Who-Calls.me.uk

Privacy Rights Under UK Law

What callers can and cannot do: GDPR implications and other relevant regulations for telephone marketing and privacy
Home > Protection Guides > Privacy Rights Under UK Law

Understanding Your Telephone Privacy Rights

In the United Kingdom, several laws and regulations protect your privacy regarding telephone communications. These rules govern how organizations can contact you, what information they can request, and what rights you have to control communication.

Since Brexit, the UK has maintained and strengthened its data protection framework through the UK GDPR (United Kingdom General Data Protection Regulation), which works alongside the Data Protection Act 2018. These laws provide robust protection for your personal data, including your telephone number.

This guide explains the key regulations that protect you from unwanted calls, your rights under these laws, and what actions you can take when callers breach these regulations.

Key Legislation Protecting Your Telephone Privacy

UK GDPR & Data Protection Act 2018

Governs how organizations must handle your personal data, including your phone number.

PECR 2003

The Privacy and Electronic Communications Regulations specifically regulate electronic marketing, including telephone calls.

TPS Regulations

The Telephone Preference Service provides a register for opting out of unsolicited sales and marketing calls.

Consumer Protection Regulations

Protects against unfair trading practices, including misleading and aggressive telephone marketing.

GDPR and Data Protection: How They Protect Your Phone Number

Your Phone Number is Personal Data

Under the UK GDPR, your telephone number is considered personal data because it can be used to identify you. This means organizations must have a lawful basis for processing (using) your number.

Legal Bases for Calling You

Organizations can only call you if they have one of these lawful bases:

  • Consent - You have clearly agreed to be contacted for a specific purpose
  • Contract - The call is necessary for fulfilling a contract you have with them
  • Legitimate interest - The organization has a legitimate business reason that doesn't override your privacy rights
  • Legal obligation - They are legally required to contact you

What Organizations MUST Do Under GDPR

  • Be transparent about how they got your number and why they're calling

  • Provide information about their identity and contact details

  • Have appropriate security measures to protect your data

  • Respect your data rights, including the right to object to processing

  • Delete your data when it's no longer needed or when you request it (subject to exceptions)

Your GDPR Rights Regarding Phone Calls

When it comes to telephone communications, the UK GDPR gives you several important rights:

  • Right to Information

    You have the right to know who obtained your phone number, how they got it, and what they plan to use it for.

  • Right to Object

    You can object to your number being used for direct marketing at any time, and organizations must stop calling you for this purpose.

  • Right to Erasure

    Also known as the "right to be forgotten" - you can request that organizations delete your phone number from their records (with some exceptions for necessary processing).

  • Right to Restriction

    You can request that an organization limits how they use your phone number while they investigate a complaint.

  • Right to Data Portability

    You can request your data in a format that allows you to transfer it to another organization.

PECR and Telephone Marketing: Specific Rules for Callers

The Privacy and Electronic Communications Regulations (PECR) work alongside the UK GDPR to provide specific rules for electronic marketing, including telephone calls.

What Callers CANNOT Do

  • Make automated marketing calls without your specific prior consent

  • Make live marketing calls to numbers registered with the TPS/CTPS, unless you've given specific consent to that organization

  • Conceal their identity when making marketing calls

  • Continue calling after you've objected to their marketing

  • Send marketing faxes to individuals without specific consent

What Callers MUST Do

  • Identify themselves and provide contact information if requested

  • Display a valid, contactable phone number on your caller ID

  • Screen their calling lists against the TPS register at least every 28 days

  • Honor opt-out requests immediately

  • Maintain records of people who have opted out of receiving their calls

Automated Calls vs. Live Marketing Calls

Automated Calls

  • Require your specific prior consent
  • Must identify the caller/company
  • Must provide contact details
  • TPS registration alone is not enough protection - explicit consent is required

Live Marketing Calls

  • Cannot be made to TPS-registered numbers unless you've given specific consent to that organization
  • Must stop if you object during the call
  • Must display a valid, contactable phone number
  • Even if you're not on TPS, you can still tell organizations to stop calling you

TPS and Other Specific Protections

The Telephone Preference Service (TPS)

The TPS is the UK's official opt-out register for unsolicited sales and marketing calls. It's a free service for consumers that gives you legal protection against unwanted telephone marketing.

