As a network and service provider, it’s important to keep our customers’ information safe so they can communicate freely. By safeguarding our customers’ privacy and security online, we in turn support their right to free expression. 

Safeguarding our customers’ privacy

When people go online they create data which can reveal details about their lives. Web browsing history, for example, could paint an intimate picture of a person. We have access to that data and use it lawfully to help us provide services, as long as our customers are happy for us to do that. (There’s more about how we do this in our privacy policy, including details on the personal information we hold, what we do with it, and why).

We carry out privacy impact assessments to build privacy into the design of new products or services by identifying the privacy risks and taking steps to minimise those risks. And we closely monitor and manage cybersecurity threats to keep our networks, our customers and their data, secure and private. We have a 3,000-strong team of cyber-experts across 15 security operations centres worldwide to protect our networks and our customers. Their hard work identifying online threats means we block access to over 100 million attempted malware connections every month. We work to develop cyber-security skills and carry out research to improve our ability to protect our customers. We spend approximately £50 million a year on security research and innovation. We also make sure all our colleagues understand their role in data security and what to do if there’s a breach.

 

 

Carrying out privacy impact assessments

Our process enables us to identify and minimise privacy risks, and ensure that our products and services comply with privacy requirements.

Regional data privacy leads

We have data privacy leads in key regions outside the UK. They are managed by our Group Data Protection and Ethics Officer in London. 

Using binding corporate rules

These are a way to transfer data internationally within the same group of companies. We are the only UK communications services company to have had these approved, and only the second in Europe.

Balancing privacy and government investigatory powers

Sometimes authorities can legally request access to data or communications to help tackle serious crime or protect national security. In these cases, a government overrides individuals’ right to privacy to protect the security of its citizens. We’re obliged by law to provide information requested under these investigatory powers, but we have processes in place to assess each request carefully. We ask for more information if we have questions about what we’re being asked or want to check the legality of the request.  

Our Board-level National Security and Investigatory Powers Committee oversees all our activity in this area, and their terms of reference is available to download. We’re committed to Freedom of Expression and Privacy and completed an independent GNI assessment in 2022 which assessed our performance against these.

We provide more details about the types of requests received by country, together with the latest reported data, in our transparency report. 

Blocking activity in the UK

Below is a summary of where we’ve blocked online activity (or received queries around our blocking and filtering activities) in the UK for 2023. 

0

Number of child sexual abuse material URLs blocked***

0

‘Phishing sites’ falsely impersonating BT that we closed

0

Orders received to block content for reasons of copyright infringement

0

Requests to erase personal data (‘right to be forgotten’)

Parental controls

0

Reports received of incorrect website blocking due to parental control tools

UK-US Data Access Agreement

0

Number of requests received under UK-US Data Access Agreement

View of Europe from space

Relevant laws around the world

We respect rights to privacy and free expression in every country we work in. In the most part, outside the UK, we provide voice, data and internet access to multinational companies and other organisations around the world. So in this section, we summarise the legal situation in the countries where we do most of our business outside the UK.

Addressing online harms and illegal content

We support people’s right to express themselves. So we won’t block access to material online unless it’s illegal, such as images of child sexual abuse flagged by the Internet Watch Foundation. We provide data about the material and sites we’ve blocked in the UK in our transparency page. We also offer parental controls for our products and work with Internet Matters to help parents keep their children safe online.

*In Switzerland we block websites as mandated in two online lists published by the gambling authorities
**In the UK, secrecy rules under the Investigatory Powers Act 2016 prevent operators from confirming or denying the existence of certain investigatory powers requests. With industry, we’ve considered whether the Investigatory Powers (Disclosure of Statistical Information) Regulations 2018 provide any additional avenue for disclosure.  BT’s view is that the current approach (where IPCO discloses information centrally, on behalf of all industry) is the better approach to give a full and timely picture, although we do discuss with IPCO how to improve the effectiveness of such reporting. We keep the extent of our disclosures in this area under review and are looking to publish additional data in relation to blocking requests we receive from law enforcement in the UK in future reporting . 
*** This is the average daily number of webpages on the URL List (iwf.org.uk) – see Internet Watch Foundation (IWF) Annual Report 2023 for further information about child sexual abuse imagery blocking in Europe. 
**** This includes reports received following adjudication by the British Board of Film Classification.