A statement issued by the Director General of Telecommunications

Contents

The Guidelines

Chapter 1 Scope

Chapter 2 Purpose of the guidelines

Chapter 3 Changes to the guidelines

Chapter 4 The regulation of CLI

Chapter 5 End-users’ privacy rights

Chapter 6 CLI principles: privacy, authenticity and integrity

Chapter 7 Precepts arising from the CLI principles

Chapter 8 The use of CLI data within public electronic communications networks

Chapter 9 Calls received or passed to public electronic communications networks not covered by the guidelines

Chapter 10 The provision of CLI facilities

Chapter 11 Enforcement of the guidelines

Chapter 12 Definitions

Annex A Guide to the use of Presentation Numbers

Annex B Analysis of responses to the consultation

 Chapter 1

Scope

1.1 The Guidelines apply to providers of Publicly Available Telephone Services in the UK and to other Communications Providers who provide services for the conveyance of Calls. The Guidelines set out a series of principles that should be respected by Communications Providers in the provision of Calling Line Identification Facilities and the conveyance of calling and connected line identities when End-Users make or receive a Call.

1.2 For the purpose of these Guidelines, the definition of "Call" (see Chapter 12) is that proposed by the draft Privacy and Electronic Communications (EC) Directive Regulations 2003, which in turn reflects the definition in the Privacy and Electronic Communications Directive (2002/58/EC). ("call" means a connection established by means of a publicly available telephone service allowing two-way communication in real time Article 2.(d), Directive 2002/58EC). In effect, rights and obligations with regard to CLI information are restricted to telephone calls, but do not extend to ISDN data, SMS or internet-based services such as email or instant messaging.

1.3 In conducting the consultation and preparing the Guidelines, Oftel has taken into consideration the appropriate principles outlined in its Consumer Protection Policy Review (CPPR) guidelines (see Annex B). Oftel’s CPPR guidelines are designed to ensure that consumer protection focused regulation remains appropriate, proportionate and is achieving its objectives. This approach has been respected by the Guidelines.

Chapter 2

Purpose of the guidelines

2.1 The purpose of the Guidelines is to establish a consistent approach to the handling of calling line identification data from call origination through to call termination. This is to ensure that the privacy choices that End-Users make about their CLI data are respected by all Electronic Communications Networks that participate in the origination, transmission and termination of a Call. By identifying a common set of expectations and obligations, the Guidelines lay the foundations for mutual trust which gives Communications Providers confidence that they will be able to discharge their obligations under Relevant Data Protection Legislation, for which they may depend on the behaviour of other Communications Providers.

2.2 The Guidelines have been subject to a public consultation which concluded on 21 May 2003. They succeed the third edition of the Code of Practice for Network Operators in Relation to Customer Line Identification Display Services and Other Related Services available at www.oftel.gov.uk/ind_groups/cli_group/docs/cop1101.pdf the more technical elements of which may be carried forward as a specification as described in paragraph 2.3 below.

2.3 The Guidelines are intended to be technology-neutral insofar as is practicable. They should be read in conjunction with any interoperability specifications approved for publication by the Network Interoperability Consultative Committee (NICC) or any successor body. Such specifications will apply the general principles set out in the Guidelines to a specific technical environment and will be hyper-linked and noted here.

2.4 For the avoidance of doubt references to calling line identification data in these Guidelines are also references to connected line identification data. For ease of expression both will be referred to here as CLI data or CLI information, as the case may be.

Chapter 3

Changes to the guidelines

3.1 The Guidelines will be published on the Oftel website. It is intended to publish a revised version with editorial amendments only when the Privacy and Electronic Communications (EC Directive) Regulations 2003 replace the Telecommunication (Data Protection and Privacy) Regulations 1999 (SI 1999 No.2093) in October 2003. Chapter 4 below explains the background to these Regulations.

3.2 Modifications to the Guidelines shall only be made by Oftel under the following circumstances:

• to reflect UK or EU legislation or any changes in these; or
• to reflect a decision of the Information Commissioner or Information Tribunal; or
• to reflect one or more determinations, consents or directions made by Oftel which has the effect of applying to Communications Providers; and
• after consultation with Communications Providers and any other bodies or individuals that Oftel considers appropriate.

