Tag Archives: ICO

ICO Responds to the ePrivacy Directive Consultation

In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading

Secretive Direct Marketers Face Fresh Restrictions on their Anonymity

From 16 May, those making (or instigating) direct marketing telephone calls must provide Caller Line Identification (‘CLI’) when making calls live or through automated means. The display of their telephone numbers to consumers has the effect of making it easier for consumers to refuse and/or report unwanted marketing calls. The Privacy and Electronic Communications (EC … Continue Reading

WiFi Privacy: Network Analytics Guidance Issued by ICO

The Information Commissioner’s Office (ICO) has issued guidance to help wireless (WiFi) operators understand their duties under the Data Protection Act 1998 (DPA) when collecting and using location and other analytics information. When a device’s WiFi functionality is enabled, it broadcasts ‘probe requests’ to find WiFi networks that are within range. If the device discovers … Continue Reading

Happy Data Protection Day! ICO and Senate Committee’s spotlight on data protection

In preparation for European Data Protection Day on 28 January, the ICO commissioned a survey on attitudes towards data protection. The YouGov poll revealed growing public concern over data privacy and security. Of more than 2000 respondents questioned: 95% considered it “very or fairly important” that companies were clear from the outset about how their … Continue Reading

The UK’s data protection regulator cracks the enforcement whip

As 2015 draws to a close, the UK’s Data Protection Regulator, the Information Commissioner’s Office (‘ICO’), is making sure it ends the year with a bang. The past few months have seen a significant increase in enforcement action, a theme which seems to be common for the regulator at this time of year because of … Continue Reading

EU Data Protection Reforms: ICO Critiques Council Draft Regulation Over Consent, Access Rights, EU v. Member State Balance of Power

With the EU Data Protection “reform train” rounding what is hopefully the final bend towards the summit of consensus, the UK ICO have published their latest analysis on the Council’s draft EU Data Protection Regulation. The analysis demonstrates the improvement needed in order to ensure that the new law provides effective protection to individuals while … Continue Reading

UK first: right-to-be-forgotten notice issued against Google Inc.

The UK’s Information Commissioner’s Office (‘ICO’) has published what appears to be its first public enforcement notice based upon “the right to be forgotten” against Google Inc. The “right to be forgotten” was introduced by the ECJ last year when it held that data subjects have a right to compel search engines to remove results … Continue Reading

UK ICO Annual Report highlights 100% success rate for monetary penalties imposed

The ICO, the UK’s data protection authority, published its 2014-2015 annual report. Most noticeably, the ICO announced that they had enforced no successful appeals against Monetary Penalty Notices. The ICO can impose civil monetary penalties of up to £500,000 for serious breaches of the Data Protection Act 1998, but this can be reduced by 20% … Continue Reading

Reactiv Media fine increased on appeal by UK Information Rights Tribunal

Reactiv Media has found itself facing a 50% increase in the fine it was attempting to overturn after an appeal to the First-Tier Information Rights Tribunal. The UK Information Rights Tribunal hears appeals against decisions of the Information Commissioner’s Office actions relating to data protection, privacy electronic communications, freedom of information and environmental information. The … Continue Reading

NGOs may rely on UK’s Journalism Exemption

The UK Information Commissioner’s Officer (the “ICO”), in a letter to Global Witness (in Steinmetz and others v Global Witness) (the “Letter”), stated that non-media organisations may rely on the special-purposes exemption for journalism in s32 of the Data Protection Act 1998 (the “DPA”), to withhold personal data in response to Data Subject Access Requests. … Continue Reading

Google signs UK Undertaking to Improve its Privacy Policy

On 30 January 2015, Google signed an Undertaking with the Information Commissioner’s Office (ICO) to improve and amend the Privacy Policy it adopted 1 March 2012. Among other things, the modifications to the Privacy Policy allowed Google to combine personal data across all services and products. For example, personal data collected through YouTube could now … Continue Reading

Ofcom Publishes Plan To Support the Internet of Things

In January, Ofcom, the UK telecommunications regulator, published its Statement on ‘Promoting investment and innovation in the Internet of Things’ (Statement). The Statement acknowledges that the Internet of Things (IoT) has the potential to deliver significant benefits to citizens and consumers. In light of this, Ofcom sought views from its stakeholders on what role Ofcom … Continue Reading

UK ICO to endorse privacy seal schemes

The UK Information Commissioner’s Office (ICO) signalled its commitment to approving third-party “privacy seal” schemes following its recent public consultation. The first UK schemes should be operational by 2016. The consultation comes in anticipation of the European Commission’s revised data protection framework proposals, which may include provisions intended to encourage the adoption of privacy seals, … Continue Reading

Has Facebook been evil? It’s down to the regulators to decide

In June, Facebook came under public scrutiny after it was revealed that the company carried out research in 2012 that manipulated the News Feeds of 689,000 users. Several regulators are now poised to investigate Facebook’s conduct. The study exposed users to a large amount of either positive or negative comments in order to observe the … Continue Reading

The ICO Sets Out Agenda for 2014-2017

At the end of March, the UK Information Commissioner’s Office (ICO) released its corporate plan for 2014-2017 titled “Looking ahead, staying ahead” (the Plan). Information Commissioner Graham stated that the changes proposed are “about getting better results, for both consumers and for data controllers.” As the UK’s supervisory body for upholding information rights, the ICO … Continue Reading

ICO issues updated code of practice on subject access requests

The UK Information Commissioner’s Office (ICO) has issued an updated code of practice (the Code) on subject access requests, less than a year after releasing its original guidance paper on the topic. The Code is designed to help organisations fulfill their duties under the Data Protection Act 1998 (DPA) and contains guidance in relation to … Continue Reading

UK Information Commissioner’s Office and U.S. Federal Trade Commission sign Memorandum of Understanding

At the beginning of March, the UK Information Commissioner’s Office (ICO) signed a memorandum of understanding (MOU) with the U.S. Federal Trade Commission (FTC) at the IAPP Global Privacy Summit. The memorandum is aimed at increasing cooperation between the agencies, with UK Information Commissioner Graham stating that the arrangement would be “to the benefit of … Continue Reading

Information Commissioner’s Office issues updated code of practice on conducting Privacy Impact Assessments

In February, the UK Information Commission’s Office (ICO) issued an updated code of practice on conducting Privacy Impact Assessments (PIA), with a six-point process for organisations to follow (the Code). A PIA is intended to focus the attention of an organisation on the way that data is held and used in any project, and reduce … Continue Reading

UK High Court Defines Tests To Determine if Data is Personal

This post was written by Cynthia O’Donoghue. The UK High Court was forced to re-examine the concept of ‘personal data’ in the recent case of Kelway v The Upper Tribunal, Northumbria Police and the Information Commissioner (2013) EWHC 2575 (Admin). The case involved an application for judicial review by Dr Kelway against two decisions of … Continue Reading

UK ICO criticises elements of the proposed EU cybersecurity Directive

Last month, the Information Commissioner’s Office (ICO) published a response to the government’s call for views and evidence on the draft EU Directive on Network and Information Security (NIS Directive). The ICO’s criticism stemmed from its experience with mandatory data breach notifications from the telecoms sector and included suggestions for modifying the proposed NIS Directive. … Continue Reading

UK Information Commissioner fine of £250,000 overturned

This post was written by Cynthia O’Donoghue. The UK’s First-tier Tribunal (Information Rights) has overturned a monetary penalty issued by the Information Commissioner’s Office (ICO) against the Scottish Borders Council. The £250,000 penalty related to the unsecure disposal of hard copies of council records containing personal data and had been issued by the ICO in … Continue Reading
LexBlog