Key Facts About TPS:

  • It's illegal for organizations to make live marketing calls to numbers registered with the TPS unless they have your specific consent
  • Registration takes up to 28 days to become fully effective
  • Your registration never expires unless you change your number
  • Both mobile and landline numbers can be registered
  • The Corporate TPS (CTPS) provides similar protection for business numbers

How to Register with TPS:

  1. Visit www.tpsonline.org.uk/register or call 0345 070 0707
  2. Enter your phone number and contact details
  3. Confirm your registration via email

Important Limitations of TPS Protection

While TPS registration is an essential first step, it's important to understand its limitations:

  • Doesn't stop scammers who deliberately ignore the law

Additional Protections

Direct Marketing Association (DMA)

The DMA's code of practice requires member organizations to:

  • Screen against the TPS
  • Display a valid number when calling
  • Maintain internal do-not-call lists
  • Train staff on privacy regulations

Mail Preference Service (MPS)

Similar to TPS, but for postal marketing:

  • Opt out of unsolicited marketing mail
  • Register at mpsonline.org.uk
  • Takes up to 4 months to become fully effective

Consumer Rights and Protections Against Unfair Practices

Consumer Protection from Unfair Trading Regulations 2008

Beyond data protection and privacy laws, consumers are protected from unfair, misleading, or aggressive telephone marketing by consumer protection regulations.

Misleading Actions

Callers cannot:

  • Provide false information about themselves or their products/services
  • Create confusion with competitors' products
  • Fail to honor commitments made during calls
  • Falsely claim to be a government body or charity

Aggressive Practices

Callers cannot:

  • Harass, coerce, or exert undue pressure
  • Exploit vulnerability (e.g., age, illness)
  • Threaten legal action that cannot be taken
  • Create a false sense of urgency to force decisions

Particularly Vulnerable Consumers:

The regulations provide enhanced protection for vulnerable consumers such as the elderly, those with disabilities, or those with limited English language skills. Marketing that specifically exploits these vulnerabilities can attract higher penalties.

Distance Selling Regulations

When products or services are sold over the phone, consumers have additional rights:

  • Right to clear information

    The seller must provide clear information about the product/service, price, delivery costs, and the company's identity before you make a purchase.

  • Right to written confirmation

    After ordering, you must receive confirmation of the order in a durable form (email, letter).

  • Cooling-off period

    For most goods and services, you have 14 days to cancel from the day after receiving goods or entering into a service contract.

Enforcement and How to Complain

Who Enforces These Laws?

Information Commissioner's Office (ICO)

Enforces GDPR, Data Protection Act, and PECR. Can issue fines up to £17.5 million or 4% of global turnover.

Ofcom

Regulates telecommunications services and can take action against persistent misuse of networks, including silent calls.

Trading Standards

Enforces consumer protection regulations against misleading and aggressive marketing practices.

Recent Enforcement Actions

Regulators have been increasingly active in enforcing telephone marketing rules. Recent notable cases include:

Organization Violation Penalty Year
Leads Work Ltd Making 2.1 million unsolicited marketing calls to TPS-registered numbers £250,000 fine 2023
CPS Advisory Ltd Making over 100,000 automated marketing calls about pensions without consent £130,000 fine 2021
CRDNN Limited Making 193 million automated nuisance calls £500,000 fine 2020
Telecom Protection Ltd Making 3.5 million nuisance calls about call blocking services £85,000 fine 2019

How to Make a Complaint

If your privacy rights have been violated by telephone marketers, you can complain to the relevant authorities:

Complaint to the ICO

  1. Gather details: date/time of call, company name, phone number
  2. Report via the ICO website: ico.org.uk/make-a-complaint/
  3. Or call: 0303 123 1113

Complaint to Ofcom

  1. For silent or abandoned calls
  2. Report online: ofcom.org.uk/make-a-complaint
  3. Or call: 0300 123 3333

Practical Tips for Enforcing Your Privacy Rights

Beyond the legal protections, here are practical steps you can take to enforce your telephone privacy rights:

1. Know Who You're Dealing With

  • Ask for the caller's name, the company name, and contact information
  • Ask how they obtained your number
  • Request their privacy policy information

