ICO refuse to do their job, still

I have sent recordings of calls that are in breach of section 19 of the PECR. They are automated calls (several different types) where the caller has given no permission to make such calls. They are war dialling numbers.

I requested the ICO exercise their enforcement function, as per section 32.

The ICO refuse to. They have come up with lots of excuses including :-

  • Unable to play the recording, though they have now managed to.
  • Having no powers to trace calls, which is a lie - they have loads of powers from PECR in the DPA which allows then to get information for this very purpose. They did not reply when I pointed that out.
  • They don't investigate individual complaints (well, why not, that is their job!)
  • I must jump through hoops to fill in their on-line reporting form (I wonder if I can script that).
The latest stupidity follows from the "not investigating individual complaints". I pointed out that I have sent more than one, indeed, I am sending dozens of complaints each day, with full call details and a call recording, so this is no longer an "individual complaint" but a series of complaints.

Their response is that each report I make is an "individual complaint" and so won't be investigated!

I have sent a recording of two calls in one email now, saying this is not about an individual incident but two calls, so will they now investigate it. I bet they won't

They are insistent that I am not allowed to forward the calls to their switchboard. I pointed out that surely they would not take any action over that though - or do their staff get special treatment for junk calls? Also asked how they would know it was me forwarding the calls (especially if they have no powers to trace a call)? Not had a reply on that one yet.

Next step? I assume it is writing to my MP.

I am wondering about scripting their on-line form though. How hard can it be I wonder. I wonder if I can bill the ICO for that - after all section 30 lets me charge damages to any party in breach of the regs, and surely not doing your job as defined by the regs is acting in breach of the regs?

Update: I have written to my MP.

Update: On looking, the form on their web site is indeed just a "survey" for "reporting a concern". I cannot find where one formally requests that they exercise their enforcement action as per section 32, so I have asked where the form for that is located or what official means they wish me to use if not email. We'll see.


  1. Interesting problem to solve scripting their form, I see they are using snapsurvey (of all things) so perhaps you just need to grab page 1 and extract the surveysession and then as you know which fields will be used for each page simply use curl -d 's for the fields and pass the same surveysession and hidden data like page. repeat for each page. done. - well maybe. thats the theory.

    If you do spend sometime on it perhaps you should open source it :)

  2. Oh, I would open source it, definitely!

  3. > don't investigate individual complaints

    This is perhaps in accordance with their April consultation on more effective ways of working — that they should be dealing with systemic issues, rather than individual complaints, performing the role of a regulator rather than an ombudsman. On the whole, I support this approach, but it is obviously causing problems here.

    However, I wonder if you could try a different tact, if you are not managing to make your way passed the frontline staff. You run a telco/ISP, and the ICO has an industry liaison team, with a business and industry liaison team, including staff focussed on telecoms matters. Reaching out to these, rather than front line, and making this a policy / industry conversation, rather than the forwarding of complaints, might help you get where you want to be? If I can help point you in the right direction, feel free to drop me an email.

    1. On the whole I support the idea of dealing with systemic issues if it solves any problems. If it just means that only the larger offenders get punished then I don't think its a good thing though.

      IMHO, an offending company should be fined for each breach, rather than allowing them to get off scot-free if not enough people complain. Maybe even give reporters a chunk of the penalty fee as a reward to encourage people to report offenders...

  4. Hm - is this a policy of not investigating complaints at all, or not investigating complaints from individuals? Perhaps if, say, a small service provider were to relay aggregated complaints from multiple customers to them, they'd react more?

    If you could do some data analysis on the spam-trap farm and come up with a complaint of "we've had illegal marketing calls to 127 different TPS-registered customer numbers all coming from 0303 123 9070, here are some sample voicemail messages they left our customers" this might get better results.

    Indeed, from their page on the subject - http://ico.org.uk/enforcement/action/calls - it seems this is exactly what they do: aggregate all complaints from the public, then pick out a few dozen to investigate further (the 85 third party information notices they mention). They do actually take action against the very worst offenders, it just takes a great deal more than a single complaint to trigger action.

  5. I'm on the TPS. I still get junk calls from UK numbers. I'm beginning to wonder if the TPS is now so universally ignored that there is no point being on it.

    I'm also getting automated calls assuring me I definitely qualify for a government funded boiler replacement. I thought they weren't supposed to make automated calls unless people had signed up to them?

    And I get a lot of calls which simply pick up to silence and hang up after a couple of seconds. That's definitely not allowed, you're supposed to have someone ready to talk to the called party.

    It's reached the stage where when the phone rings I look at the caller ID, and unless it is a number I recognise or one on my local exchange I don't pick it up. If it's a real person I'll pick up while they're talking to the answering machine.

    The nice thing about my current digital answering machine is calls of a few seconds silence aren't recorded. I've got friends who moan about having dozens of silent calls on their answering machines when they get home that they have to listen to. But I shouldn't need to have the right answering machine (by accident) to avoid this.

    It's no wonder some people are giving up on landlines completely. Driven out by junk calls is probably a contributing factor.

    1. Interesting - I'm on the TPS and get multiple spam calls per day, but virtually none present UK numbers. The vast majority are number withheld (which will be getting routed straight to voicemail as soon as I get that set up), or "out of area" (sometimes presenting obvious junk CLID, like 00144 followed by too many digits to be NANP).

      I think requiring number-withheld to be a free option for all including companies, yet not requiring the same of anonymous call rejection, was a mistake. Prohibiting anonymous calls from non-residential lines and requiring anonymous call rejection to be a non-charged option on all lines would go a long way to stopping this abuse, with no real downside.

    2. TPS has been a joke for a while - but then it is run by, of all people, the Direct Marketing Association. There's absolutely no incentive for them to have it work... they'd piss off their members.

      I avoid spam by doing the same as above.. never answering unless it's a local call or/and I'm expecting a call.

  6. The last PECR complaint I filed I just sent by email to their casework@ico address, which seemed to work. Sadly they rejected the complaint on the grounds that it wasn't to an "individual email address" (it was to my personal business address, but since that's owned by my limited company they refused to act).

    In that case, someone had basically scraped the companies house database and spammed all the email addresses in it - wonder if the companies house T&Cs allow that.

    As for the "individual complaints" thing - maybe they should explain what the purpose of the form to report complaints is if their policy is to not investigate any that are reported through that form!

    I might set up a thing on my phone system to allow me to automatically report spam calls (put together as much of the email as possible from the call logs and call recordings and then let me fill in anything extra).


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

ISO8601 is wasted

Why did we even bother? Why create ISO8601? A new API, new this year, as an industry standard, has JSON fields like this "nextAccessTim...