T-Mobile scandal gives new impetus to Ministry of Justice consultation

Jeremy Phillips

For some time now, proponents of tougher data protection laws have been arguing the case for the introduction of a stricter regime and greater penalties for misuse of personal data. The previous Information Commissioner, Richard Thomas, called for the introduction of a two-year jail term to deter those convicted of trading unlawfully in personal back in May 2006 in his ICO report to Parliament entitled “What price privacy?”. Thomas’ updated report, reflecting the six months progress made since the first version entitled “What price privacy now?” repeated this call to action again pressing the case to the government for custodial sentences for the most serious of data protection breaches.

Despite the issue often receiving favourable coverage within the press and the media, there is a widespread view amongst data protection experts that the ICO calls have largely fallen on deaf ears within the corridors of Whitehall and Downing Street. The perceived ambivalence of the government towards the seriousness of data protection issues is reflected in the recent launch of legal proceedings against the UK government by the European Commission for the alleged breach of EU data protection laws caused by controversial internet advertising company Phorm.
One of the Commission’s key complaints is that that the UK does not have an independent national supervisory authority to deal with the interception of communications, including data communications, such as the ones which Phorm were “intercepting” without the data subject’s consent. The Office of Surveillance Commissioners, which oversees the conduct of covert surveillance only looks after public authorities, while the ICO, which looks after issues such as data protection, cannot enforce the Regulation of Investigatory Powers Act 2000, which covers interception of communications. Speaking about the proceedings, EU Telecoms commissioner Viviane Reding said that UK law would have to change to ensure the confidentiality of communications by prohibiting interception and surveillance without a user’s consent.
In a perverse way, last week’s breaking news story that staff at mobile phone company T-Mobile had passed on millions of records from thousands of customers to third party brokers, arguably could not have come at a better time for the current Information Commissioner, Christopher Graham. This is because it coincides with the Ministry of Justice’s current public consultation on the introduction of custodial sentences for those found guilty of knowingly or recklessly obtaining, disclosing, selling or procuring the disclosure of personal data without the consent of the data controller. The consultation opened on 15 October 2009 and closes on 7 January next year and, following this high profile incident, could not now be any more relevant.
Since his appointment to the ICO’s top job in June of this year, Graham, the former Director General of the UK Advertising Standards Authority, has made it his top priority to stamp out the illegal trade in confidential personal data, taking no time at all in picking up where his predecessor left off by branding current penalties under the Data Protection Act 1998 “pathetic” and “simply inappropriate for the [illegal] activities going on today”.
Speaking after the announcement that individuals involved in the sale of T-mobile customer data would have made “substantial amounts of money” by selling details which related to customers’ phone contracts, including their names and addresses and contract expiry dates to brokers working for other mobile phone companies, the ICO boss said:
“The existing paltry fines for Section 55 [of the Data Protection Act 1998] offences are simply not enough to deter people from engaging in this lucrative criminal activity. The threat of jail, not fines, will prove a stronger deterrent.”

With such a well-known consumer brand involved in this front page news scandal the case for tougher sanctions seems to have received a timely boost. It must surely now be only a matter of time before Graham and the ICO have a more power range of enforcement options in their armoury.

Posted by Jeremy for Greg Ruback.

Leave a Reply

Your email address will not be published. Required fields are marked *