3.3 It is expected that Ofcom will follow similar procedures.

Chapter 4

The regulation of CLI

4.1 Market incentives will not guarantee End-User confidence that communications providers will correctly handle their CLI information. This is because the end-to-end conveyance of a Call originated by an End-User frequently requires the collaboration of several network providers. End-Users have a limited ability to select which networks will be involved in the conveyance of a Call and are not able to influence the behaviour of those networks by the normal exercise of consumer sovereignty.

4.2 Because the conveyance of CLI data involves End-Users in relationships with Communications Providers over whom they have little influence, it has been found necessary for regulators to intervene and adopt powers to compensate for the lack of power of End-Users. From 1996 Oftel and the industry have collaborated in producing and endorsing a Code of Practice for network operators in relation to CLI services. The most recent, third edition, of the Code was published in November 2001.

4.3 The starting point for regulation is the recognition that an individual’s Telephone Number is personal data within the meaning of Relevant Data Protection Legislation. Of necessity regulation applies to all Calls because it is not feasible on a call-by-call basis to distinguish whether a particular Call involves a living individual (as opposed to a corporate entity) and so has personal data associated with it. However European Community legislation, described in the following paragraphs, provides that the rules regarding CLI data apply to corporate as well as to individual End-Users, and apply irrespective of whether the identity of the End-User is known or not.

4.4 In 1997, the adoption of the Telecommunications Data Protection Directive (97/66/EC), transposed into UK legislation as the Telecommunication (Data Protection and Privacy) Regulations 1999 (SI 1999 No.2093), established the first set of European Community rules applying to CLI data. The Regulations are enforced by the Information Commissioner..

4.5 The Telecommunications Data Protection Directive will be replaced by the Privacy and Electronic Communications Directive (2002/58/EC), formally adopted on 12 July 2002 and requiring to be transposed into UK law no later than 31 October 2003. This will require the repeal of the existing 1999 Regulations and their replacement by fresh Regulations implementing the new Directive. The DTI's consultation on the draft Privacy and Electronic Communications (EC Directive) Regulations 2003 is accessible at http://www.dti.gov.uk/industry_files/pdf/complete%20document.pdf

4.6 CLI data in a number of forms has passed through the PSTN for many years. The widespread introduction of digital switching technology led to customer CLI information being available on almost all calls. In consequence, a CLI customer display service became technically feasible but required data protection safeguards for the reasons explained above. Over the years UK and ETSI standards have been developed to reflect improvements to the CLI display service and to satisfy data protection requirements. For this reason the terminology used in this document unavoidably draws heavily on concepts developed by ETSI, notwithstanding that the underlying data protection principles are technologically neutral. However, nothing in the Guidelines obliges Communications Providers to implement the ETSI standards or specifications from which the terminology has been derived.

 Chapter 5

End-users’ privacy rights

5.1 Both Directives set out a fundamental series of privacy rights for End-Users making and receiving Calls. The following rights, which are explicitly required to be made available by Communications Providers, are laid down in Article 8 of Directive 2002/58/EC.

5.2 The rights of calling End-Users are that:

5.3 The rights of called End-Users are that:

5.4 An additional right that arises from the application of general data protection principles is the ability of called End-Users to render received CLI information, that is stored by a Communications Provider in a form directly retrievable by an End-User, inaccessible. This capability is commonly known as call return/1471 erasure.

Exceptions to the caller’s privacy rights

5.5 Both the old and new Directives set aside a caller’s general right to prevent the display of their CLI information where Calls are made to the emergency services or where the appropriate authorities investigate and trace malicious or nuisance calls. The Directives also provide for national legislation to restrict privacy rights in order to safeguard national security, defence, public security and to facilitate the prevention, investigation, detection and prosecution of criminal offences.

5.6 The relevant UK legislation that restricts privacy rights in order to safeguard national security and the other objectives identified above is the Regulation of Investigatory Powers Act 2000. The Act creates a legal framework within which Communications Data, which includes CLI data, may be obtained and disclosed to designated authorities in order to secure these objectives.

