SAYNOTO0870.COM

tadg

Newbie

Offline

Posts: 11
UK

Re: 118800.
Reply #30 - Jul 13^th, 2009 at 4:04pm

ran out of space ....

Given that the company is unable to meet requests to verify, correct or withdraw their data under Regulation 18(5) of the PECRs then you may wish to complain about this to the ICO.

Also be aware that the company captures your calling line identity (CLI) when calling 118800 even when you have specifically withheld your CLI. It seems that something may have been done to override the requirements of the PECRs and the OFCOM Guidelines on CLI.

Regulation 10 of the PECRs states that for outgoing calls: "The provider of a public electronic communications service shall provide users originating a call by means of that service with a simple means to prevent presentation of the identity of the calling line on the connected line as respects that call." E.g. the 141 facility provided on BT phones. This CLI restriction cna only be overridden in the case of emergency calls or where a call is subject to an interception warrant - full stop!

Back to top

IP Logged

sherbert Supreme Member Offline Posts: 2,011 Gender:	Re: 118800. Reply #31 - Jul 13^th, 2009 at 8:07pm A good read here and towards the bottom are some comments http://www.theinquirer.net/inquirer/news/1433346/118800-knocked
Back to top	IP Logged

Dave

Global Moderator

Offline

Posts: 9,902
Yorkshire
Gender: male

Re: 118800.
Reply #32 - Jul 14^th, 2009 at 12:58am

tadg wrote on Jul 13^th, 2009 at 3:55pm:

It is a fact that the 118800 service does not fall under any definitions of the above regulatory framework and so is NOT entitled to access OSIS data or receive data from OSIS or the mobile operators.

The 118800 service is a purely private system. Ask yourself why someone should need to become ex-directory in this service if they are already ex-directory in the national OSIS database? How many times should someone need to opt-out (never because it should be opt-in)

So if it does not fit the definition of a "directory enquiries" service, then why has it been allowed to operate on a 118xxx number? Does this set a precedent for other non-DQ services to use 118xxx numbers?

tadg wrote on Jul 13^th, 2009 at 3:55pm:

… This seems quite clear that the party collecting your data should have told you about the 118800 service and given you the clear opportunity to agree - either by an opt-in box or by an opt-out box (depending on whether they published a clear and prominent notice at the time they collected your data). It seems to me that opt-in consent is required for the purposes of this directory.

How can you know who collected your data if it is in 118800's database?

Furthermore, how can the company that collected your data from you in the first place be sure that, when it sells the data on, that the company buying it will not be using it for a DQ service? And what about if that company in-turn sells it on?

Back to top

IP Logged

SilentCallsVictim

Supreme Member

Offline

aka NHS.Patient, DH_fairtelecoms

Posts: 2,494

Re: 118800.
Reply #33 - Jul 14^th, 2009 at 4:23am

tadg wrote on Jul 13^th, 2009 at 4:04pm:

... This CLI restriction can only be overridden in the case of emergency calls or where a call is subject to an interception warrant - full stop!

Sorry to be picky as we are essentially on the same side, however my nickname gives away some experience in dealing with this very specific matter.

It was indeed widely thought that a warrant was necessary, until I drew the attention of BT and Ofcom to the provisions of regulation 15, which qualifies regulation 10 (there is no "full stop"). This specifies that "a person with a legitimate interest" may see withheld CLI, not only someone holding a warrant. It had been assumed that the only way of establishing such an interest was by obtaining a specific warrant, or being a warranted Police Officer.

In late 2003, I persuaded BT to confirm to Ofcom (early in 2004) the source of traced Silent Calls to me. Clearly Ofcom has a legitimate interest relating to nuisance calls where it is seeking to use its statutory powers under section 128 of the Communications Act. The BT Nuisance Calls Bureau accepted this as a point of principle and adjusted its standing procedures so that traced call data can be passed to Ofcom and the ICO, as well as the Police and Officers of a court, on request. Other NCB could follow the same procedure.

