Your phone number is personal data protected under the GDPR. Data brokers, marketing agencies and fraudsters know its value: combined with your name or address, it can be used to target you with spam calls or facilitate identity theft. In 2026, a verified mobile number can sell for several euros on illicit data markets.
How your number ends up on spam lists
- Online forms and prize draws that resell your details to commercial partners.
- Pre-ticked consent boxes that silently grant telemarketing permission.
- Data breaches at companies you trust, after which your number circulates on the dark web.
- Public profiles on social networks or classified ad sites, scraped automatically.
Your GDPR rights and how to use them
Under the GDPR you can request access to, correction of, or erasure of your data. Contact the organisation's Data Protection Officer in writing. If they fail to respond within one month, file a complaint with the CNIL (cnil.fr), France's data-protection authority.
Practical protection steps
- Register on Bloctel (bloctel.gouv.fr) — legally bars most telemarketers from calling you.
- Use a secondary or disposable virtual number for online forms and unfamiliar websites.
- After a data breach, look up unknown callers on TelCheck and report the company to Signal Conso (signalconso.gouv.fr).