CLI principles: privacy, authenticity, integrity

6.1 The Directives simply declare a set of privacy rights in respect of the transmission and receipt of CLI information. However, so that communications providers may effectively implement these rights three cardinal principles relating to CLI have been recognised. These are:

• privacy;
• authenticity
• integrity.

Privacy and privacy markings

6.2 Privacy is the complex of rights over CLI data conferred on End-Users by Relevant Data Protection Legislation which leads to the generation of a privacy marking.

6.3 In order that Communications Providers are able to respect a caller or called party’s wishes, it is important that a privacy marking is associated with a Call. For ease of reference, the four privacy markings used to satisfy data protection requirements are:

6.4 Where a privacy marking is not explicitly associated with a Call, CLI data shall not be displayed unless the caller's privacy wishes have been unambiguously established.

Authenticity of CLI information

6.5 Authenticity is the capability offered by a network to generate accurate CLI data at call origination. CLI data is a combination of the End-User's line identity and the associated privacy marking. A line identity is either the number at the point of a Call's origination or termination or data from which that number may be reconstructed.

6.6 End-User confidence in CLI display services requires that the CLI data displayed at the termination is authentic. This depends on providers being able to generate accurate CLI data at call origination. Currently in the UK the number displayed will either be a Network Number or a Presentation Number.

6.7 A Network Number is a line identity that comprises a unique E.164 number (or from which that number may be reconstructed) that unambiguously identifies the line identity of:

6.8 In the case of a Network Number authenticity is guaranteed as the number will have either been provided by a Public Electronic Communications Network, or alternatively, will have been verified and passed by it. However the number displayed may not be very informative to the called party as it may not reflect the point of origin of the Call or may not even be diallable.

6.9 A Presentation Number is a number nominated or provided by the caller that can identify that caller or be used to make a return or subsequent Call. In the UK several types of Presentation Number are in use - they are described in A guide to the use of Presentation Numbers annexed to the Guidelines.

6.10 Although a Presentation Number will not identify a Call's point of ingress to a Public Telephone Network it may well carry more useful information. The requirements of a Presentation Number are that:

• it either has to be a diallable number or a number that has been received from the Public Telephone Network and passed on unchanged
• it will have been allocated either to the caller or if allocated to a third party, only used with their permission; and
• it must not be a number that connects to a Premium Rate Service as defined in section 120 of the Communications Act 2003 (such as those prefixed 090 or 091) or to a revenue sharing number that generates an excessive or unexpected call charge (NB the exploitation of a Presentation Number to generate revenue-sharing calls may constitute persistent misuse of an Electronic Communications Network or Electronic Communications Service).

Integrity

6.11 Integrity is the ability of Electronic Communications Networks to maintain authenticity from call origination to call termination.

6.12 The precepts that ensure integrity are set out at paragraphs 7.1.3 and 7.1.5.

Precepts arising from the CLI principles

7.1 Applying these principles gives rise to the following precepts:

The use of CLI data within public electronic communications networks

8.1 The CLI privacy rights conferred on End-Users by Relevant Data Protection Legislation apply to the situation where a Call with associated CLI information that identifies the caller’s line terminates on a network that offers CLI display services (or vice versa in the case of Connected Line Identification).

8.2 This customer service needs to be distinguished from the passage and display of CLI information within and between Public Electronic Communications Networks where the information will be accessible within the network(s) irrespective of the caller’s privacy wishes.

8.3 The operation of the Guidelines does not affect the ability of Electronic Communications Networks to use received CLI data for network and/or account management purposes and, in co-operation with the relevant authorities, for emergency calls and the tracing of malicious calls and similar activities. However, the privileged access that Communications Providers have to End-Users’ CLI data, whether or not they have chosen to prevent its display, may only be used where the use of this data is essential to the provision of an Electronic Communications Service. Such access should be restricted to those staff to whom it is essential for any of the above purposes. Communications Providers will respect the privacy of callers who have elected to prevent the display of their line identities by not exploiting this information for telemarketing or any commercial purpose other than billing.

