Mobile telecommunications operator O2 sends its customers’ telephone numbers to website operators when they visit their sites from their mobile phones, an engineer has discovered.
Lewis Peckover, a system administrator at mobile gambling company Probability, discovered yesterday that O2 includes the users’ phone number in HTML headers, the metadata included in any HTML request or reponse.
Peckover wrote a script that allows mobile web users see the information that is being sent by their provider in their HTML headers. It seems that devices on the O2 mobile network send an extra line of information – the "x-up-calling-line" – which shows the phone number of the browsing device.
Large web operators typically collect data from HTML headers in order to track where visitors are located and what browsers they are using.
O2 says it is "investigating the issue".
The UK’s Data Protection Act prohibits companies from passing their customers’ personal data onto third parties without consent. The Information Commissioner’s Office says that it will now speak O2.
"When people visit a website via their mobile phone they would not expect their number to be made available to that website," the Information Commissioner’s Office said in a statement.