The Data Protection Act does not apply because we're talking about anonymised data, she said, but the Privacy and Electronic Communications Regulations do.
"There has to be informed consent and there are two ways of getting it: one is where someone ticks a box to say I consent and the other is a soft opt-in whereby Tesco obtains the consumers' details and as part of the registration process they get my mobile number and they send me a message for a similar product," she explained.
"But if you put the telecoms companies back into the equation, then I'm not sure if there can be a soft opt-in because it is not a similar product [to phone contracts] that they are offering, so it is likely that it has to be an actual opt-in," she said.