Calls received or passed to public electronic communications networks not covered by the guidelines

9.1 On Calls received from Electronic Communications Networks not covered by the Guidelines (eg international calls) the CLI information shall be classified by the receiving network as follows:

9.2 When a Call is routed to an Electronic Communications Network not covered by the Guidelines, e.g. international calls, the Communications Provider may not be in a position to guarantee that the caller’s wishes with regard to his CLI privacy will be respected by a subsequent network or the terminating network.

9.3 Consequently, in order to avoid a caller’s identity being displayed to a called party in this case, the gateway exchange should delete all CLI information from the Call, if the CLI information has been classified as ‘withheld’ or ‘unavailable’.

9.4 Alternatively, if it is known that the subsequent or terminating networks will respect the caller’s privacy wishes, then the CLI information may be passed in an appropriate format.

Chapter 10

The provision of CLI facilities

10.1 Under the new regulatory framework one of the General Conditions of Entitlement obliges all Communications Providers who provide a Public Telephone Network to provide Calling Line Identification Facilities. An extract from Condition 16 (Provision of additional facilities) follows:

"Calling Line Identification Facilities" are defined as "… facilities by which the Telephone Number of a calling party is presented to the called party prior to the call being established …"; "Relevant Data Protection Legislation" is defined as "… the Data Protection Act 1998 and the Telecommunications (Data Protection and Privacy) Regulations 1999 …". This latter definition will require amendment to accommodate the Privacy and Electronic Communications (EC Directive) Regulations 2003 when they enter into force.

10.2 It may be helpful to set out Oftel's view of which providers this condition applies to and what it obliges them to do.

10.3 The condition applies to providers of Public Telephone Networks (PTNs). A PTN is defined for the purpose of the General Conditions as:

10.4 A Publicly Available Telephone Service (PATS) is defined as:

10.5 These generic formulations are technologically neutral. The key factor in determining whether a network is a PTN or not is whether it is used to provide PATS, irrespective of its underlying technology. It is not possible, a priori, to exclude any particular technology over which PATS may be provided and it follows that all providers of networks over which services which fall within the definition of PATS are provided are obliged to offer CLI facilities, subject to the other qualifications of the condition. For the avoidance of doubt, it is Oftel's view that voiceband frequency calls provided over ISDN lines are PATS.

10.6 One misreading of the condition is that its intention is simply to oblige those providers who choose to provide CLI facilities to provide them in a way that accords with Relevant Data Protection Legislation. This is not so. In Oftel's view the condition obliges PTN providers both to provide CLI facilities and to respect Relevant Data Protection Legislation in so doing.

10.7 The obligation to provide CLI facilities is "subject to technical feasibility and economic viability". Oftel's view is that the 'technical feasibility' qualification may only be invoked in exceptional circumstances. It is not sufficient for a PTN provider to refuse to provide CLI facilities because they are not supported by its network. Rather it will be necessary to demonstrate that there is a genuine technical problem which cannot be immediately resolved, as is the case with some Virtual Private Networks. In such a case, the PTN provider would be expected to develop a programme of work, with milestones, aimed at implementing a solution.

10.8 More common will be a situation where 'technical feasibility and economic viability' needs to be understood as a whole. This will be the case where the exception is invoked on the basis of an approach that weighs existing physical or technical constraints that need to be overcome in order to provide the facilities with the costs that would be incurred in so doing. There may be cases where the investment required to upgrade a network in order to provide CLI facilities is disproportionate in terms of the number of customers to whom benefits would accrue as a result of the upgrade. An example might be the case for not upgrading a non-digital public exchange in a remote part of the country which only connects to a handful of subscribers.

10.9 The concept of 'economic viability' is also subject to a proportionality test. Article 29 of the Universal Service Directive (2002/22/EC) enables national regulatory authorities to mandate the provision of CLI facilities by all PTN providers because, as recital 39 spells out, "the development of these services (ie tone dialling and CLI facilities) on a pan-European basis would benefit consumers and is encouraged by this Directive". The benefit to consumers is a positive that needs to be weighed against the cost of providing the service. The Directive's approach is that the imposition of reasonable costs is not disproportionate or unfair given the advantages that accrue to consumers.

