In 1997, the EU introduced Directive 97/66/EC in order to strengthen and clarify data protection and privacy rules in the telecommunications sector.  This Directive has now been implemented in Irish law by special Regulations, made by the Minister for Public Enterprise.  The Regulations – known as the European Communities (Data Protection and Privacy in Telecommunications) Regulations, 2002 (Statutory Instrument 192 of 2002) – came into effect on 8th May 2002.

The Regulations set out, in some detail, the data protection standards that apply in the case of public telecommunications networks – including issues of security, privacy and direct marketing.  The main features of the Regulations fall into five categories, as follows.  Click on the headings to obtain further details in each case.  

1. Retention of detailed telephone records
Detailed records of people’s telephone calls may be kept for as long as necessary to enable bills to be settled, but no longer.

2. Calling Line Identification , or “Caller ID”
Telephone users have the right to block their phone number, so that it is not displayed to other telephone users. 

3. Public telephone directories
Individuals have the right to be excluded from public phone directories, or to have their address and gender omitted to protect their privacy.

4. Direct marketing
Individuals can sign up to a central ‘opt out’ register, to indicate that they do not wish to receive unsolicited telephone calls.

5. Enforcement and compliance
The Data Protection Commissioner will enforce the data protection aspects of the Regulations, and the Office of the Director of Telecommunications Regulation is responsible for ensuring compliance with some technical and practical elements of implementing the Regulations.  

Retention of detailed telephone records 

The Regulations provide that “traffic data” – details of the individual calls made by individuals – may be retained for as long as necessary to enable bills to be settled.

In applying this rule in practice, telecommunications companies should be mindful of the strong privacy impact of logging the details of particular calls made by individual subscribers.  The Data Protection Commissioner’s advice is that telecommunications companies should only store such privacy-sensitive data for a limited period of time – say three to six months – to enable routine billing queries to be addressed.  Details of calls made by subscribers should not routinely be kept for longer periods.  However, it is permissible to retain such data for longer periods if –

• the particular subscriber has queried his or her bill, and the  data need to be retained to enable the query or dispute to be resolved

• there is some other legitimate reason to believe that a query or dispute is likely to arise in a particular case

• there is some binding legal requirement to retain the data for a longer period.  

Subscribers also have the right not to receive detailed itemised bills, if they wish, as an extra step to safeguard their privacy.  

Telecommunications companies may use details of individual telephone usage for the purpose of marketing their own telecommunications services, where individual subscribers have consented to this – see more under ‘direct marketing’ below.

Back to Menu

Calling Line Identification  (“Caller ID”) 

Caller ID is the system that allows phone users to see the number of the person who is calling them.  The Regulations set out rules to ensure that the system respects people’s privacy rights. 

The rules applying to Caller ID can be summarised as follows:

Rights for people making telephone calls

• Telephone subscribers have the right to hide or withhold their number, every time they make a call, so that it cannot be seen by the person they are calling.  This right must be easy to exercise, free of charge.  This is referred to as ‘per-line’ withholding.

•   Even if a telephone line is not routinely hidden, callers should be able to hide the number for particular calls.  This is ‘per-call’ withholding, and again must be available easily and freely.  

Rights for people receiving telephone calls

•   People receiving telephone calls have the right to reject incoming calls automatically, in cases where the caller has hidden or withheld the Caller ID.  This facility must be easily and freely available.

• People receiving telephone calls have the right to block Caller ID details of incoming calls from being displayed.  This function must be available easily and free of charge for reasonable use.

•   People receiving telephone calls can prevent their own number from being displayed to people who have called them – i.e. the right to block ‘connected line identification.’ 

Overriding Caller ID rules – exceptional circumstances

In certain exceptional circumstances, people’s preferences regarding Caller ID may need to be overridden, so that the number of the person making the call is available to the person receiving the call. These circumstances, provided for in the Regulations, are as follows –

• where An Garda Síochána are investigating obscene or menacing phone calls

• where an emergency call is made (by dialling 999 or 112), to enable the emergency services to answer the call.

Information about Caller ID

The Regulations provide that telecommunications companies must inform their subscribers about Caller ID services.  The companies are obliged to publish a notice giving these details, and to display the details in their public offices and on their websites.  The companies must also provide information, on request, about the circumstances in which the normal Caller ID settings can be overridden (see previous paragraph).

Back to Menu

Public telephone directories 

The new Regulations introduce rules for the publication of telephone directories, to ensure that the privacy of individual subscribers is safeguarded.  The rules are as follows.

• The personal details appearing in public telephone directories should be limited to what is necessary to identify the subscriber and his or her telephone number, unless the individual subscriber has given explicit consent for the inclusion of additional details.

• In addition, subscribers have the right to be excluded from the directory (i.e. to have “ex-directory” status), or to have details of their address omitted.  Subscribers may also request that the entry does not reveal their gender.  

Direct marketing

The Regulations include measures to respect the rights of people who do not wish to receive unsolicited telephone calls for direct marketing purposes.  The new measures are as follows:

• The Regulations establish a single, national register on which people can indicate that they do not wish to receive unsolicited telephone calls.  This national ‘opt out’ register must be consulted by direct marketers, and the wishes of subscribers must be respected.  Individuals who wish to be included in the ‘opt-out’ register – i.e. individuals who do not wish to receive unsolicited telephone calls – should notify their telecommunications company, which will make the appropriate arrangements.  Subscribers with unlisted numbers will automatically be included on the ‘opt-out’ register.
  Note:  The ‘opt-out’ register will form part of the National Directory Database – the central phone directory which lists subscribers from all the telecommunications companies in Ireland – and its implementation is supervised by the Office of the Director of Telecommunications Regulation (ODTR).
  

• The use of automatic dialling machines, to call individual subscribers at random for direct marketing purposes, is prohibited, unless subscribers’ consent has been obtained in advance.  Unsolicited fax messages to individual subscribers are likewise prohibited.  
  

• Companies, societies and other organisations are also afforded some data protection rights, for the first time, under the Regulations.  Such organisations may ‘opt-out’ of receiving unsolicited telephone calls – including randomly-dialled calls and unsolicited faxes – by signing up to the national ‘opt-out’ register.
  

•  A telecommunications company, which records telephone usage details about its subscribers for billing purposes, may use some of these details for the purpose of marketing its subscribers about the company’s own telecommunications services – provided that the subscriber has consented to this.  Ordinarily, this consent should be sought from the outset, when a subscriber is signing up to receive a telecommunications service. 

  Back to Menu

Enforcement

Most of the rules set out in the Regulations are data protection rules, and the Data Protection Commissioner is responsible for their enforcement, in line with his functions under the Data Protection Act, 1988.  The Regulations also confer a new power on the Commissioner to take proactive steps to ensure compliance by telecommunications companies with their responsibilities. 

Some of the rules have a technical character – e.g. Caller ID rules, establishment of an ‘opt-out’ register for direct marketing, and the security responsibilities of telecommunications companies – and the Office of the Director of Telecommunications Regulation is responsible for monitoring compliance with these rules. 

In exercising their respective functions, the Data Protection Commissioner and the Director of Telecommunications Regulation shall cooperate fully with one another.

Finally, the Regulations confirm that if a person suffers loss or damage as a result of a contravention of any of the rules laid down in the Regulations, then the person shall be entitled to make a claim for damages in the courts.