Data Protection Officer, Guernsey
Isle of Man Data Protection Registrar
Acting Data Protection Registrar, Jersey
Joint Policy Statement (1)
Data Protection Implications
Calling Line Identification (CLI)
1 Introduction1.1. The Guernsey Data Protection Officer, the Jersey Acting Data Protection Registrar, and the Isle of Man Data Protection Registrar, (the DPAs) consider CLI to be a useful extension of the facilities offered by the telephone system, but are concerned about the potential threat it presents to the protection of the privacy of individuals in certain circumstances.2 Application of the Data Protection Laws and Act
1.2. The DPAs believe that the use of CLI may, in certain circumstances, constitutes a breach of The Data Protection (Bailiwick of Guernsey) Law 1986, the Data Protection Act 1986 (of the Isle of Man), and the Data Protection (Jersey) Law 1987. These statutes are referred to in this statement of policy as "the Laws and Act".
1.3. CLI brings with it both advantages and disadvantages. These advantages appear to apply predominantly to the called party, and most of the disadvantages to the calling party. As the Director General of Oftel points out (2) the same person may at one time be the calling party and at another the called party. It is therefore in the common interest that a correct balance be struck between the interests of the calling and the called parties.
1.4. The advantages CLI brings to the called party include:(a) the called party is able to decide whether to accept the incoming call or ignore it;1.5. The disadvantages to the calling party include:
(b) the called party is able to discover the source of an otherwise anonymous or nuisance call;
(c) the called party is able to discover the source of the previous incoming calls irrespective of whether they were answered (3);
(d) the called party can invoke special processing(4), dependent on the identity of the caller, before answering the call;
(e) the called party is able to validate the authenticity of an order (5);
(f) the called party can capture the incoming caller's identity for use in subsequent processing (6).(a) subscribers were not in general given the opportunity to assent to their CLI data being transmitted during outgoing calls;
(b) a telephone user may not be aware that his/her number is being transmitted to the called party, who may be able to discover the calling party's location (7);
(c) the specifically expressed wishes of ex-directory subscribers may be violated through ignorance, forgetfulness, or by accident;
(d) callers to mail order services or enquiry lines may find that they are subsequently the subject of follow-up calls they had not expected and may not want;
(e) callers may place orders or make enquiries from telephones other than their own, resulting in subsequent confusion if data is relied upon to provide validation or follow-up action;
(f) callers who have withheld their CLI data for valid reasons (vide preceding clause) may find that their calls are refused or that they are denied a service to which they previously enjoyed unrestricted access.
1.6. The privacy of the called party may also be compromised since anyone is able to pick up a telephone and discover, by the Call Return facility, the telephone number of the most recent caller. This may, for instance, be a financial adviser, business associate, a general practitioner, or any one else with whom the called party has a confidential relationship. It may even have been a "wrong number", an unsolicited call, or a malicious attempt to incriminate.
1.7. Although this may not be a problem with a telephone used only by a single individual, or by a small, well-knit family, it may become so with one which is larger or which is less well-knit. The risks of loss of privacy are greater when a single telephone is shared by, for instance, a family and one or more lodgers. A small business may also feel threatened under certain circumstances.
1.8. In the UK, the ability of a line blocked subscriber to make use of the CLI system on a vol2untary basis has not been properly publicised, since BT have not (in their major publicity, at least) taken steps to tell the public about the 1470 facility. The DPAs have difficulty understanding the reasons for this omission.
1.9. The UK Data Protection Registrar has already expressed reservations (8) over the way in which British Telecom implemented CLI in the UK. The DPAs wish to adopt a common approach to CLI and to avoid the potential problems envisaged by the UK Data Protection Registrar. They therefore discussed the subject in detail on 11 January 1995 at a meeting in London. Also present was a representative of the United Kingdom Registrar.