10.10 For this reason a PTN provider would not be justified in refusing to provide CLI facilities because the revenue generated by the service is less than the costs of providing it, unless the potential loss is demonstrably excessive, and hence disproportionate. Providers also need to bear in mind that the provision of CLI facilities is not required to be provided free of charge, in contrast to some of the privacy rights associated with the service set out in Chapter 5 of the Guidelines. Additionally there are indirect revenues that the provision of CLI facilities generates, when a caller makes a return Call to a captured number.

10.11 Furthermore, given the horizontal nature of privacy rights and the inability of End-Users' to exercise them in the absence of CLI facilities it is difficult to envisage circumstances in which the condition might be disapplied for a particular geographic area; more especially as the consumer benefits are shared between the calling and called End-Users who may be in different geographic locations.

10.12 The normal rules as set out in sections 94 to 104 of the Communications Act 2003 apply to the enforcement of this general condition.

Relevant Data Protection Legislation

10.13 The condition requires Calling Line Identification Facilities to be provided in accordance with the requirements of Relevant Data Protection Legislation. From the end of October 2003 these requirements will be set by the Privacy and Electronic Communications (EC Directive) Regulations 2003, implementing the Privacy and Electronic Communications Directive (2002/58/EC). In contrast to the Telecommunications Data Protection Directive (97/66/EC) these requirements are explicitly limited to telephone calls.

10.14 The main services which Communications Providers must offer are those implementing End-Users' privacy rights as described in Chapter 5 of these Guidelines. In summary, they are that:

10.15 The services in paragraphs 10.14.1 and 10.14.3 must be provided free of charge; the service in paragraph 10.14.2 must be provided free of charge for reasonable use. The service identified in paragraph 10.14.4 is not required to be provided free of charge. This is a consequence of it only having to be provided to End-Users subscribing to a caller display service, which itself is not required to be provided free of charge.

 Chapter 11

Enforcement of the guidelines

11.1 The Guidelines are not in themselves a regulatory instrument that carries legally binding force. Oftel expects Communications Providers to abide by them in recognition of their common interests and to protect the interests of consumers. Providing CLI services that respect privacy and Relevant Data Protection Legislation is simplified where players observe a common set of rules. Following the Guidelines also obviates the necessity for privately negotiated bilateral agreements between Communications Providers in order to come to an agreement on how End-Users' CLI information should be handled. However, the "voluntary" nature of the Guidelines does not mean that they can be ignored with impunity. There are four sets of constraints that underpin the Guidelines.

11.2 Primarily, the Guidelines provide a practical route to complying with UK Regulations implementing the Community Directives on privacy in the electronic communications sector. In cases of non-compliance the Regulations provide for enforcement by the Office of the Information Commissioner through the procedures set out in the Data Protection Act 1998 which can, in the final resort, result in criminal proceedings.

11.3 Both the existing Telecommunications (Data Protection and Privacy) Regulations 1999 and the draft Privacy and Electronic Communications (EC Directive) Regulations 2003 contain a similar provision: Regulation 16 in the 1999 Regulations, Regulation 12 in the draft 2003 Regulations. This provision requires Communications Providers to comply with any reasonable requests made by a provider of the service by means of which facilities for calling or connected line identification are provided in order that the Regulations' requirements on the prevention of the display of calling or connected line identification information are satisfied. A request to observe the principles and precepts set out in these Guidelines would appear to be a "reasonable request" for the purpose of the Regulations.

11.4 The Communications Act 2003 confers new powers on Oftel to take enforcement action where there are grounds for believing that there is persistent misuse of an Electronic Communications Network or Electronic Communications Service, that is to say where misuse of a network or service cause another person unnecessarily to suffer annoyance, inconvenience or anxiety. These powers may be exercised where End-Users knowingly cause unauthentic or misleading CLI information to be sent (see insert link).

11.5 Finally, as has been the case with preceding editions of the Codes of Practice for Network Operators In Relation to Customer Line Identification Display Services and Other Related Services, it is expected that interconnect agreements between providers of Public Electronic Communications Networks will reference these Guidelines with a requirement that the contracting parties abide by them.