2. Make Clear Opt-Out Requests

  • Explicitly state: "Please remove my number from your calling list"
  • Ask for confirmation that your request has been recorded
  • Note the date and time of your request

3. Follow Up in Writing

  • Send an email or letter confirming your opt-out request
  • Include the date and time of the original call
  • Request written confirmation of removal from their list

4. Make a Subject Access Request

  • If a company continues calling, request all personal data they hold about you
  • Ask for information on where they obtained your data
  • They must respond within one calendar month

5. Keep Records

  • Maintain a log of unwanted calls (date, time, company, content)
  • Save any relevant voicemails
  • Document all your opt-out requests
  • These records are valuable if you need to make a complaint

Sample Script for Unwanted Calls

"I'd like to know the name of your company and how you obtained my telephone number. I'm registered with the Telephone Preference Service and do not consent to receiving marketing calls. Please remove my number from your calling list immediately and confirm you've done so. Can I have your company's contact details for my records?"

Special Cases and Exceptions

When TPS Registration Doesn't Apply

Existing Customer Relationships

Organizations you've previously done business with may contact you about similar products or services unless you've specifically opted out of their marketing.

Market Research Calls

Genuine market research calls are exempt from TPS rules, though they must not include marketing content or lead generation.

Charities and Political Parties

Fundraising calls from charities and calls from political parties are subject to different rules but must still respect specific opt-out requests.

Debt Collection

Calls regarding legitimate debt collection are not considered marketing and are not covered by TPS registration.

International Calls

Calls from outside the UK present special challenges:

  • UK regulations technically apply to any calls made to UK numbers, regardless of where the call originates

  • However, enforcement against overseas callers is challenging

  • For international calls, technical solutions like call blocking may be more effective than regulatory complaints

Frequently Asked Questions

Can companies call me if I've registered with the TPS but I'm an existing customer?

Yes, companies you have an existing relationship with can still call you for marketing purposes related to similar products or services, unless you've specifically told them not to. This is known as the "soft opt-in" exception. However, they must provide an easy way to opt out in each communication.

How long does a company need to keep my opt-out request?

Organizations should maintain records of marketing opt-outs indefinitely, or at least for as long as they retain your contact details. There is no set expiry date for opt-out requests - once you've opted out, that decision should be respected until you explicitly opt back in.

Can I request compensation for nuisance calls?

Possibly. Under the UK GDPR, you have the right to claim compensation if you've suffered damage (including distress) due to a breach of data protection law. For serious or persistent nuisance calls, you might be able to seek compensation through small claims court, though you would typically need to prove actual damages.

What's the difference between a "cold call" and a "nuisance call"?

A "cold call" is an unsolicited marketing call to someone with whom the caller has no prior relationship. These calls can be legal if they follow regulations (e.g., not calling TPS-registered numbers). A "nuisance call" typically refers to calls that breach regulations or are made with the intention to annoy, inconvenience, or cause anxiety - such as silent calls, repeated calls, or calls at antisocial hours.

Can I record telephone calls to prove violations?

In the UK, you can legally record phone conversations for personal use without informing the other party. These recordings can be helpful evidence when making complaints to regulators. However, if you plan to share the recording with third parties or use it in legal proceedings, different rules may apply, and you should seek legal advice.

Had your privacy rights violated?

Help others by reporting nuisance calls to our database and relevant authorities.

Report a Call

Related Protection Guides

Key Regulations at a Glance

  • UK GDPR

    Controls how your personal data is used, including phone numbers

  • PECR 2003

    Specific rules for electronic communications including telephone marketing

  • TPS Regulations

    Official opt-out register for unsolicited marketing calls

  • Consumer Protection Regulations

    Prohibit misleading and aggressive marketing practices

Important Contacts

  • Information Commissioner's Office (ICO)

    For GDPR and PECR violations

    0303 123 1113

    ico.org.uk

  • Telephone Preference Service

    Register your number

    0345 070 0707

    tpsonline.org.uk

  • Ofcom

    For silent calls and network issues

    0300 123 3333

    ofcom.org.uk

Your Rights Checklist

  • Right to opt out of marketing calls

  • Right to know how your number was obtained

  • Right to request erasure of your data

  • Right to access personal data held about you

  • Right to complain to regulators

  • Right to seek compensation for violations