1.10. At that meeting, a policy for the Off-shore Islands was agreed, and is presented as an Annex to this document. It should be noted that although this policy is based on the published policies of Oftel and the Data Protection Registrar in the UK, it does contain certain significant differences. These are consequent upon the DPAs' own interpretations of the Data Protection Laws and Act, and on information provided by the UK Data Protection Registrar.2.1. Whenever a telephone call is made, certain personal data relevant to the caller is transmitted through the telephone system and is processed automatically for the purpose of routing, billing, etc. The personal data is therefore subject, as appropriate, to the requirements of the Data Protection Laws and Act.
2.2. CLI introduces new uses of personal data not envisaged before, and it is therefore important that its impact on the individual be considered by the DPAs.
For the purpose of this document, the following definitions are used.3.1. Calling Line Identification (CLI) is the system for transmitting the number of a caller as part of the additional information sent with his call, so that the recipient (if he has the appropriate equipment) can read the caller's number before answering the telephone. It also includes the Call Return facility defined below.There are two methods of blocking the transmission of the data so that the called party does not receive the information about the calling party: call blocking and line blocking.3.2. Call blocking is the facility which prevents the transmission of the data on a particular call if the number dialled is immediately preceded by the digits 141.
3.3. Line blocking is the facility which blocks the transmission of the data on all calls initiated from the given line, unless they are specifically released by preceding the dialled number with the digits 1470.
3.4. Call Return is the facility which allows the called party to find the number of the last caller to his line by dialling 1471. This works notwithstanding whether the call was answered, but is limited by whether the caller allowed his number to be transmitted.
Another useful distinction we make is between a subscriber and a user.3.5. A subscriber is the person in whose name the line is provided and who is responsible for the payment of the account.
3.6. A user is a person who uses a telephone whether it is provided in his own or someone else's name; thus the term user includes the term subscriber.
It is also useful to divide subscribers into two categories: those who choose to allow their name and address to be published in the phone book, and those who do not. For convenience' sake, these are defined as follows.3.7. A directory subscriber is a subscriber who allows his name, address and telephone number to be published in the phone book.
3.8. An ex-directory subscriber is a subscriber who does not allow any of his details to be published in the phone book.
The meaning of a user who is not a subscriber should be self-evident.
4 Discussion4.1. The United Kingdom Experience4.1.1. CLI was introduced in the United Kingdom on the 22nd November 1994 under the headings "Caller Display" and "Call Return".Other publicity has not been particularly noticeable. Some television advertising has been noted, but little else. This is not to suggest it did not happen, only that it was not of a very high profile and was easily missed.
4.1.2. The default situation adopted was that call blocking was initially applied to all lines, whether they belonged to directory or ex-directory subscribers. The Call Return facility was simultaneously introduced for all subscribers, subject to the same limitation regarding the use of blocking by the caller.
4.1.3. Publicity in the UK consisted of notices sent to subscribers with a telephone account. They stated that the default option was call blocking, even for ex-directory subscribers. The publicity described the call blocking system and the use of the 141 prefix, and the use of Call Return with the number 1471. The publicity mentioned that arrangements can be made for the numbers to be permanently withheld, and invited customers to telephone a contact number. No mention was made of the 1470 facility.
4.2. First Data Protection Principle4.2.1. There are two concerns under this principle, the fair obtaining and the fair processing of information.4.3. Cancellation of Call Return Information
4.2.2. Fair Obtaining of Information: New Subscribers
With new subscribers there appears to be no problem with adhering to both the spirit and the letter of the First Data Protection Principle. At the time an application is made for a service, new subscribers should be presented with the full range of options and given the choice on their telephone service order forms of call blocking or line blocking.
4.2.3. Fair Obtaining of Information: Existing Subscribers
Existing subscribers are in a different position. When they applied for a telephone, these options were unavailable and they could not therefore have been informed of possibilities which did not exist. The new facilities are clearly an extension of existing telephone capabilities and cannot, in the opinion of the DPAs, be considered to be a use or disclosure which is incompatible with that purpose or those purposes (vide the Third Data Protection Principle). The information to be contained in the personal data was, therefore, fairly obtained, and the fact that the new uses were not contemplated at the time the personal details were originally collected does not affect that position.
