Thursday 21 May 2026 @ 12:25
Information Commissioner's Office
Printable version

Glasgow-based energy company fined £160,000 for making unsolicited marketing calls

We have fined a Glasgow-based company £160,000 for making over 700,000 unsolicited marketing sales calls to numbers registered on the Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS), in a clear breach of law.

Energy Prices Direct Limited (EPDL), which describes itself as one of the UK’s largest energy-buying consortiums, made the unsolicited calls to individuals and businesses between January 2024 and January 2025 – resulting in over 30 complaints being made to us, the TPS and CTPS.

The investigation revealed that in some cases, employees failed to identify themselves as being from EPDL when making calls. 

In a call transcript, one recipient said that an EPDL employee claimed they were from “what sounded like the ECB” They went on to deny they were making a sales call saying:

“No, this is not a sales and marketing call, I just wanted to share our electricity prices with you.”

Another business owner said that despite having subscribed to the TPS, they were still being “bombarded” with daily calls from EPDL about switching energy suppliers or using a meter.

Our investigation discovered that data used to make calls had been purchased without establishing whether the numbers had been screened against the TPS or CTPS. There were also instances where EPDL could not identify the source of the data they were using.

Andy Curry, our Head of Investigations, yesterday said:

"Energy Prices Direct Limited showed a blatant disregard for laws designed to protect people and businesses from nuisance marketing. Not only was the company careless with its caller data but employees were, in some cases, deceptive about their reasons for calling. They made an exceptionally high volume of unsolicited calls over a 12-month period, often in a persistent manner, in an attempt to sell services.

“This case highlights the importance of robust compliance checks when buying and using marketing data and we expect all organisations to have proper systems in place to prevent this level of unlawful marketing activity. Compliance with TPS and CTPS requirements is a legal obligation for all organisations conducting marketing calls. 

“I am pleased that Energy Prices Direct Limited has now paid the fine we issued.

“Companies must understand that if they ignore the law and continue to bombard people with unwanted sales calls, we will not hesitate to take enforcement action.”

Enforcement action has been made under section 40 of the Data Protection Act 1998 (DPA) and issued due to serious contravention of regulations 21 and 24 of the Privacy and Electronic Communications Regulations (PECR).  

Under PECR, companies must not make live marketing calls to anyone who has registered with the TPS or CTPS unless they have explicit consent and organisations are legally required to screen their calling lists against both registers before making calls. 

Callers must also identify who they are when making the call, make their telephone number visible, and provide contact details or a way for the recipient to contact them. 

To stop live and automated marketing calls, we advise people and businesses to:

  • Register their landline or mobile number with the Telephone Preference Service (TPS) or Corporate Telephone Preference Service free of charge. The TPS and CTPS are registers of people and businesses who have said they don’t want to receive marketing calls. Consumers should be aware that if they agreed an organisation could make live marketing calls to them, but then go on to register with the TPS, the organisation can still legitimately call them. Individuals will need to contact them directly to tell them formally to ask them to stop calling.
  • Report any nuisance calls that they continue to receive to us using our online reporting tool.
  • Refer complaints about a business’s practices to Trading Standards through Citizens Advice or Trading Standards Scotland and complaints about silent or abandoned calls to Ofcom.

Businesses can also consult with the our direct marketing guidance to ensure compliance with the law.

Notes to Editors

For more information or to request an interview with Andy Curry, ICO Head of Investigations please contact: pressoffice@ico.org.uk

  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.  
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.  
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.  
  4. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.

 

Channel website: https://ico.org.uk/

Original article link: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/05/glasgow-based-energy-company-fined-160-000-for-making-unsolicited-marketing-calls/

Share this article

Latest News from
Information Commissioner's Office

£355,880.10 confiscation order secured following proceeds of crime hearing

22/05/2026 11:25:00

We have secured a £355,880.10 confiscation order against former Manchester motor insurance worker, Rizwan Manjra, who was previously found guilty of securing unauthorised access to personal information on his work computer systems for his own financial gain

ICO statement on age assurance

22/05/2026 10:25:00

ICO statement on age assurance

One month to go: what businesses need to know to meet new data law

19/05/2026 16:20:00

Businesses across the UK have one month from today to put a data protection complaints process in place, before new legal requirements come into force on 19 June 2026.

Our advice to government on potential changes to online advertising rules

19/05/2026 12:25:00

Blog posted by: William Malcolm, the ICO's Executive Director Regulatory Risk and Innovation, 18 May 2026.

Five steps to protect your organisation from AI-powered cyber threats

14/05/2026 13:20:00

Cyber criminals are increasingly using artificial intelligence (AI) to carry out attacks that are faster, more advanced and harder to detect. From AI-generated phishing emails that impersonate trusted contacts, to automated tools that scan for and exploit software vulnerabilities, the threat landscape is evolving rapidly.

Fine of nearly £1m issued against South Staffordshire Plc and South Staffordshire Water Plc following major cyber attack and data breach

12/05/2026 12:20:00

We have fined South Staffordshire Plc and South Staffordshire Water Plc (together South Staffordshire) £963,900 following a serious cyber attack that resulted in the personal information of 633,887 people being extracted and published on the dark web.  

New guidance to support public authorities dealing with AI-generated FOI requests

06/05/2026 13:10:00

We have published new guidance to help public authorities confidently handle Freedom of Information (FOI) requests that involve the use of artificial intelligence (AI). 

Final storage and access technologies guidance published

01/05/2026 09:25:00

We have published our finalised guidance on Storage and Access Technologies (SATs), alongside an update on our online tracking strategy. 

Charities given new flexibility to contact supporters under data law change

29/04/2026 10:20:00

ICO have yesterday published final guidance on the 'charitable purposes soft opt-in' provision, helping charities to understand and apply the new rules.