This has no relevance to the position of 118800, however I was troubled on reading the "full stop" with reference to other situations. Nuisance callers who are not committing a criminal act (e.g. Silent Callers not yet subject to an injunction) cannot hide their identity by withholding their CLI.

I am genuinely sorry to find myself being such an anorak on these topics; I hope that this information is helpful.

Dave wrote on Jul 14^th, 2009 at 12:58am:

So if it does not fit the definition of a "directory enquiries" service, then why has it been allowed to operate on a 118xxx number?

It seems that different determinations on this point have been made by different bodies.

Clearly it has passed the self-defined criteria of Ofcom and PhonePay Plus to qualify as a directory enquiry service, however, as indicated in my earlier posting, the ICO has apparently not yet seen fit to make a similar determination.

Whilst Ofcom and PhonePay Plus need only consider the rules that they have determined for themselves, the Information Commissioner must have regard to the specific statutory regulations (PECR), which do not permit any exercise of discretion.

I fear, or rather I fear that the ICO fears, that this point may need to be tested in the courts.

The determinations of Ofcom and PhonePay Plus, as well as the self-definition of the service would undoubtedly have a bearing on any proceedings, however they cannot be assumed to compel the result. To make matters worse, it must be remembered that the PECR 2003 is only the UK implementation of the EU Directive 2002/58/EC. The possibility of the matter being decided by the ECJ therefore cannot be dismissed.

Fellow anoraks may wish to refer to article 12 and recitals 38-40 of the Directive on privacy and electronic communications, as they consider the relevant components as implemented in the Privacy and Electronic (EC Directive) Regulations 2003.

Dave wrote on Jul 14^th, 2009 at 12:58am:

How can you know who collected your data if it is in 118800's database?

This is easy - you cannot, unless that data can only have come from one source.

I understand that interested parties do keep an eye on these things by deliberately placing fictitious or inaccurate details onto particular lists. When those details are used by someone other than the person to whom it was given then the source is revealed.

Very many years ago, I learned that the BT Phone Book contains some credible but utterly spurious entries, so that illegitimate copying of the published version can be identified.

Thinking of this, I considered always adding a distinct spurious extra initial, flat number or house name to my details, choosing a different one for each occasion. This could assist in ensuring that the source of any mailings would be obvious to me. As my details are published (accurately) in the telephone directory however, this would only be of interest, rather than having any true benefit. Those who seek to protect themselves from all unsolicited communications may wish to consider this.

Back to top

@fairtelecoms (tweets)

IP Logged

tadg

Newbie

Offline

Posts: 11
UK

Re: 118800.
Reply #34 - Jul 14^th, 2009 at 12:15pm

silentcallsvictim .. yes, we are on the same side

I stand corrected .. I failed to mention Reg 15 .... however, a comms provider would generally only disclose the CLI to the police and not to a victim of malicious calls etc ..... this is done to protect victims from harm when possibly seeking to take action themselves. I introduced the issue of CLI compliance to demonstrate that neither 118800 or the regulators have conducted a proper assessment of compliance requirements.

Regards Dave's questions. People are entitled to submit a subject access request to Connectivity to ask for details of any recipients to whom their data may have been disclosed, for details of the sources of their data (if readily available) and for a copy of any data held. The issue here is that 'readily available' is not defined in the DPA. So if Connectivity stated that they did retain information about the source of individual data or that it was held on another system then they may try to claim exemption from disclosure. If anyone has asked for this and been refused then they should take it up with the ICO.

A directory enquiry facility is one which discloses a telephone number - this is defined in the Communications Act 2003 and the PhonePayPlus Code of practice. As 118800 does not disclose telephone numbers it is outside of this framework (and hence NOT entitled to receive data from mobile operators or the BT OSIS database - that's why they've bought their data).

