The ICO exists to empower you through information.

In brief…

If you are a service provider, you must provide information about CLI and related privacy services. You must enable customers to withhold their number, and to reject anonymous calls.

There are exemptions for tracing malicious or nuisance calls, and for emergency 999 or 112 calls.

In more detail…

What is CLI?

CLI can mean either ‘calling line identification’ or ‘connected line identification’.

Calling line identification allows the person receiving the call to see the caller’s number. This covers caller ID displays as well as the 1471 service and other call-return services.

Connected line identification works the other way round: it allows the caller to see the number of the person answering the phone. This may not always be the same as the number they dialled – for example, where someone has forwarded out-of-hours business calls to their private line or mobile phone.

What are the rules on CLI?

The rules about CLI are in regulations 10 to 13. In brief, where CLI is available, service providers must:

  • allow callers to withhold their number;
  • allow called subscribers to prevent the caller’s number being displayed;
  • provide an anonymous-call rejection service;
  • allow called subscribers to withhold their number; and
  • provide information to the public about CLI services.

Who needs to comply?

These rules apply to all service providers (eg telecoms providers). All network or service providers must also comply with any reasonable requests from another service provider in this area.

What privacy options must we give callers?

You must give your subscribers the option of automatically preventing caller ID (in other words, to withhold their number) on every call made on their line. This option should be free and simple.

You must also provide a free and simple way for any user to withhold the number on a particular call (even if the subscriber has not chosen to automatically withhold the number on every call) – for example, by entering a prefix code before dialling the phone number they wish to call.

What privacy options must we give customers receiving calls?

You must give your customers the option of preventing caller ID on incoming calls. This is likely to be important for helplines that guarantee the caller’s anonymity, such as The Samaritans, Alcoholics Anonymous or police information lines. This option must be free (for reasonable use) and simple.

You must give your customers a simple way of rejecting calls if the caller has withheld their number (sometimes called anonymous call rejection, or ACR). Because this must be available to the subscriber and not just the user, our view is that you must offer automatic call rejection. We are aware that automatic network-level call rejection is not currently feasible on all categories of service, for example on mobile services. We therefore advise that automatic network-level call rejection should be offered where it is technically feasible for the category of service. You must offer other options – eg a call-reject button on the device – if automatic network-level call rejection is not possible.

You must also give customers receiving calls the option of withholding their number from the caller. This is to preserve their privacy if they have forwarded calls to a different number from the one the caller dialled – for example, if business calls have been forwarded to a mobile phone. This option should be free and simple.

Regulation 17 also requires service providers to terminate unwanted call forwarding. If someone else is automatically forwarding calls to your customer’s number, that customer can ask you to stop the call forwarding and you must do so as soon as possible.

Can we charge for any of these services?

PECR specify that you must provide most of these services free of charge. However, you may make a reasonable charge for anonymous call rejection services.

There is nothing in PECR to stop you charging for CLI itself.

Are there any exemptions?

You can only override a customer’s CLI preferences in limited circumstances, namely to trace malicious or nuisance calls or to facilitate emergency 999 and 112 calls.

Malicious or nuisance calls

The rules about malicious or nuisance calls are in regulation 15. If a customer asks you to trace malicious or nuisance calls, you can override the caller’s request to withhold their number – but you must be satisfied that your actions are ‘necessary and expedient’ to trace a malicious or nuisance call.

You can also provide information about the caller’s identity to anyone with a ‘legitimate interest’ (this is not defined, but is likely to include the police or a regulatory body, as well as the customer receiving the calls).

However, you should still be cautious with requests for information about a caller’s identity. For example, if you are not satisfied that the caller has actually been making malicious or nuisance calls, it may not be fair or appropriate to reveal their identity to the customer receiving the calls. But it may still be appropriate to pass their identity to the police for further investigation.

Emergency 999 and 112 calls

Regulation 16 sets out an exemption for emergency 999 or 112 calls. Callers cannot withhold their number on these calls. This is to enable the emergency services to make return calls if needed. Also the rules on location data do not apply, so that the emergency services can be informed of the caller’s location quickly and easily.