Out-Law.com has a good article on the controversy over TalkTalk that incorporates Talk Talk’s rationale in claiming that they are compliant with UK data protection laws. Here’s a snippet:
“Our view is that this is our network and we are looking out from our network to URLs and websites accessed, scanning them all to see if they contain viruses and malware,” said the spokesman.
A TalkTalk employee whose name has been blacked out on the FOI documents to protect their privacy wrote back to Graham, outlining the company’s view that it did not have to inform users because its actions did not fall within the scope of privacy laws.
“We are confident our network testing of the service falls outside the scope of the Data Protection Act 1998, the Privacy and Electronic Communications Regulations 2003 and indeed the data protection regime in the UK,” the employee said in the letter. “The important point is that it is a website URL accessed by our network, not individual customers, that is recorded. We do not look at nor record who is accessing the website as we simply look at where web traffic is routed to on our network.”
Read more on Out-Law.com.