It's a mess and the ICO and OFCOM need to act together, responsibly and consistently to deliver real protection and benefits to consumers.

It will also be interesting to see the ICO's take on Connectivity's obligation under Schedule 1 Part II paragraph 1 and 2(b) and which require data controllers such as Connectivity to process data fairly in part by giving individuals specific information about the (a) identity of the data controller (b) the purpose or purposes of the processing and (c) any other information to make the processing fair. Where personal data are obtained from third parties, a data controller must " ensure so far as practicable that, before the relevant time or as soon as practicable after that time, the data subject has, is provided with, or has made readily available to him, the information specified in sub-paragraph (3) (of schedule 1 Part II). It will be interesting to see whether Connectivity has claimed any disproportionate effort in meeting this obligation or how else it believes it has met it.

back to silent call victim - I agree that the manner in which the regulators have addressed this issue and the regulatory failings and weaknesses will lead to the matter being referred to the EC - perhaps to Vivien Reding .. if not the ECJ .

Back to top

IP Logged

tadg Newbie Offline Posts: 11 UK	Re: 118800. Reply #35 - Jul 14^th, 2009 at 12:16pm meant to say the CEO of Connectivity will be on BBC2 working lunch at 12.30 today!!!
Back to top	IP Logged

tadg Newbie Offline Posts: 11 UK	Re: 118800. Reply #36 - Jul 14^th, 2009 at 5:06pm have just come across this which I thought would be of interest. It's a letter from Phil Jones (assistant Information Commissioner) to the MP John F Spellar concerning the ICO's involvement with Connectivity. It makes interesting reading but fails to offer the necessary clarity ... http://tweetmeme.com/bar/110974930
Back to top	IP Logged

SilentCallsVictim

Supreme Member

Offline

aka NHS.Patient, DH_fairtelecoms

Posts: 2,494

Re: 118800.
Reply #37 - Jul 14^th, 2009 at 7:58pm

Watched the [url=]Working lunch interview[/url]on the web, and also the [url=]linked report[/url]. What drivel.

There are some very big underlying issues here about the type of society we are becoming. Properly applied, the provisions of the DPA and PECR could help to protect some lasting values, however we are too keen to rush forward into some Brave New World, losing our sense of values.

Perhaps the hiatus in the Connectivity web service (although apparently the telephone service carries on), will give the ICO an opportunity to finish its deliberations and determine that compliance with regulation 15 is required (notwithstanding proper decisions by Ofcom). Writing to everybody in the database to invite them to opt-in will give Connectivity a valuable opportunity to verify the accuracy of its data and ensure that the contacts it is able to make are likely to be welcome, for the sake of its customers.

The simple point for Connectivity in the light of the present publicity is to ask who would wish to pay a pound to use a service that is likely to create annoyance and resentment on the part of those who they are trying to contact.

If Connectivity were smart, it would invite people to register their number for its service and at the same time register the number with the TPS.

Notwithstanding the degree of non-compliance with the TPS, which is significant, but not as great as some may think, I cannot see why most people should not be happy to register with 118800, on the off-chance that someone may have a need to contact them. At the cost of a pound few calls are likely to be frivolous!

(N.B. please let nobody see my recognition of the value of the 118800 service as any endorsement of its present failure to properly comply with the priniples of the PECR.)

Back to top

@fairtelecoms (tweets)

IP Logged

tadg

Newbie

Offline

Posts: 11
UK

Re: 118800.
Reply #38 - Jul 14^th, 2009 at 9:12pm

I don't think the argument has ever been about the value of the service .. but about ensuring transparency and opportunity of choice and control .... about compliance with law .. about ensuring the law is properly and consistently interpreted and applied by the regulators ...

Data privacy compliance should not prevent the development of new technologies or business models ......

Connectivity grossly underestimated the depth of feeling that mobile users have towards their privacy .. and tried to push the regulatory boundaries too far.