4.2.4. Fair Processing: Meaning of Fair Processing
For the processing of users' personal data to be considered fair, the users must be aware of what may happen to their information. They must not be misled or deceived and, unless it is implicitly obvious how their information is going to be processed (such as in the preparation of charging accounts), they must be made fully aware of all possibilities. These must be presented fairly with no information concealed, before users take action which will result in the processing of their data. This principle must be applied at a personal level (10) - informing a proportion, or even a majority, of users is not sufficient. The principle must be applied to each and every user of the telephone system, on an individual basis.
4.2.5. Fair Processing: Default Method for Existing Subscribers at the time of Introduction of CLI
Without doubt the surest way of ensuring that every user of the telephone system receives the full benefit of the First Data Protection Principles to apply line blocking as the default system. Every individual user will then have to use the appropriate prefix to permit his number to be transmitted and displayed. Anyone not aware of the system will not use the prefix and will not transmit his number.
Given this starting position, subscribers, but not users who are not also subscribers, would be able to transfer to call blocking on request.
Any default system other than line blocking must inevitably arise in a proportion, albeit small, of users being unaware of how their data are being processed. Since the consideration of fair processing must apply to each individual caller on each occasion, informing subscribers is not of itself sufficient to ensure the principle is observed. The publicity given to the system must therefore ensure that every user, irrespective of whether he is a subscriber, knows what may happen to information concerning him when he makes a telephone call.
The number of users who are not also subscribers probably exceeds considerably those who are. The only way to satisfy the requirement of adequately informing users who are not also subscribers appears to be for there to be a high profile publicity campaign conducted over a sufficient period of time.
4.2.7. Separation of Publicity from other materials
To ensure that subscribers are fully aware of all options available to them, the DPAs believe that enclosing a notice about CLI with a telephone bill is not by itself sufficient. If only a small proportion of subscribers fail to pay attention to the notice, the principle may be contravened in those cases.
Information given to subscribers should therefore, if the First Data Protection Principles to be properly observed, be sent in a separate mailing with no other information included with it. That mailing should, furthermore, make clear to the subscriber all options available to him, including all blocking and unblocking facilities, on a line and call basis.
No attempt should be made to conceal information or to persuade the subscriber to prefer one option rather than another.
4.2.8. How does a User know which option applies to a particular line?
The DPAs considered this problem in some detail and concluded that all telephone users, when they are uncertain as to the status of the line they are using, should be advised to adopt the practice of using the 141 prefix when they wish to withhold their number, and the 1470 prefix when they wish to transmit it.4.3.1. The Call Return facility puts a form of CLI into the hands of all telephone users. Although it does not allow the user to see the calling party's number before the call is answered, it does allow him to discover that number after the call. It further puts in the hands of the user the ability to find the number of the last caller and, if the appropriate equipment is fitted, the numbers of several of the most recent callers.4.4. Call Blocking as Default for Directory Subscribers
4.3.2. The Call Return facility is available to anyone who cares to pick up a telephone and dial 1471, irrespective of whether he is entitled to do so. Thus information personal to one user may easily be obtained by another telephone user, who may be unauthorised by, and perhaps even unknown to, the person to whom it is relevant.
4.3.3. The DPAs therefore believe that a serious violation of the Data Protection Laws and Act is possible through the use of Call Return. The only way in which this can reasonably be avoided is by the introduction of a code to erase the stored Call Return number, or to opt out of the facility completely.
