Cellphone directory project pulled before launch

There’s been an interesting development over the promotion by a UK company, 118800, of a directory of cellphone numbers. The service has been available since June, but suddenly it’s off the air. For non-UK readers: the “118…” company name reflects the UK’s assignment of 118xxx phone numbers for directory services.

The UK media covered the story in June, interviewing 118800 executives and covering privacy concerns. The privacy regulator had approved the new service. That doesn’t mean they like it – that’s not their job. All it means is it doesn’t appear to contravene applicable law.

But approval did require an easy opt out. Most of the stories covering the new service publicised how to do this. Registering to protect your number as ex-directory (XD) is indeed easy, from either your phone or (the way I did it, on Thursday) from the web. And there’s no reason to disbelieve the message that came back saying that my details would not now be published.

It was actually a well thought out service, from the privacy point of view. It wouldn’t release numbers. What it would do – will do, if it gets up and running – is to offer the call to the target number and then connect the call.

Well … I registered XD on Thursday, following an email which was circulated, chain-letter style, from a relative. The alert said that XD registration had to be completed by Monday. I don’t know if that was actually the case, in fact I rather doubt it; but, real or otherwise, it triggered me to do the deed.

Today, two days later, the service’s web presence is reduced to one page which says Service suspended whilst we make improvements and goes on to say … whilst we undertake major developments to our ‘Beta Service’ to improve the experience for our customers. Everything’s suspended, including the ability to go XD. This is progress from yesterday when, as reported by a Taily Telegraph‘s columnist, the service was just “unavailable”.

Now I emphasise that this is pure speculation, but I wonder if so many people have gone onto the site to have their data protected that either the site crashed under the pressure, or the promoters have decided the service isn’t viable after all.

What’s interesting is the light it sheds on our understanding of the “Facebook generation”. It’s usually reckoned that the Facebook and Twitter generation – who are also the mobile phone generation – are less protective of their personal space. They tweet about all kinds of things and publish a wide range of pictures and content on Facebook which many people can see. But, if my guesses are right, it seems that my mobile phone number is still my castle. Even for Generation Y, there are limits.

And here’s another thought. I de-registered with 118800. Yet, if I could swallow the £1 fee for each use (whether they have the number or not) plus whatever charge is made for actually connecting the call, it’s the kind of service I might well use. I freely admit there’s a contradiction here. I want to protect my data, but I’d like to be able to see other people’s. But then, I trust me. I don’t trust unknown people on the other side of a 118800 account.

What do you think?

• 118800.co.uk
• Screenshot: 118800.co.uk captured on 11 Jul 2009
• 118800: Has the privacy backlash already begun?, Basheera Khan, Daily Telegraph blogs, 10 Jul 2009
Mobile phone directory to launch, BBC, 9 Jun 2009
• I have failed to locate Connectivity UK (the parent company, based in Theale, Berks) on the web. If you know their website, please let me know.
• Incidentally you can still find quite a lot of 118800 website content by doing a Google search and looking at the cached pages.

Information Commissioner reviews EU data directive

Britain’s Information Commissioner, Richard Thomas, leaves his post shortly after almost seven years. Computing reports on one of his final high-profile actions: the publication of a report he commissioned a year ago which reviews the action of the European data directive. The Press Release from the Information Commissioner’s Office (ICO) refers to “growing fears that the current European Directive is out-dated and too bureaucratic”.

European legislation on data protection and privacy led the world, and in many ways still does. Its implementation into in-country legislation varies from wholehearted to grudging. But it’s established in public awareness and, in particular, in the information professions the need to respect information about individuals and handle data appropriately. None the less, both business and technology have moved on and Richard Thomas believes that regulation needs to catch up.

For example: the directive’s restrictions on cross-border flows of information didn’t push the US to implement full data protection legislation; but it did result in the creation of “safe harbor” provisions. But a work-around is common: notifying data subjects that the data they are providing may be transferred to non-EU countries. If they don’t agree, they can’t get access to whatever service they are trying to sign up for.

The report’s overall conclusion is that the Directive, as it stands, “will not suffice in the long term”. The principles remain good; but implementation needs to be what the authors call “harms-based” – that is, based on an understanding of the damage that can be done – in order to respond to the challenges of globalisation. The authors don’t call for the Directive to be scrapped, but they believe some of the concepts need to be re-thought and better consensus achieved in some areas.

So the report proposes, among other things, that global enterprises should shoulder global responsibility for the data they hold rather than having to work through “outdated” geo-politically based restrictions. The ICO’s Press Release speaks of “stronger focus on the accountability of all organisations for safeguarding the information they handle”, “improved arrangements … for the export of personal data outside the European area”, and “a more strategic approach to enforcement”. There are about four pages of recommendations in the full report, well worth reviewing if it’s in your area.

Thomas believes that “Data protection is too important to be left to data protection specialists talking to each other”. The report isn’t a blueprint for a new directive but is intended to stimulate debate. Let’s see where it goes.

Data protection needs new approach, Computing, 21 May 2009
• Making European data protection law fit for the 21st century, ICO Press Release, 12 May 2009 (PDF document, with links to both the full report and an ICO summary)
• European data directive 1995 (Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data)
• For Richard Thomas’s bio see the ICO management Board page