Definitions

12.1 The definitions below are extracted from the General Conditions of Entitlement:

a) a transmission system for the conveyance, by the use of electrical, magnetic or electro-magnetic energy, of Signals of any description; and

b) such of the following as are used, by the person providing the system and in association with it, for the conveyance of the Signals—

a) identifying the destination for, or recipient of, an Electronic Communication;

b) identifying the origin, or sender, of an Electronic Communication;

c) identifying the route for an Electronic Communication;

d) identifying the source from which an Electronic Communication or Electronic Communications Service may be obtained or accessed;

e) selecting the service that is to be obtained or accessed, or required elements or characteristics of that service; or

f) identifying the Communications Provider by means of whose network or service an Electronic Communication is to be transmitted, or treated as transmitted.

12.2 The definition below is extracted from the draft Privacy and Electronic Communications (EC Directive) Regulations 2003:

12.3 The definitions below are extracted from the text of the Guidelines:

A guide to the use of Presentation Numbers

Introduction

A.1. The Guidelines for the provision of Calling Line Identification Facilities and other related services over Electronic Communications Networks define presentation numbers and the requirements that apply to them.

A.2. A presentation number is a number nominated or provided by the caller that can identify that caller or be used to make a return or subsequent call. In the UK the industry has recognised a number of scenarios where presentation numbers may be provided, as a commercial service, to meet differing customer calling requirements. The purpose of this guide is to describe the various types of presentation number service that have been developed to meet these end-user requirements and the conditions that are to be observed for their use.

A.3. Unlike a network number, a presentation number will not necessarily identify a call's point of ingress to a public network. However it may well carry more useful information. The requirements of a presentation number are that:

(i) it must either be

(a) diallable number, or

Types of Presentation Number

Type 1

A.4. A presentation number generated by the subscriber's network provider. The number is stored in the network and applied to an outgoing call at the local exchange by the provider. Because the number is applied by network equipment there is no need for it to be verified each time a call is made – instead the level of authenticity will depend on the checks made by a network provider that a subscriber is entitled to use a particular presentation number.

Type 2

A.5. A presentation number which identifies a caller's extension number behind a DDI switchboard. Although the number or partial number is generated by the user's own equipment, the network provider is able to check that it falls within the range and length allocated to a particular subscriber. In this way the authenticity of the number may be ensured. It should be noted that some network providers classify type 2 presentation numbers as network numbers (especially where the full number is constituted at the local exchange). This type of number is considered to carry sufficient authenticity to be classified as a network number and is carried as such by some networks.

Type 3

A.6. A presentation number limited to the far-end break out scenario where a call's ingress to the public network may be geographically remote from where it was originated. The number is generated by the user's equipment and is not capable of being subjected to network verification procedures. Verification is based on a contract between the subscriber and the network operator in which the subscriber gives an undertaking that only authentic calling party numbers will be generated.

Type 4

A.7. A presentation number available for the onward transmission of the originating number where a call breaks into a private network and breaks out again before termination, as in a DISA scenario. On the break out leg the number is generated by the user's equipment although it will have already been verified in consequence of having been delivered to the private network. To maintain the verification it is necessary to ensure that the number submitted by the private network is the number that was received.

A.8. Network providers wishing to offer a type 4 service will require a contractual commitment from customers that they will only submit CLIs that have been received from the public network. Unlike other types of presentation numbers, type 4 numbers may not always be diallable; this will depend on the nature of the number received from the public network.

Type 5

A.9. Presentation numbers that identify separate groups of callers behind a private network switch wishing to send different outgoing CLIs. A typical scenario is a call centre making calls on behalf of more than one client. Type 5 presentation numbers are generated by the user's equipment. Subscribers will need to enter into a similar contractual commitment with their network providers as for type 1 presentation numbers - that they are entitled to use the numbers they have selected.

 Annex B

Analysis of responses to the consultation

B.1. The consultation on the draft Guidelines for Customer Line Identification Display Services and other related services over Electronic Communications Networks commenced on 17 February and concluded on 21 May, with an informal extension to 13 June. The draft Guidelines are posted at www.oftel.gov.uk/publications/ind_guidelines/2003/cli0203.pdf. Responses to the consultation are posted at www.oftel.gov.uk/publications/responses/2003/cli0203/index.htm.