Back to top

IP Logged

SilentCallsVictim

Supreme Member

Offline

aka NHS.Patient, DH_fairtelecoms

Posts: 2,494

Re: 118800.
Reply #39 - Jul 14^th, 2009 at 9:58pm

I concur.

It is however only since the banks starting practicising identity theft, by ascribing one's identity to anyone who knew a name address and telephone number and other non-confidential information, that a listing in a telephone directory has become a matter of privacy for the vast majority of the population. What is especially galling about the bamks is their offering a chargeable service for one to to be able to perhaps find out when they have done it.

Back to top

@fairtelecoms (tweets)

IP Logged

SilentCallsVictim

Supreme Member

Offline

aka NHS.Patient, DH_fairtelecoms

Posts: 2,494

Re: 118800.
Reply #40 - Jul 22^nd, 2009 at 5:43pm

I understand that the ICO has made three determinations regarding the status of the 118800 service (when it resumes) in respect of the PECR.

It is a "directory service" within the terms of regulation 18 and the requirement for notification is met by the first contact (by telephone or SMS) in response to an enquiry.
A telephone call from "Connectivity" offering immediate connection to an enquirer does not breach regulation 21, even if the number is registered with the TPS or CTPS.
A SMS text message from "Connectivity" inviting consent to connection with an enquirer does not breach regulation 22.

The ICO is understood to have been persuaded by the fact that this is a "call connection" service which does not reveal telephone numbers, not even to its own agents handling enquiries. The consent to release of information to third parties by the original sources is understood to have been verified rigorously, albeit that the actual purpose for which it would be used could not have been foreseen.

Although it never does this formally, the ICO has effectively authorised the service as it is known to operate. This position was verified by telephone, but it is understood that it would be confirmed in writing and by a statement in response to media enquiries. The ICO does not presently initiate publication of anything about particular cases, other than judgements following formal procedures.

I am very unhappy with some aspects of these determinations and am ready to assist and support those who are perhaps more vigorously concerned in taking the battle forward.

The fact that the mobile number service is currently suspended should provide an opportunity for progress to be made in advance of its resumption.

Back to top

@fairtelecoms (tweets)

IP Logged

Barbara

Supreme Member

Offline

Posts: 598

Re: 118800.
Reply #41 - Jul 23^rd, 2009 at 10:16am

I would agree with your concerns, it would seem that none of the issues raised has been addressed. I am particularly concerned about the prospect of receiving unwanted, costly texts while abroad and the fact that it seems the only way to find out if one's number is in their database requires one to reveal the number so if they didn't have it before, they'd have it once you'd checked! I really do wonder what is the point of rules if those supposed to enforce them just take th e line of least resistance! (Am having a bad morning with public sector not doing its job & letting people get away with murder!!)

Back to top

IP Logged

loddon

Supreme Member

Offline

Posts: 599
Reading UK
Gender: male

Re: 118800.
Reply #42 - Jul 23^rd, 2009 at 11:28am

Barbara wrote on Jul 23^rd, 2009 at 10:16am:

.... it seems the only way to find out if one's number is in their database requires one to reveal the number so if they didn't have it before, they'd have it once you'd checked!

I think you can do a search on your own name, when the service resumes, to see if they have it on their database. As far as I can recall, because it is a while since I did it, you don't need to reveal your number.

Back to top

« Last Edit: Jul 23^rd, 2009 at 11:29am by loddon »

IP Logged

sherbert Supreme Member Offline Posts: 2,011 Gender:	Re: 118800. Reply #43 - Jul 23^rd, 2009 at 12:43pm However, if you want to go ex directory, I think it is different
Back to top	IP Logged

catj Senior Member Offline Posts: 366	Re: 118800. Reply #44 - Jul 24^th, 2009 at 8:39pm * * * "I think you can do a search on your own name" * * * How would they verify that "you", really is "you"? In that case, anyone could search for anyone, no?
Back to top	IP Logged