Tag Archives: ICO

Artificial intelligence: ICO considers security risks and the need for a new legal framework

On 12 September 2019, the Committee of Ministers of the Council of Europe announced that an Ad hoc Committee on Artificial Intelligence (CAHAI) will be set up to consider the feasibility of a legal framework for the development, design and application of Artificial intelligence (AI). On the same day, the United Kingdom’s data protection supervisory … Continue Reading

Children first: the ICO’s code for design standards in online services for children is one step closer to completion

Earlier this year, the Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online services (Code). The consultation closed on 31 May 2019 but the ICO has recently released an update on its progress in producing the Code. The finalised Code will be informed … Continue Reading

Privacy and data protection: What you need to know in case of a no-deal Brexit

The UK’s new prime minister, Boris Johnson, has vowed that the UK will leave the EU on October 31, 2019. A unilateral (or “hard”) Brexit poses many privacy and data protection challenges for companies that operate in the UK.  Post-Brexit privacy and data protection issues that you need to consider include: how to maintain uninterrupted … Continue Reading

Sense or censorship – the sequel. The Information Commissioner responds to the government’s online harms white paper

Avid readers of this blog (and we trust there are many of you!) will recall that the UK government recently published a white paper. The white paper sets out the UK government’s approach to regulating the internet to tackle online harms. The Information Commissioner’s Office (ICO) has just published the Information Commissioner’s (Commissioner) full response to … Continue Reading

Check your compliance to the updated ICO guidance on cookies

On July 3, 2019 the Information Commissioner’s Office (ICO) published an updated guidance on the use of cookies. Although the guidance confirms requirements of which most data practitioners already comply, it outlines steps for non-compliant companies. Now that the ICO has confirmed its regulatory expectations and detailed immediate enforcement, companies need to take action to … Continue Reading

Not quite everything everywhere – ICO fines EE £100,000 for unsolicited text messages

The Information Commissioner’s Office (ICO) announced a £100,000 fine imposed on the telecoms company, EE Limited (EE), for breaching the Privacy and Electronic Communications Regulations 2003 (PECR). The timing of the breach meant that the General Data Protection Regulation 2016/679 (GDPR) was not applicable. What happened? EE sent customers a text message encouraging them to … Continue Reading

The ICO’s take on explaining AI

The Information Commissioner’s Office (ICO) and the Alan Turing Institute have recently released an interim report (Report) outlining their approach to best practices in explaining artificial intelligence (AI) to users. The Report is of particular relevance to operators of AI systems who may be considering their duties under the General Data Protection Regulation 2016/679 (GDPR). In … Continue Reading

60% of British adults and 80% of young teenagers suffered harm online in the last 12 months – the UK debate about the need to regulate the internet continues apace

Britain’s data protection and broadcasting regulators, the Information Commissioner’s Office and Ofcom, have published a joint Report looking into internet users’ concerns about online harms. The British government’s recently published White Paper, which outlined its approach for regulating the internet to tackle online harms, was informed by this Report. Methodology Over 3,000 interviews were conducted … Continue Reading

One year of GDPR – lessons learned by the ICO

The Information Commissioner’s Office (ICO) has published its update reflecting on its GDPR experience over the past year and its upcoming priorities to stay relevant, foster innovation and maintain its position as an “influential regulator on the national and international stage”. Supporting the public, DPOs, SMEs and other organisations The first year of the GDPR … Continue Reading

Celebrating GDPR’s anniversary and preparing for year two

25 May 2019 was GDPR’s first birthday. Since its introduction, privacy and data protection issues have continued to dominate public debate and regulators have signalled that large fines for non-compliance are imminent. Now is an opportune time to review your privacy and data protection regimes. We have more regulatory guidance and case law than we … Continue Reading

UK High Court says no…administrators are not controllers

The recent case of Green v. Group Ltd and others [2019] EWHC 954 (Ch) dealing with Cambridge Analytica’s insolvency has clarified the approach that administrators should take when subject access requests are made to the companies over which they are appointed. A failed administration… In the aftermath of the notorious data analytics activities of Cambridge … Continue Reading

Is 2019 the year for GDPR certification and codes of conduct?