4.3.4. The DPAs understand that the possibility of an opt-out has been discussed with BT by the UK Data Protection Registrar and that it is technically feasible. The DPAs therefore believe that Call Return should be allowed to continue for the time being, but on the understanding that some form of erasure facility and/or complete opt out will be introduced within a reasonable time.4.4.1. As argued above, line blocking is probably the only way in which observance of the First Data Protection Principle can be guaranteed in all cases. However, it is clear from the United Kingdom experience that a substantial proportion of telephone users will probably be able to learn to accept the constraints of CLI fairly quickly, and will of necessity learn to use the appropriate codes to ensure their privacy. Many may be expected to welcome it and embrace its advantages while appreciating and guarding against its disadvantages. Those who find they have real difficulty with numbers have the option of moving to line blocking where they will be able to use the telephone in essentially the same way as they did pre-CLI.4.5. Line Blocking as Default for Ex-Directory Subscribers
4.4.2. The DPAs therefore accept that call blocking is acceptable as the default system for directory customers, but subject to the strict conditions outlined below.
4.4.3. This option (the one introduced in the UK) allows the maximum penetration of the new system immediately it is introduced. No further action need be taken by subscribers and the facility is available immediately with minimum effort and minimum cost.
4.4.4. However, this option carries with it the risk that a proportion of users may not be fully aware of what is happening. If a complaint is received from one or more of this group it could result in a Data Protection Authority having to take enforcement action.
4.4.5. To minimise this possibility, the DPAs propose the following policies be adopted by Guernsey Telecom, Jersey Telecom, and by Manx Telecom. If the Telecom companies adopt these precautions, any complaints received will be viewed in the light of the steps taken by the companies to protect the privacy of the complainants.
4.4.6. To use call blocking as the default option (ie, using 141 to suppress the transmission of a number), the DPAs consider the minimum requirements to be:(a) call blocking should be applied as the default system for directory subscribers only;
(b) every subscriber should be clearly informed of what options are available, including the availability of blocking on a call and line basis (including unblocking on a per call basis using the 1470 prefix);
(c) this information should be sent on its own and not as an enclosure with other literature or with an account;
(d) all directory subscribers should be clearly informed of what they have to do in order to change from the default option to the alternative of line blocking;
(e) subscriber requests for changes should be acted upon in the shortest reasonable time;
(f) no obstacle should be placed in the way of any subscriber in his/her choice of option;
(g) the full range of possibilities should be introduced simultaneously so that no one need feel coerced into having an unacceptable option; and
(h) the ability to erase the last number stored under the Call Return system (and accessible using the 1471 number), and/or the ability to opt out of Call Return completely, should be made available within a reasonable period.4.5.1. In electing to be omitted from the phone book, ex-directory subscribers have already expressed, for whatever reason, their preference not to have their names and addresses published in a generally available directory. In the United Kingdom, the default system for these customers is the same as that for normal customers. However, the DPAs believe that this does not give adequate weight to the previously expressed wishes of the ex-directory subscribers, and the argument for line blocking being the default option for ex-directory subscribers is overwhelming.4.6. Code of Practice
4.5.2. By the same token that directory subscribers should be given the option of changing readily to line blocking, so the DPAs believe that ex-directory subscribers should be given full information about, and an easy way of changing to, call blocking.4.6.1. The Isle of Man Data Protection Registrar has discussed with Bryan Waddington, Director of the Communications Commission, some of the implications of CLI. They have agreed that the United Kingdom Code of Practice sets out a sensible and acceptable regime for the preservation of subscriber wishes when communications pass between different service providers. With obvious amendments necessary to make it apply to the Isle of Man, this forms an acceptable basis.4.7. Company Subscribers4.7.1. In the case of a company subscriber it may be argued that the Data Protection Principles do not apply since the data being transmitted is relevant to the company and not to an individual.
4.7.2. Representation has been received from a particularly prestigious trust company stating that trust companies in the Isle of Man do not want CLI. This is because most of their clients do not, under any circumstances, want the connection between themselves and their trust management company to become common knowledge. The number of the trust management company operating on behalf of the individual may be considered to be personal data relevant to the individual concerned. In that case, the Data Protection Principles would apply.
4.7.3. The DPAs therefore consider that businesses should be given exactly the same choices between call blocking and line blocking as private subscribers.
