BT tested secret “spyware” on tens of thousands of its broadband customers without their knowledge, it admitted yesterday.
It carried out covert trials of a system which monitors every internet page a user visits.
Companies can exploit such data to target users with tailored online advertisements.
An investigation into the affair has been started by the Information Commissioner, the personal data watchdog.
Privacy campaigners reacted with horror, accusing BT of illegal interception on a huge scale. Yesterday, the company was forced to admit that it had monitored the web browsing habits of 36,000 customers.
The scandal came to light only after some customers stumbled across tell-tale signs of spying. At first, they were wrongly told a software virus was to blame.
Executives insisted they had not broken the law and said no “personally identifiable information” had been shared or divulged.
BT said it randomly chose 36,000 broadband users for a “small-scale technical trial” in 2006 and 2007.
The monitoring system, developed by U.S. software company Phorm, accesses information from a computer.
It then scans every website a customer visits, silently checking for keywords and building up a unique picture of their interests.
If a user searches online to buy a holiday or expensive TV, for example, or looks for internet dating services or advice on weight loss, the Phorm system will add all the information to their file.
One BT customer who spotted unexplained problems with his computer was told repeatedly by BT helpdesk staff that a virus was to blame.