Friday, 15 August 2014

Latest email to ICO...

I understand from my MP that the next step is to make a formal complaint
about the ICO, and if not satisfied then there is a Parliamentary and
Health Service Ombudsman to pursue.

So, I would like to complain that I am being ignored by the ICO.

I have made a lot of complaints about one (or possibly more)
organizations that are making calls in breach of section 19 of The
Privacy and Electronic Communications (EC Directive) Regulations 2003
and possibly other sections.

Each complaint has been sent in by email, and it seems you are now
officially ignoring me. I noticed that for a while I was no longer even
getting the "We have received your email" reply until I changed the
sender address for each complaint, suggesting you were actively
filtering my reports.

You have raised a lot of excuses as to why you are ignoring me, none of
them valid :-

1. You could not play the call recordings, but I understand that has now
been sorted, and I am now sending in MP3 format to make easier.

2. You do not have legal powers to trace calls - I explained the many
powers you have granted by the PECR modifying the DPA, and I have not
had any response to this. You do have powers to investigate, and indeed
an obligation to do so, but are refusing to do your job.

3. You have said you do not investigate individual complaints, but I
have now complained hundreds of times. You have suggested that each
email somehow counts as an individual complaint, which seems little more
than a contrived excuse to not do you job. I have even sent multiple
complaints in a single email to bypass this excuse but to no avail. Tell
me exactly how many complaints are needed for you to take action.

4. You have asked me to report via your web site rather than via email,
but as I have pointed out, there seems no form on your web site for
this. I can see an option to "report a concern" via some sort of survey
web site - but I cannot see where I formally request that the
commissioner to exercise enforcement functions in relation to this
breach as per section 32 of the regulations. If you show me where that
form is, I'll use it.

It seems that the ICO are simply refusing to do your job in spite of a
request as per section 32. Given that, in the absence of section 32,
anyone could make such a request anyway, the only reason for section 32
existing is if such requests have to actually be acted upon by the ICO.
I would hope a judge and ombudsman agree with me on that. I note that
section 30 allows me to sue any party in breach of the regulations for
damages and at this stage I consider the ICO to be in breach by refusing
to do your mandated job - so maybe I'll sue you for damages.

If I do not get a satisfactory response in the next 14 days I will
pursue this with the ombudsman.

I look forward to your formal reply.

Update: I did not get the normal automated reply to my email, so I sent again from a different source address - this time I did. So it looks like they are actually filtering my email address. Now that is naughty!


  1. My suspicion is that the "individual complaint" bit is that they merely aggregate complaints, only taking further action once multiple complaints have been received about any given subject.

    They are at least taking minimal action against the very worst offenders now, hopefully this will inspire them to make more than a token effort to enforce the rules. It's high time business customers were prevented from hiding behind "number withheld" or "out of area", too: the number of anonymous spam calls I've received lately from "Solar Energy (something or other)", which doesn't actually identify the offender, is ridiculous. If the ICO really did their jobs, they'd trace those calls and prosecute the offenders too.

  2. Always willing to proof-read your rants before they go to the ICO, Adrian =P

  3. <- quick proof

    1. As I have already sent it, I'll leave as is. Thanks anyway.

    2. Sorry, my proofreading brain pinged and I just had to do it :)

  4. The lack of automated reply might not be so naughty. I seem to remember that some "Out of office" reply mechanisms remembered to whom they had already sent the message and didn't send another one to the same address. This could be the same.