GDPR and Telecom law broken, mobile network operator refuses to disclose user of a phone number

Question

I got today a very unnerving phone call. It was a telemarketing, but unlike any other I had before, this was automated system and it suggested it knew much more about me than my number. I'm talking location, age, health...

The call did not state who it was from and who's responsible for GDPR administration.

It took some time but I found out who is the mobile network operator. Unfortunately, when called there, I was informed that they will not give me any information about this number.

Which is weird. By definition, company that owns the number is not private information. Unless it's private person, but can a private person conduct telemarketing on a massive scale? Anyway, this means I'm unable to exercise my GDPR rights and view and revoke my permission for marketing.

In addition, in Poland it is forbidden to use bots (and this call was 100% automated, with voice recognition of the answers and adapting script accordingly) for any marketing. And it's not part of GDPR (RODO), but separate Telecommunications Law. Which, admittedly, is much worse than GDPR in terms of penalties.

Is there a way to force them outside going to court to disclose bare minimum of the information i require?

Answer 1

By definition, company that owns the number is not private information.

This is not true.

Who owns a telephone number is a matter between the telephone company and the subscriber. If they don’t want their ownership to be public then that’s up to them. Back in the day of landlines and paper telephone directories it was possible to request a “silent number” which would not be listed.

While it is correct that a company itself does not have personal information subject to GDPR, knowledge about the company can disclose personal information about individuals. For example, the directors and shareholders of a company are often part of a public register. Disclosing that company A owns the phone number, when combined with that public register has revealed GDPR protected information about individuals.

The telephone company is correctly applying the GDPR by not telling you who their subscriber is.