4.8. In Time4.8.1. It can reasonably be expected that, in time, CLI will become part of the telephone culture and all users will readily control what happens in each case. The concern of the DPAs is for the period of learning when ignorance and mistakes may easily cause users to send their number when they do not want to, and to not send it when they do. The period is uncertain: for some it may be a matter of days or weeks, for others it may take years. The time it is taking to change from the Fahrenheit scale to Celsius for the measurement of temperature indicates of how long it can take some people to adapt to change. The elderly, in particular, may take a while to understand how to use the system in the way they want.4.9. Future Developments4.9.1. There are several potential developments of CLI currently under investigation. These include the display of the name of the caller rather than the number, and the substitution of a different number for call display to that from which the call was made. The DPAs are aware of this work, but reserve their position on these matters for the time being.4.10. Subsequent Use of Data4.10.1. The DPAs warn called parties that care should be exercised if they collect a caller's number with the intention of re-using it. This could constitute a contravention of the fair obtaining provisions of the First Data Protection Principle.
4.10.2. To use the data obtained through CLI, the collection and use of the data must be implicitly obvious to the calling party (as, for instance, when returning a call as requested), or explicitly obvious (when specific permission has been obtained from the calling party by the called party).
4.10.3. The collection and use of data emanating from CLI is not the responsibility of the Telecommunications providers. but it is mentioned here since it is a consequence of the introduction of CLI.
4.11. Reserved Position
The Data Protection Laws and Act are still relatively new and complex. They are necessarily broad in their drafting in order to cover the many and varied circumstances in which computers are used to hold personal data. Similarly, CLI is a new facility, the consequences of which may not yet be fully understood. The interpretation given in this Statement of Policy is the view of the DPAs at the time of writing. They reserve the right to modify any view expressed here in the light of changing circumstances, including particularly any findings of the courts or, where appropriate, of the Data Protection Tribunals.
The Data Protection Laws and Act:
The Agreed Policy
The Provision of Services to a New Subscriber, or of Additional Services to an Existing Subscriber:
A.1. The fair obtaining and fair processing provisions of the First Data Protection Principle are of paramount importance and must be observed.
Introduction of CLI to Users who are not Subscribers: Publicity
A.2. At the time information is being obtained for the provision of a new or additional service, subscribers shall be presented with the full range of options and given the fully informed choice on their telephone service order forms of call blocking or line blocking, together with any other relevant information.
The Introduction of CLI to existing Telephone Subscribers:
A.3. The default blocking system for directory subscribers shall be call blocking.
A.4. The default blocking system for ex-directory subscribers shall be line blocking.
A.5. General considerations applying to all existing subscribers:(a) every subscriber shall be clearly informed of what options are available, including the availability of call blocking and line blocking (including blocking on a per call basis using the 141 prefix and unblocking on a per call basis using the 1470 prefix), together with any other relevant information;
(b) to enhance its chance of being taken notice of by the subscriber, information about CLI shall be sent on its own and not as an enclosure with other literature or with an account, and shall be sent well in advance of the introduction of CLI;
(c) all subscribers shall be clearly informed of what they have to do in order to change from their default option to the alternative;
(d) subscriber requests for changes shall be acted upon in the shortest reasonable time;
(e) no information shall be withheld from, and no obstacle shall be placed in the way of, any subscriber in his/her choice of option;
(f) the full range of possibilities shall be introduced simultaneously so that no one need feel coerced into having an unacceptable option.
Call Return Option
A.6. The publicity given to the system must ensure that every user who is not a subscriber knows what may happen to information concerning him when he makes a telephone call.
The only way to satisfy this requirement appears to be for there to be a high profile publicity campaign conducted over a sufficient period of time.
A.8. An option to allow erasure of a number stored under the Call Return facility, and/or to opt out of the Call Return facility completely shall be made available within a reasonable time.
A.9. The same options regarding the choices between call blocking and line blocking as are available to private subscribers shall be made available to business subscribers.