The UK’s Information Commissioner’s Office (ICO) has published new guidance on certification and codes of conduct for data processing as well as expected timetables for finalising its revised guidelines on these topics. Certification Certification is a voluntary mechanism for organisations to validate their compliance with the General Data Protection Regulation 2016/679 (GDPR). Once the submissions … Continue Reading

ICO blogs on meaningfulness of human involvement in AI systems

Researchers at the Information Commissioner’s Office (ICO) have started a series of blogs discussing the ICO’s work in developing a framework for auditing artificial intelligence (AI). In the first blog of the series, the discussion revolves around the degree and quality of human review in AI systems, specifically, in what circumstances human involvement can be … Continue Reading

Death, taxes, and preliminary enforcement notices – ICO investigates UK tax authority’s processing of voice data.

The Information Commissioner’s Office (ICO) issued a preliminary enforcement notice to Her Majesty’s Revenue and Customs (HMRC). The ICO’s notice compels HMRC to delete personal data which was wrongfully collected. Consent A complaint was made to the ICO last year about HMRC relying on implied consent for the historic collection of personal data from individuals. … Continue Reading

Sharing a Bounty of Personal Data? ICO issues £400,000 fine against UK pregnancy and parenting club for illegally sharing personal data

The Information Commissioner’s Office (ICO) announced its intent to fine Bounty (UK) Limited (Bounty) £400,000 for breaching the Data Protection Act 1998 (the Act). Due to the timing of this breach, it was governed by the Act rather than by the General Data Protection Regulation 2016/679 (GDPR). The maximum penalty permitted under the pre-GDPR regime … Continue Reading

Protection of children’s online space: ICO issues code of practice on age-appropriate design

The UK Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online products and services provided by information society services (ISS). The consultation closes on 31 May 2019. The draft code sets out principles for any online service accessed by children under the age … Continue Reading

ICO investigates adtech awareness through fact finding forum

The Information Commissioner’s Office (ICO) recently published a summary report of its fact finding forum on data protection issues arising from advertising technology (adtech). Adtech is a term commonly used to refer to all technologies, software and services used for delivering and targeting online advertisements. The ICO compiled responses from over 2,300 participants in an … Continue Reading

Involved in AI? The ICO wants to hear from you.

The Information Commissioner’s Office (ICO) is inviting organisations to help develop a framework for future auditing of artificial intelligence (AI). A team from the ICO’s Technology Policy and Innovation Directorate will develop the framework. The framework is intended to help regulators ensure AI applications are transparent, fair and appropriately risk assessed. As well as the … Continue Reading

FCA and ICO strengthen cooperation in renewed memorandum of understanding

On 18 February 2019, the Information Commissioner’s Office (ICO) and the Financial Conduct Authority (FCA) updated their Memorandum of Understanding (MoU) with an aim to reinforce and develop their cooperation, collaboration, and information and intelligence sharing. Cooperation and information sharing The ICO and FCA have set out what matters they will communicate with each other … Continue Reading

UK regulator to focus on ad-tech

On 6 March 2019, the Information Commissioner’s Office (ICO) will host a fact-finding forum in central London. The aim of this forum is to facilitate a dialogue between ad-tech stakeholders. The ICO wants to understand the complexities of ad-tech practices. Why ad-tech? ‘Ad-tech’ is the product of technology’s transformation of the advertising industry. It uses … Continue Reading

ICO brings prosecution against SCL Elections

Earlier this month, the Information Commissioner’s Office (ICO) brought a criminal prosecution against the parent company of Cambridge Analytica, SCL Elections, for failing to comply with an enforcement notice issued by the ICO. SCL was fined £15,000 and ordered to pay costs. The criminal prosecution may not sound surprising – after all, SCL had failed … Continue Reading

Federal Court deals SEC a setback in Blockvest ICO litigation

On November 28, 2018, the U.S. Securities and Exchange Commission’s (SEC) request for a preliminary injunction against Defendants Blockvest, LLC (Blockvest) and Blockvest’s founder and chairman Reginald Buddy Ringgold, III (Ringgold) was denied by United States District Court for the Southern District of California. Blockvest and Ringgold were offering and selling unregistered securities in the … Continue Reading

SEC settles two ICO enforcement actions

The U.S. Securities and Exchange Commission (SEC) recently settled two initial coin offering (ICO) enforcement actions grounded on the sale of unregistered securities. The two settlements, one with CarrierEQ Inc. (or AirFox) and the other with Paragon Coin Inc., are the first time the SEC has imposed civil penalties on companies solely for offering digital … Continue Reading
LexBlog