B.2. Eight non-confidential responses were received, from:

• BT Wholesale
• Cable & Wireless
• Consumer Communications for England (CCE) and Communications for Business (CfB) in a joint response
• Kingston Communications
  
• Northern Ireland Advisory Committee on Telecommunications (NIACT)
  
• Public Network Operators - Interconnection Standards Committee (PNO-ISC)
  
• Scottish Advisory Committee on Telecommunications (SACOT)
  
• Telecommunications UK Fraud Forum (TUFF)

B.3. The consultation comprised two distinct elements. Primarily, the consultation focussed on the application of Oftel's Consumer Policy Protection Review (CPPR) guidelines (posted at www.oftel.gov.uk/publications/about_oftel/2002/cppr1202.htm) to the CLI guidelines. The underlying question that the CPPR guidelines raise is whether consumer protection focused regulation, such as the CLI guidelines, is appropriate, proportionate and achieving its objectives. A secondary consultation invited stakeholder responses to the actual content of the CLI guidelines. Responses to each element will be taken in turn.

Application of the CPPR guidelines

B.4. The general case for the protection of personal data as privacy has been identified as one of the consumer interest criteria in the National Consumer Council list. In the context of CLI services the right to privacy is, fundamentally, the customer's right to choose, for each telephone call made, whether to release or withhold their phone number.

B.5. The case for the regulation of CLI services is made in Chapter 4 of the Guidelines. It is based on the recognition that although most customers of electronic communications services can choose which provider to use for the origination of their calls they exercise little choice over the networks which transit and terminate their calls. Where a customer chooses to withhold their number their communications provider may set the appropriate marker. However, whether or not that number is displayed to the called party will depend on the behaviour of networks over which the customer has no conscious choice and may be unknown to him or her.

B.6. In response to the three particular questions raised in the consultation the following points were made.

Question 1: Do stakeholders agree that the objective of protecting consumers' privacy rights justifies the regulation of CLI services?

B.7. The Advisory Committees (CCE/CfB, NIACT, SACOT) agreed strongly with this proposition, recognising that consumers have little control and power to choose the networks that are involved in the conveyance of a call. SACOT made the additional point that lack of consumer reassurance in relation to privacy rights might adversely affect consumer confidence in telecommunications as a mode of communication, which would have detrimental effects. NIACT made a point with relevance to the Northern Ireland environment, that security considerations warrant careful protection of consumers' details and that this should be treated as a particularly sensitive issue. Other respondents offered general assent to the proposition.

B.8. Kingston Communications made the point that the extension of rules applying to calling and connected line identification services to providers outside the normal network sphere was long overdue. Oftel agrees. The Guidelines are intended to apply to a wider set of providers that the CLI Code of Practice which was restricted to public network operators.

Question 2: Do stakeholders agree that the Office of the Information Commissioner should continue to have access to Oftel's technical expertise on matters relating to electronic communications, in particular on matters relating to CLI services provided over such networks?

B.9. Uniformly those respondents who answered this question agreed that Oftel or its successor should continue to provide technical advice to the Office of the Information Commissioner.

Question 3: Do stakeholders agree that the Guidelines add value to data protection legislation by enabling communications providers to achieve a practical implementation of the rights conferred by such legislation?

B.10. CCE/CfB agreed that the Guidelines add value to data protection legislation. SACOT agreed in principle but expressed two concerns. Firstly, it asked how compliance with the Guidelines will be monitored. Secondly, it raised the question of how consumers would be informed of their rights in relation to calling and connected Line Identification information.

B.11. Oftel's view is that the only practicable way of monitoring compliance with the Guidelines is through a consumer-driven reactive process. Where customers believe that their privacy rights have been infringed they can and should complain to Oftel, its successor or to the Office of the Information Commissioner, which will take up the points raised with the relevant provider. It would be a disproportionate use of resources for Oftel or Ofcom to monitor the Guidelines proactively through a system of test calls where there are no ground for believing that a provider is breaching the Guidelines. Additionally, Oftel is in a position to have a general overview of the level of compliance through its knowledge of the service offerings of particular providers.

B.12. Oftel strongly agrees with SACOT's point about the importance of consumer information and notes that Regulation 11 of the draft Privacy and Electronic Communications (EC Directive) Regulations 2003 obliges communications providers who provide facilities for calling or connected line identification to provide information to the public on the availability of such facilities and the privacy options that the Regulations require to be offered to consumers.

