Just a few small points about going ex-directory by DE-REGISTERING your mobile number with these people.

• If they don't already have your information, they obviously will have even more when you've given it to them.

• They are a commercial enterprise so whatever they do will be financially driven.

• What Guarantees do you have that they won't use pass your information on to others.

• Whatever promises they make now will not be valid should the company later be sold on.

This seems like a very clever SCAM designed to collect people's data with no cost or effort involved. Just start a panic and wait for the flood of idiots volunteering their personal information.

This is the link to their website concerned with removing your details, passed to me by my other half (& numerous concerned followers of the Russell Watson website).

My recommendation is to keep tight hold of your data and if contacted by them to pass your details to anyone, just and deny everything !!

Keep your mobile number safe  -

SayNoTo

118800

It is hugely important that people understand this is a private mobile enquiry database .... it is not the official OSIS national database and does not and is not entitled to, get information from the national database.

The service has been set up by venture capitalists who have invested £17.5 million the 118800 service ...... its all about profit ..

I agree .. don't give them your data .. instead refer matters to the  ICO, OFCOM and PhonePayPlus

DaveM wrote on Jun 20^th, 2009 at 12:59pm:

On the contrary.  When you 'opt out' online, you merely enter your mobile number.  No name or address or any other details are required.

http://www.118800.co.uk/removeme/remove.html

SCV, you can do a search for yourself on their website, that is how I found out that they did have my data.

I have a case ongoing with the ICO.

Complaint to Phonepay plus was just dismissed as 'not their problem gov' talk to the ICO.

Cheers, Des.

Further to my previous post, I can add some further comments following a conversation with a representative of the ICO.

The ICO has not as yet made any formal determination regarding the compliance of this service with the PECR. It has not however taken any action in respect of a breach.

Compliance with regulation 18 is suggested as being achieved by the fact that no information is given out without consent. There is however a wider issue involved as the regulation seeks to prevent information being held without consent, regardless of what procedures may be in place to prevent it from being revealed without consent. The regulation covers the holding, not the dissemination, of the information.

The vital principle of data protection that is being breached is that information which was provided for one purpose is being used for another. If enforcement of the relevant regulations is not seen to be effective then the whole process collapses, as the ICO is reliant on the public being aware of what is allowed, so that breaches will be reported, so that they can be dealt with.

I am told that the possibility of a breach of regulation 22 has not been considered as it is understood that contact is made only by telephone. Given that directory enquiry services are permitted to market their services (to callers) by calling those registered with the TPS, one may assume that they are compliant with regulation 21. 22 is however different as there is no implied consent by default. Furthermore, a text message that solicits activity involving expenditure in order for the service delivery to be completed is more likely to be regarded as "direct marketing" than a telephone call that does not.

I understand that the ICO is open to representations on these points. I personally see this as a case which requires important issues of principle to be clarified, rather than it representing a nuisance in itself (from the recipients perspective). Whether the service is useful and represents good value for money is a quite separate issue.

Following the previous post, I have a query.   If you have my details & someone wishes to contact me, you will send me a text, if I understand correctly.  However, apart from the fact that I have already given my mobile no to anyone I wish to have it (ie if they haven't got it it means I don't want them to have it!), if I am abroad, it will cost me to receive the text you would send and THAT I REALLY RESENT!   Can you tell me how you propose to avoid people incurring costs to receive said unwanted texts while abroad?

118800 wrote on Jul 13^th, 2009 at 1:32pm:



A bit difficult to do that as your site is down.

Silentcallsvictim has provided good analysis of the core data privacy issues - it is important that people refer their complaints to the ICO and to OFCOM.  You may also wish to contact the All Party Parliamentary Interest Group on Privacy and raise it at a cross government level  - http://privacyappg.org.uk/ .There is a need for an urgent review of the regulatory framework and efficacy of the regulators.

Here's another overview:
Ok, the service does NOT give out mobile numbers . ..... The company has provided a facility so people can opt-out and become ex-directory.  It's OK says 118800 the service is privacy friendly ..

So what's wrong with all this?
Well, firstly, this directory enquiry (call completion) service sits outside of the regulatory framework for directories and directory enquiry services in the UK and which falls under the remit of OFCOM. Under that Framework, OFCOM has established a national directory database managed by BT and which is called OSIS. This is the OFFICIAL database and which also contains ex-directory numbers. ALL 118 providers that offer telephone numbers are entitled to access this database under the law/the regulatory framework. Mobile operators are obliged to pass subscriber information to OSIS BUT do so only where a customer has specifically requested that they want an entry in a directory or directory enquiry service - in other words where a customer has expressly opted-in. Both OFCOM and the EU (who were taking legal action against the UK government for failing to give mobile customers the right to an entry in directories) have agreed that entries in directories and directory enquiry services should be based on opt-in consent.

It is a fact that the 118800 service does not fall under any definitions of the above regulatory framework and so is NOT entitled to access OSIS data or receive data from OSIS or the mobile operators.

The 118800 service is a purely private system. Ask yourself why someone should need to become ex-directory in this service if they are already ex-directory in the national OSIS database?  How many times should someone need to opt-out (never because it should be opt-in)

So what else is wrong. Well, firstly lets look at the 15 million names, addresses and numbers obtained from third parties (and which could be the retailer you bought your phone from or some online retailer who you supplied your details to). 2 pieces of law apply here.
(1) Data Protection Act 1998 - the DPA. Under the DPA those collecting your data would have needed to make you aware in a transparent and clear manner of the intention to place your details in a directory service and the purposes of that directory, and allowed you to make and informed decision as to whether you agreed or not .. in other words they needed your consent. (2) Regulation 18 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 applies - the PECRs. Reg 18 states: The personal data of an individual subscriber shall not be included in a directory unless that subscriber has, free of charge, been -
(a) informed by the collector of the personal data of the purposes of the directory in which his personal data are to be included, and (b) given the opportunity to determine whether such of his personal data as are considered relevant by the producer of the directory should be included in the directory. “ This seems quite clear that the party collecting your data should have told you about the 118800 service and given you the clear opportunity to agree - either by an opt-in box or by an opt-out box (depending on whether they published a clear and prominent notice at the time they collected your data). It seems to me that opt-in consent is required for the purposes of this directory.

So what else. Well, the company says you can obtain a copy of information they hold on you pursuant to your rights under Section 7(1) of the DPA. 118800 now charges £5 (but used to charge the maximum £10 fee permitted under the DPA for meeting these access requests). BUT why are they charging people when Reg 18(5) of the PECRs requires directory operators to provide subscribers with the means (free of charge) to verify, correct or withdraw their data at any time - I can find no mention of these rights on the 118800 website. Perhaps the company thinks it doesn't need to if its services sit outside the regulatory framework?

What else? Oh yes. back to the regulatory framework. ALL 118 services are regulated by PhonePayPlus which is an agency of OFCOM the government telecoms and media regulator. PhonePayPlus regulates services by a Code of Practice - the Code. the 118800 service is incompatible with the Code which (a) defines telephone directories as ones that supply phone numbers (b) requires companies providing call completion services to disclose telephone numbers to persons who demand a number and (c) requires that services must not or must not be likely to result in any unreasonable invasion of privacy. As opt-in consent has not been sought from any person in the 118800 directory, it is possible that individuals listed in the directory without their knowledge or agreement will consider contact via the call completion service to amount to an unreasonable invasion of their privacy (especially those who considered they are already ex-directory under the official national OSIS database).  PP+ can exempt 118 providers from compliance with the code but has not done so yet!