Tag Archives: ICO

ICO’s Strategic Plan for the ‘New Frontier’ of Data Protection

The ICO recently published its Information Rights Strategic Plan for 2017 – 2021  (the ‘Plan’). Within it, the ICO Commissioner, Elizabeth Denham, asserts that we are on the “edge of a new frontier,” and that the data protection landscape is about to be reshaped by the “game changing” General Data Protection Regulation (the ‘GDPR’). Noting … Continue Reading

‘Once in a generation’ legislative changes: the ICO’s strategy for GDPR challenges

Information Commissioner Elizabeth Denham has recently given some valuable insights into the Information Commissioner’s Office’s (ICO) General Data Protection Regulation (“GDPR”) strategy. Addressing the House of Lords EU Home Affairs Sub-Committee, she made clear that numerous pressures face the ICO as a result of the substantial workload created by the GDPR. Commissioner Denham emphasised that … Continue Reading

UK Reaffirms Commitment to GDPR while ICO Increases its International Focus

At the beginning of February, the Minister of State responsible for digital and culture policy, Matt Hancock, reaffirmed the UK’s commitment to implementing legislation mirroring the General Data Protection Regulation (GDPR), and ensuring the uninterrupted flow of personal data between the UK and EU post Brexit. Reaffirmed Commitment to the GDPR… Continue Reading

The Subject Access Request That Led to a Security Breach, or Why Having a System to Respond to Access Requests Is Essential

In August, the UK’s data protection regulator, the ICO, fined a Hertfordshire GP practice £40,000 under the Data Protection Act 1998 (“DPA”) after a subject access request (“SAR”) went badly wrong. A lack of process, training and supervision resulted in confidential details about a patient being sent to her estranged ex-partner, who then used them … Continue Reading

ICO Reminds Organisations of EU-U.S. Personal Data Transfer Obligations

The Interim Deputy Commissioner at the Information Commissioner’s Office (“ICO”), Steve Wood, has published a blog reminding organisations of their obligations when transferring personal data to the United States, pursuant to the case brought by Max Schrems in 2015, which led to the Safe Harbor framework being declared immediately invalid. Wood reminds organisations that continued … Continue Reading

ICO Responds to the ePrivacy Directive Consultation

In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading

Secretive Direct Marketers Face Fresh Restrictions on their Anonymity

From 16 May, those making (or instigating) direct marketing telephone calls must provide Caller Line Identification (‘CLI’) when making calls live or through automated means. The display of their telephone numbers to consumers has the effect of making it easier for consumers to refuse and/or report unwanted marketing calls. The Privacy and Electronic Communications (EC … Continue Reading

WiFi Privacy: Network Analytics Guidance Issued by ICO

The Information Commissioner’s Office (ICO) has issued guidance to help wireless (WiFi) operators understand their duties under the Data Protection Act 1998 (DPA) when collecting and using location and other analytics information. When a device’s WiFi functionality is enabled, it broadcasts ‘probe requests’ to find WiFi networks that are within range. If the device discovers … Continue Reading

Happy Data Protection Day! ICO and Senate Committee’s spotlight on data protection

In preparation for European Data Protection Day on 28 January, the ICO commissioned a survey on attitudes towards data protection. The YouGov poll revealed growing public concern over data privacy and security. Of more than 2000 respondents questioned: 95% considered it “very or fairly important” that companies were clear from the outset about how their … Continue Reading

The UK’s data protection regulator cracks the enforcement whip

As 2015 draws to a close, the UK’s Data Protection Regulator, the Information Commissioner’s Office (‘ICO’), is making sure it ends the year with a bang. The past few months have seen a significant increase in enforcement action, a theme which seems to be common for the regulator at this time of year because of … Continue Reading

EU Data Protection Reforms: ICO Critiques Council Draft Regulation Over Consent, Access Rights, EU v. Member State Balance of Power

With the EU Data Protection “reform train” rounding what is hopefully the final bend towards the summit of consensus, the UK ICO have published their latest analysis on the Council’s draft EU Data Protection Regulation. The analysis demonstrates the improvement needed in order to ensure that the new law provides effective protection to individuals while … Continue Reading

UK first: right-to-be-forgotten notice issued against Google Inc.