Contents of the CLI guidelines

B.13. A secondary consultation invited stakeholder responses to the actual content of the CLI Guidelines. The primary response to this part of the consultation came from PNO-ISC, supported by BT, Cable & Wireless and Kingston Communications.

B.14. The PNO-ISC response proposed some sweeping amendments to the Guidelines. Most fundamentally, it argued that the Guidelines should be recast so as to become more specific and impose rules on Communications Providers in the same way as the CLI Code of Practice did. The case is that only this will provide a definitive mechanism that providers can use to ensure the integrity of CLI data.

B.15. However the primary purpose of the Guidelines is to apply general data protection and privacy principles to CLI services, not to impose a particular technical implementation. Nonetheless Oftel recognises the value of the industry's engagement in the quasi-standardisation process that is required to develop a practical implementation of CLI services and welcomes the development of interoperability specifications for application within a specific technology. Paragraph 2.3 of the Guidelines now clarifies this point.

B.16. The PNO-ISC response proposed a number of detailed amendments to the Guidelines. One proposal was the term "Line Identity" which captures both calling and connected line identification should be used in the title. While accepting that this term is more precise, the language of the Directives and of the Conditions of Entitlement uses the term "Calling Line Identification" which is also the term most likely to be known to the public. To adopt a new term now, albeit one that is technically more accurate, runs the risk of causing confusion. Paragraph 2.4 extends the meaning of the term "calling line identification" as used in the Guidelines to embrace connected line identification, where applicable. The Guidelines now also contain a list of definitions, in a new Chapter 12.

B.17. A further terminological amendment proposed was the substitution of "End-User" by "User". However "User" is not a term defined by the Communications Act. On the basis that any "User" who is not a Communications Provider is an End-User, and that the Guidelines are about the privacy rights of End-Users rather than those of providers, such an amendment seems unnecessary

B.18. PNO-ISC made the point that the Guidelines omitted any requirement for 1471 erasure. This has now been included in a new paragraph, 5.4.

B.19. BT proposed that the requirements on Presentation Numbers in paragraph 6.10 should exclude any revenue sharing number where the called party receives a proportion of the revenue from a call, rather than simply excluding numbers prefixed 090 and 091. This proposal has much to recommend it but on balance Oftel felt that an unintended consequence might be to prevent the acceptable use of some numbers with a revenue-share element, such as national rate numbers. However the section has been strengthened by a reference to Oftel's powers to take enforcement action against the persistent misuse of an electronic communications network or electronic communications service where a Presentation Number is exploited to generate revenue sharing calls that the caller would not have knowingly made.

B.20. BT also proposed that Chapter 11, on the enforcement of the Guidelines, should reference the provisions in the existing and the draft Privacy Regulations requiring providers to comply with any reasonable requests made by relevant providers in order that the Regulations' requirements on preventing the display of calling or connected line identification information are satisfied. This is a useful addition to the range of enforcement powers already identified and has resulted a new paragraph, 11.3.

B.21. In respect of outbound international calls (see Chapter 9), Cable & Wireless suggested that the Guidelines should reference the list of Commission decisions on the adequacy of the protection of personal data in third (ie non-EU) countries published at http://europa.eu.int/comm/internal_market/privacy/adequacy_en.htm The list is extremely indicative but Oftel wishes to avoid the rigidities of mandating the export of CLI Data to listed countries and proscribing it to unlisted countries. There may be exceptional circumstances that prevail in some cases and Communications Providers may have specific knowledge that is not available to regulators.

B.22. The Telecommunications UK Fraud Forum (TUFF) expressed a concern that an undue focus on customers' privacy rights might restrict the investigatory process which could seriously hinder the investigation of telecommunications fraud and crime. Oftel's view is that the Guidelines are not an appropriate vehicle for setting the parameters of the relative weight to be accorded to privacy in the context of law enforcement. However in order to remind consumers of the exceptional circumstances in which privacy rights may lawfully be set aside a reference to the Regulation of Investigatory Powers Act 2000 has been added to Chapter 5.