Protecting your privacy.

Protecting your privacy.

by handy giff-staffer gaffer on ‎30-01-2012 15:01 - last edited on ‎27-10-2014 19:15 by handy giff-staffer zobia22


If you’ve been following our forum announcements you’ll have seen that last week a serious data privacy problem was discovered that affected giffgaff members – it meant that the mobile number of giffgaff members was made available to websites in the “header” information that is passed between web servers and mobile handsets during web browsing.


The problem affected O2 and some of the partners that use its network, which is why giffgaff was affected, and after being detected on Wednesday morning it was quickly fixed by 2pm on Wednesday afternoon. However, the fault had actually been in place since 10th Jan so any web browsing that our members did since between that date and last Wednesday would have been equally vulnerable.


I’d like to reassure all our members that we take data privacy very seriously, and will be working with O2 to ensure that this problem does not re-occur. Like all companies who hold customer data we have a privacy policy that outlines what data we hold and how we use it. We also have a policy of never selling or giving your data to third parties.


The fault occurred when some maintenance work meant that mobile numbers were shared with all websites and not special, trusted sites. This has raised some alarm as it not generally known that your mobile number can be shared in this way – although it has been standard practice in the mobile industry for over 10 years and the vast majority of networks work in this way.


These trusted sites are ones that need your mobile number to either verify your identity or to bill for content – most ringtone and wallpaper sites work in this way. Our members have been debating whether mobile numbers should be made available in this way – the answer isn’t as straightforward as you might imagine since anytime you call a business without blocking your number that business could very easily log it and use it to call you back or text you (although what they could say to you is quiet restricted under data protection laws - they certainly couldn't sell your number to a 3rd party).


My personal view is that mobile number sharing on the web should use the same controls as for voice calls – so if you withhold your number it works for websites too. It would mean that some websites wouldn’t work properly, but then if you withhold your number many people you call will decline to answer. It’s about personal choice after all.

Looking for something?

Join giffgaff
  • For only £10 a month:

    • 500 minutes
    • Unlimited texts
    • 1 GB Internet
    • Free calls to giffgaff