There are a number of stark similarities between things listed in the letter, and existing (widely accepted) practices:
...data may include sensitive personal data, because it will include the search terms entered by users into search engines, and these can easily reveal information about such matters as political opinions, sexual proclivities, religious views, and health.
So: according to fipr, search queries are 'sensitive personal data'.
Many users will also be identifiable from the content of the data scanned, since it will include email sent or retrieved by users of web-based email
That doesn't sound too far from ads in gmail to me.
Of course, Phorm's proposed system is more much wide reaching, but there does seem to be some potential to tread on a few other toes.