Phorm says its system will have security benefits
A system that matches users' web surfing habits to adverts must ensure sensitive sites are black-listed from tracking, a privacy report has said.
Phorm's online technology is set to be rolled out by three of the UK's biggest ISPs, BT, Virgin and Talk Talk.
The report commissioned by Phorm and carried out by two respected privacy campaigners said sensitive user data should not be collected by the tool.
Phorm has been widely criticised and one policy group argued it was illegal.
The system works by tracking keywords on websites visited by users of the participating ISPs and then matching those words to advertising "channels".
Users would then receive online advertising that matched their surfing habits on websites that had signed up with Phorm.
E-mails, credit card details and information on secure websites would not be tracked and analysed, Phorm has said.
But the interim privacy impact assessment report, written by Simon Davies and Gus Hosein, of 80/20 Thinking Ltd, said the company should go further.
It said: "Information from websites and queries regarding sexual content, political preferences, medical health, racial origin should be blocked from processing.
"Similarly, as profiles are developed Phorm should communicate openly whether profiles and channels will match information of this type, e.g. matching pharmaceuticals with web activity that searches for anti-depressants."
The report also called on the tool to disregard data collected from website addresses so that ISPs could not, in theory, learn about their customers' commercial preferences, such as which bank or insurance company they use.
It said: "If this information was to be logged by an ISP this would make users feel spied upon because their ISP would know which services he or she makes use of.
"Phorm must ensure that it is not using information about these sites in any way."
The report praised the firm's stance in protecting user identity by not collecting and storing data which could personally identify consumers.
Phorm places a cookie on a customer's computer with a unique identifier, but with no personal details stored.
The report asked Phorm: "Can cookies lead back to users in any way? Of course it is merely a unique identifier but a unique identifier can still be linked to individuals.
"Can an external attacker gain access to the required information to re-link the individual and the unique identifier?"
The report also urged the company and ISPs to make the system opt-in, so that users choose to use the service.
Talk Talk has said its system will be opt in while Virgin and BT have yet to make a decision.
Earlier this week, policy group the Foundation for Information Policy Research wrote an open letter to the Information Commissioner arguing that Phorm contravened the Regulation of Investigatory Powers Act 2000 (Ripa), which protects users from unlawful interception of information.
The creator of the web, Tim Berners-Lee, has also voiced his concern.
He told BBC News that he would change his ISP if it planned to track his web surfing habits in order to target adverts.
Mr Davies told the BBC that the full privacy report would be published after the authors had spoken to the ISPs using Phorm's technology.
A Phorm spokesman said publication of the report reflects the company's commitment to transparency, a desire to consult widely about the system, and to communicate how it works.
"The report rightly praises our incorporation of privacy as a key design component, and is part of an ongoing process.
"Since this preliminary, initial report was written several weeks ago, we have addressed several claims in it.
"Among them, we have confirmed to 80/20 Thinking that Webwise does not track behaviours across sensitive sites including ones named in the report, that anonymous cookies it uses cannot be traced back to users, and that Webwise deliberately ignores https pages used by banks, and other personal data,¿ he said.