Are contract and PAYG numbers treated differently?

rabiakhatun785 · Post by **rabiakhatun785** » Wed May 21, 2025 6:14 am

Under UK law, specifically the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communications Regulations (PECR), the core data protection principles apply equally to mobile numbers, regardless of whether they are on a contract or Pay As You Go (PAYG) basis. The distinction lies not in the type of number, but in how the data associated with that number is collected, processed, and used, particularly for marketing.

1. Mobile Numbers as Personal Data:

Both contract and PAYG mobile numbers are considered personal data under the UK GDPR. This is because, in either case, the number relates to an identifiable individual. Even a PAYG number, often thought of as more anonymous, is linked to a person through their SIM registration, top-up history, and usage patterns. Mobile network operators (MNOs) hold personal information about their PAYG senegal mobile database customers just as they do for contract customers, albeit potentially different types of information. The mere fact that a number exists and is used by a natural person makes it personal data, obliging anyone processing it to comply with data protection law. Therefore, the foundational rules of data protection, such as having a lawful basis for processing, ensuring data security, and respecting data subject rights, apply across the board.

2. Marketing Rules under PECR: The Key Differentiator

While the UK GDPR sets out the general rules for personal data, PECR specifically governs electronic marketing communications, including calls and text messages. This is where a subtle, but important, distinction can arise in practice, primarily concerning the ease with which consent can be established.

For marketing calls (live or automated): For live marketing calls to individual subscribers (which includes mobile numbers, regardless of contract or PAYG), businesses generally need prior consent from the individual, or the individual's number must not be registered on the Telephone Preference Service (TPS). For automated marketing calls (e.g., robocalls), explicit consent is always required.
For marketing text messages (SMS): Sending marketing text messages to individual subscribers always requires prior consent, unless the "soft opt-in" rule applies. The soft opt-in allows a business to send marketing texts to an existing customer if they obtained the contact details during a sale or negotiations for a sale, they are marketing similar products or services, and the customer was given a clear opportunity to opt-out when their details were collected and in every subsequent communication.
The nature of contract versus PAYG doesn't change these fundamental PECR rules. However, the operational reality of obtaining and demonstrating consent might differ.

3. Practical Implications for Businesses:

In practice, for businesses looking to market to mobile numbers:

Consent for both is equally stringent: Whether a number is contract or PAYG, the legal requirement for clear, specific, informed, and unambiguous consent for marketing remains the same. A business cannot assume that because a number is PAYG it has fewer privacy protections or different consent requirements.
Data collection nuances: MNOs collect different levels of identifiable data for contract customers (e.g., credit checks, billing addresses) compared to PAYG customers (who might only provide minimal registration details). However, from a marketing perspective, this difference in collection doesn't alter the need for consent. The ICO focuses on the purpose of processing (marketing) and the type of communication (electronic), rather than the underlying contract type.
"Soft opt-in" and existing customer relationships: The "soft opt-in" is more commonly applicable to contract customers where there's an ongoing billing relationship. For PAYG users, establishing an "existing customer" relationship in the same way, particularly for those who only top up sporadically, can be more challenging. Businesses would need to carefully consider if a simple one-off top-up constitutes the "sale or negotiations for a sale" required to trigger the soft opt-in. In many PAYG scenarios, explicit consent for marketing texts would be the safer and more legally sound approach.