The Information Commissioner's Office (ICO) asked for clarifications from TalkTalk about trials of URL scanning technology recently performed by the Internet service provider.
TalkTalk plans to roll out a malware protection service later this year, which will alerts its customers when trying to access a malicious URL.
The ISP has recently been testing the technology on its live network, scanning the URLs accessed by its customers in order to build a blacklist.
"I should be grateful first of all if you could clarify how the monitoring takes place. While I recognise that the aim of the service is to protect users from websites containing malicious software, it is still important that it does so within the law
," Information Commissioner Christopher Graham, wrote in a letter
(PDF) to TalkTalk representatives.
He also expressed concern about the fact the customers were not notified of the tests in advance, especially since precedents like BT's testing of Phorm technology resulted in tension
between the European Commission and the UK government.
"I am concerned that the trial was undertaken without first informing those affected that it was taking place
," Mr. Graham wrote.
"[…] I am dissapointed to note that this particular trial was not mentioned to my officials during the latest of our liaison meetings
," he added.
In response the ISP explained that the service scans all URLs requested by its network for threats, but does not track which customers tried to access them.
"[…] We are not during the network testing intercepting, monitoring, following or tracking individual customer data, IP addresses, user names, addresses or in anyway collecting any information that could be constructed as personal data
," the TalkTalk representatives stressed.
Furthermore, it is noted that the company plans to make the service available for free later this year and customers will have the option to opt out from having their Web traffic filtered through the malicious URL blacklist.