As a network and service provider, it’s important to keep our customers’ information safe so they can communicate freely. By safeguarding our customers’ privacy and security online, we in turn support their right to free expression.
Safeguarding our customers’ privacy
We use a privacy impact assessment tool to build privacy into the design of new products or services. And we closely monitor and manage cybersecurity threats to keep our networks, our customers and their data, secure and private. We have a 3,000-strong team of cyber-experts across 15 security operations centres worldwide to protect our networks and our customers. Their hard work identifying online threats means we block access to over 100 million attempted malware connections every month. We work to develop cyber-security skills and carry out research to improve our ability to protect our customers. We spend approximately £50 million a year on security research and innovation. We also make sure all our colleagues understand their role in data security and what to do if there’s a breach.
We have already put in place several GDPR requirements including:
Balancing privacy and government investigatory powers
Sometimes authorities can legally request access to data or communications to help tackle serious crime or protect national security. In these cases, a government overrides individuals’ right to privacy to protect the security of its citizens. We’re obliged by law to provide information requested under these investigatory powers, but we have processes in place to assess each request carefully. We ask for more information if we have questions about what we’re being asked or want to check the legality of the request.
Our Board-level National Security and Investigatory Powers Committee oversees all our activity in this area, and their terms of reference is available to download. We work with other tech companies and human rights organisations to understand and respond to evolving challenges in this area through the Global Network Initiative (GNI). We’re committed to the GNI Principles on Freedom of Expression and Privacy and completed an independent assessment in 2022 which assessed our performance against these.
We provide more details about the types of requests received by country, together with the latest reported data, in our transparency report.
UK and Global Legal Information (pdf - 426 KB)
Blocking activity in the UK
Below is a summary of where we’ve blocked online activity (or received queries around our blocking and filtering activities) in the UK for 2021.
Number of child sexual abuse material blocked***
‘Phishing sites’ falsely impersonating BT that we closed
Orders received to block content for reasons of copyright infringement
Requests to erase personal data (‘right to be forgotten’)
Parental controls: broadband
Reports received of incorrect website blocking due to parental control tools
sites recategorized after review
Parental controls: mobile
Reports received of incorrect website blocking due to parental control tools****
sites recategorized after review
Relevant laws around the world
We respect rights to privacy and free expression in every country we work in. In the most part, outside the UK, we provide voice, data and internet access to multinational companies and other organisations around the world. So in this section, we summarise the legal situation in the 20 countries where we do most of our business outside the UK.
Lawful interception, data disclosure and blocking requests worldwide
Addressing online harms and illegal content
We support people’s right to express themselves. So we won’t block access to material online unless it’s illegal, such as images of child sexual abuse flagged by the Internet Watch Foundation. We provide data about the material and sites we’ve blocked in the UK in our transparency page. We also offer parental controls for our products and work with Internet Matters to help parents keep their children safe online.
BT privacy and free expression report 2019 (pdf - 2.28 MB)
Privacy and free expression in UK communications 2015 (pdf - 2.12 MB)
*In Switzerland we block websites as mandated in two online lists published by the gambling authorities.
**In the UK, secrecy rules under the Investigatory Powers Act 2016 prevent operators from confirming or denying the existence of certain investigatory powers requests. With industry, we’ve considered whether the Investigatory Powers (Disclosure of Statistical Information) Regulations 2018 provide any additional avenue for disclosure. BT’s view is that the current approach (where IPCO discloses information centrally, on behalf of all industry) is the better approach to give a full and timely picture, although we do discuss with IPCO how to improve the effectiveness of such reporting. We keep the extent of our disclosures in this area under review and are looking to publish additional data in relation to blocking requests we receive from law enforcement in the UK in future reporting .
*** This is the average daily number of webpages on the IWF’s URL List – see IWF’s annual report for further information about child sexual abuse imagery blocking in Europe.
**** This includes reports received following adjudication by the British Board of Film Classification.