RevealHim
Login
May 16, 2026·7 min read

Is It Illegal to Look Up a Phone Number? US, UK and EU Law Explained

Short answer: looking up a phone number is legal in basically every country. What you do with the result is where things get complicated. This is a plain-English breakdown of US, UK and EU law as of 2026 — what's clearly fine, what's a gray area, and what will get you in trouble.

USA: legal, but FCRA-aware

Reverse phone lookup is legal across all 50 states. Public records, telecom directories and data-broker aggregations are explicitly fair game for personal use.

The big constraint is the Fair Credit Reporting Act (FCRA). If you use reverse lookup results to make decisions about:

  • Employment (hiring, firing, promotion)
  • Credit (lending, scoring)
  • Insurance (eligibility, pricing)
  • Housing (tenancy applications)

...you must use an FCRA-compliant Consumer Reporting Agency. Services like RevealHim, Spokeo, BeenVerified — none of us are CRAs. Our terms of service explicitly prohibit FCRA-regulated uses. Ignore that and you're personally liable for any harm caused.

What's fine: looking up an unknown caller, verifying a Craigslist seller, finding a long-lost relative, identifying a number that's been calling your kid.

UK: GDPR + DPA 2018

Reverse lookups are legal but more restricted than in the US. The Data Protection Act 2018 (UK's GDPR implementation) recognizes two important principles:

  • Legitimate interest — you can process personal data for a clearly defined personal purpose
  • Right to be forgotten — the person can demand their data be removed from any database

So: looking someone up to identify an unknown caller is fine. Compiling a database of UK residents' phone numbers and addresses for resale is not. The Information Commissioner's Office (ICO) actively enforces against the latter.

EU: GDPR, with national variation

GDPR sets the floor across all 27 member states; each country adds its own twist.

  • France — CNIL (the data regulator) is one of the most aggressive in Europe. Even legitimate personal lookups require you to be prepared to justify the purpose.
  • Germany — historically strict. Bundesdatenschutzgesetz (BDSG) goes beyond GDPR in some areas.
  • Spain, Italy — GDPR-compliant but enforcement is lighter than France or Germany.
  • Netherlands, Sweden, Denmark — relatively pragmatic. Many lookup services operate there without issues.

Across the EU, the universal constraints are:

  • You can look up someone for personal use — fine
  • You can't use the data for commercial profiling without consent — fine
  • You can't store and resell the data without a lawful basis — fine
  • The subject has a right to access what you've collected about them — you must comply

What's clearly illegal everywhere

  • Stalking and harassment — using lookup data to follow, threaten or intimidate someone
  • Identity theft — using collected data to impersonate the subject
  • Doxxing — publishing private data with intent to harm
  • Pretexting — using collected data to deceive the subject's bank, employer, etc.
  • Hacking — bypassing carrier or data-broker security to get information not legitimately available

The "fair use" mental model

A reasonable rule of thumb: if the same lookup, with the same intent, would be acceptable for a private investigator hired by you, it's probably legal for you to do directly. If it wouldn't be acceptable for a PI, don't do it yourself either.

What about the person you're looking up — can they tell?

Reverse lookups are anonymous. The subject is not notified when you search them. They could potentially submit a data-access request to the lookup service and discover their data is there, but they wouldn't see who specifically searched for it.

⚖️ This is general guidance, not legal advice. If you have a specific use case with material consequences — especially anything involving employment, lending, insurance, or tenancy — consult a lawyer in your jurisdiction.

RELATED

Find an Address from a Phone Number

RELATED

Background Check vs Reverse Phone Lookup