The UK’s Information Commissioner’s Office (‘ICO’) has published what appears to be its first public enforcement notice based upon “the right to be forgotten” against Google Inc. The “right to be forgotten” was introduced by the ECJ last year when it held that data subjects have a right to compel search engines to remove results … Continue Reading

UK ICO Annual Report highlights 100% success rate for monetary penalties imposed

The ICO, the UK’s data protection authority, published its 2014-2015 annual report. Most noticeably, the ICO announced that they had enforced no successful appeals against Monetary Penalty Notices. The ICO can impose civil monetary penalties of up to £500,000 for serious breaches of the Data Protection Act 1998, but this can be reduced by 20% … Continue Reading

Reactiv Media fine increased on appeal by UK Information Rights Tribunal

Reactiv Media has found itself facing a 50% increase in the fine it was attempting to overturn after an appeal to the First-Tier Information Rights Tribunal. The UK Information Rights Tribunal hears appeals against decisions of the Information Commissioner’s Office actions relating to data protection, privacy electronic communications, freedom of information and environmental information. The … Continue Reading

NGOs may rely on UK’s Journalism Exemption

The UK Information Commissioner’s Officer (the “ICO”), in a letter to Global Witness (in Steinmetz and others v Global Witness) (the “Letter”), stated that non-media organisations may rely on the special-purposes exemption for journalism in s32 of the Data Protection Act 1998 (the “DPA”), to withhold personal data in response to Data Subject Access Requests. … Continue Reading

Google signs UK Undertaking to Improve its Privacy Policy

On 30 January 2015, Google signed an Undertaking with the Information Commissioner’s Office (ICO) to improve and amend the Privacy Policy it adopted 1 March 2012. Among other things, the modifications to the Privacy Policy allowed Google to combine personal data across all services and products. For example, personal data collected through YouTube could now … Continue Reading

Ofcom Publishes Plan To Support the Internet of Things

In January, Ofcom, the UK telecommunications regulator, published its Statement on ‘Promoting investment and innovation in the Internet of Things’ (Statement). The Statement acknowledges that the Internet of Things (IoT) has the potential to deliver significant benefits to citizens and consumers. In light of this, Ofcom sought views from its stakeholders on what role Ofcom … Continue Reading

UK ICO to endorse privacy seal schemes

The UK Information Commissioner’s Office (ICO) signalled its commitment to approving third-party “privacy seal” schemes following its recent public consultation. The first UK schemes should be operational by 2016. The consultation comes in anticipation of the European Commission’s revised data protection framework proposals, which may include provisions intended to encourage the adoption of privacy seals, … Continue Reading

Has Facebook been evil? It’s down to the regulators to decide

In June, Facebook came under public scrutiny after it was revealed that the company carried out research in 2012 that manipulated the News Feeds of 689,000 users. Several regulators are now poised to investigate Facebook’s conduct. The study exposed users to a large amount of either positive or negative comments in order to observe the … Continue Reading

The ICO Sets Out Agenda for 2014-2017

At the end of March, the UK Information Commissioner’s Office (ICO) released its corporate plan for 2014-2017 titled “Looking ahead, staying ahead” (the Plan). Information Commissioner Graham stated that the changes proposed are “about getting better results, for both consumers and for data controllers.” As the UK’s supervisory body for upholding information rights, the ICO … Continue Reading

ICO issues updated code of practice on subject access requests

The UK Information Commissioner’s Office (ICO) has issued an updated code of practice (the Code) on subject access requests, less than a year after releasing its original guidance paper on the topic. The Code is designed to help organisations fulfill their duties under the Data Protection Act 1998 (DPA) and contains guidance in relation to … Continue Reading

UK Information Commissioner’s Office and U.S. Federal Trade Commission sign Memorandum of Understanding

At the beginning of March, the UK Information Commissioner’s Office (ICO) signed a memorandum of understanding (MOU) with the U.S. Federal Trade Commission (FTC) at the IAPP Global Privacy Summit. The memorandum is aimed at increasing cooperation between the agencies, with UK Information Commissioner Graham stating that the arrangement would be “to the benefit of … Continue Reading
LexBlog