A Two-Headed Complementary Regulatory System
The United Kingdom has adopted an original approach to fighting phone spam by entrusting the mission to two distinct authorities with complementary roles.
The ICO: Data Protection Watchdog
The Information Commissioner's Office (ICO) is the UK's data protection authority, equivalent to France's CNIL. It enforces PECR (Privacy and Electronic Communications Regulations) rules that strictly regulate telemarketing.
In April 2024, the ICO imposed £340,000 in fines on two companies for 1.43 million illegal calls made over 13 months. These calls targeted people registered with the TPS (Telephone Preference Service), the UK's do-not-call register.
Since April 2023, the ICO has issued over £2.59 million in fines against companies responsible for unwanted calls, texts, or emails.
Ofcom: The Telecommunications Regulator
Ofcom (Office of Communications) regulates telephone operators and service providers. Its role focuses on technical aspects and service quality, particularly managing abandoned calls (automatically disconnected calls).
Ofcom imposes strict transparency obligations on operators and combats caller ID spoofing. The two authorities work closely together and share information on offenders.
The TPS: An Effective Opt-Out System
The Telephone Preference Service (TPS) is a free register where UK consumers can list their phone numbers to indicate they refuse unsolicited marketing calls.
Companies conducting telemarketing are legally required to check the TPS before each calling campaign. Any call to a TPS-registered number constitutes a PECR violation, subject to fines.
According to an Ofcom study, TPS registration reduces unsolicited marketing calls by approximately one-third. The register contains tens of millions of registered numbers.
PECR Rules: A Strict Framework for Direct Marketing
The Privacy and Electronic Communications Regulations (PECR) constitute the UK's legal framework for telephone, email, and SMS marketing.
Key PECR Principles
- Explicit consent required to call TPS-registered numbers
- Mandatory caller identification: name, company, and contact details
- Right to object respected: anyone can refuse to be called back
- Consent traceability: companies must prove the legal origin of data
- Aggressive practices prohibited: commercial pressure, repeated calls, targeting vulnerable people
Graduated Sanctions
The ICO can issue:
- Enforcement notices ordering cessation of illegal practices
- Administrative fines up to £500,000 for serious violations
- Criminal prosecutions in cases of repeat offenses or proven fraud
Landmark Cases: When the ICO Strikes Hard
Outsource Strategies Ltd: £240,000 Fine
In April 2024, this Cardiff-based company was fined £240,000 for 1,346,503 illegal calls made between February 2021 and March 2022.
The ICO investigation revealed that 141,914 calls had been made to people marked "do not call" in the company's own systems. Complainants described aggressive sales tactics and deliberate targeting of elderly and vulnerable people.
Dr Telemarketing Ltd: £100,000 and Forced Recovery
This London-based company was fined £100,000 for 80,240 illegal calls promoting "Lotto Express."
After ceasing cooperation with the investigation, the company neither paid the fine nor appealed. The ICO therefore launched forced recovery proceedings, demonstrating its determination to collect sanctions.
France vs United Kingdom Comparison
| Criterion | France (CNIL) | United Kingdom (ICO) |
|---|---|---|
| Main regulator | CNIL | ICO + Ofcom |
| Opt-out system | Bloctel | TPS |
| Maximum fines | 4% global revenue or €20M | £500,000 (PECR) |
| Fines 2023-2025 | ~€487M (global GDPR) | £2.59M (nuisance calls) |
| Forced recovery | Long procedure | Active and fast |
| Vulnerable targeting focus | Considered | Major aggravating factor |
Strengths of the British Model
1. Sanction Responsiveness
The ICO regularly publishes nuisance calling sanctions, creating a permanent deterrent effect. Fines are issued within months of the facts, unlike GDPR procedures that can take years.
2. Targeting Vulnerable People as Aggravating Circumstance
The UK system considers deliberate targeting of elderly or vulnerable people as a strongly aggravating circumstance. Victim testimonies are systematically integrated into sanction decisions.
3. Total Transparency
All ICO sanctions are public and detailed: company names, amounts, call numbers, testimonies. This transparency reinforces reputational pressure on offenders.
4. Effective Fine Recovery
The ICO has efficient forced recovery procedures. Companies that don't pay their fines face seizures and additional criminal prosecutions.
Limits and Criticisms
TPS: Effective But Not Perfect
Despite its effectiveness, the TPS only blocks about one-third of unwanted calls. Fraudsters use foreign numbers or spoofing techniques to bypass the system.
PECR vs GDPR Fines
PECR fines (£500,000 max) remain modest compared to GDPR sanctions that can reach 4% of global revenue. Some industry players consider these fines an acceptable operating cost.
ICO-Ofcom Coordination Room for Improvement
Although the two authorities collaborate, some cases requiring coordinated action (technical spoofing + PECR violation) may experience extended processing times.
Lessons for France
1. Specialize a CNIL Branch on Telemarketing
The ICO model shows the effectiveness of a team exclusively dedicated to nuisance calling, publishing regular and visible sanctions.
2. Strengthen Bloctel with Verification Obligations
The UK TPS requires companies to verify before each campaign. Bloctel could adopt a verification certification system to enhance its effectiveness.
3. Prioritize Targeting of Vulnerable People
The UK system treats targeting vulnerable people as a particularly serious offense. The CNIL could systematically integrate this criterion into its decisions.
4. Publish Specific "Abusive Telemarketing" Sanctions
ICO sanctions are immediately identifiable as nuisance calling-related. In France, they are often buried in general GDPR decisions, reducing their deterrent impact.
