Tag Archives: Information Commissioner’s Office

One year of GDPR – lessons learned by the ICO

The Information Commissioner’s Office (ICO) has published its update reflecting on its GDPR experience over the past year and its upcoming priorities to stay relevant, foster innovation and maintain its position as an “influential regulator on the national and international stage”. Supporting the public, DPOs, SMEs and other organisations The first year of the GDPR … Continue Reading

Is 2019 the year for GDPR certification and codes of conduct?

The UK’s Information Commissioner’s Office (ICO) has published new guidance on certification and codes of conduct for data processing as well as expected timetables for finalising its revised guidelines on these topics. Certification Certification is a voluntary mechanism for organisations to validate their compliance with the General Data Protection Regulation 2016/679 (GDPR). Once the submissions … Continue Reading

ICO blogs on meaningfulness of human involvement in AI systems

Researchers at the Information Commissioner’s Office (ICO) have started a series of blogs discussing the ICO’s work in developing a framework for auditing artificial intelligence (AI). In the first blog of the series, the discussion revolves around the degree and quality of human review in AI systems, specifically, in what circumstances human involvement can be … Continue Reading

Protection of children’s online space: ICO issues code of practice on age-appropriate design

The UK Information Commissioner’s Office (ICO) issued a consultation on a draft code of practice for designing age-appropriate access for children accessing online products and services provided by information society services (ISS). The consultation closes on 31 May 2019. The draft code sets out principles for any online service accessed by children under the age … Continue Reading

Regulating the tech giants

“2018 was the year that people have woken up to the importance of privacy and have begun to bite back at big tech”. This was the view expressed by James Dipple-Johnstone, Deputy Commissioner (Operations) at the UK Information Commissioner’s Officer (ICO), during his recent speech at the Institute of Directors in London. The speech focused … Continue Reading

ICO Responds to the ePrivacy Directive Consultation

In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading

Reactiv Media fine increased on appeal by UK Information Rights Tribunal

Reactiv Media has found itself facing a 50% increase in the fine it was attempting to overturn after an appeal to the First-Tier Information Rights Tribunal. The UK Information Rights Tribunal hears appeals against decisions of the Information Commissioner’s Office actions relating to data protection, privacy electronic communications, freedom of information and environmental information. The … Continue Reading

UK Government releases ‘Bring Your Own Device’ Guidance

In early October, the UK government updated a collection of guidance notes they had issued on ‘bring your own device’ initiatives (BYOD). Given the increase in employees using their personal devices to connect to their employers’ systems, employers in both the private and public sector will welcome this guidance. The ‘BYOD Guidance: Executive Summary’ describes … Continue Reading

ICO January Updates for 2014

The ICO has had a busy January with some key updates to note for the start of 2014. The ICO has produced a series of quarterly reports: Spam text messages The main three topics for the subject of unsolicited marketing text messages were found to be debt management, payday loans and payment protection insurance. Enforcement … Continue Reading

UK High Court Defines Tests To Determine if Data is Personal

This post was written by Cynthia O’Donoghue. The UK High Court was forced to re-examine the concept of ‘personal data’ in the recent case of Kelway v The Upper Tribunal, Northumbria Police and the Information Commissioner (2013) EWHC 2575 (Admin). The case involved an application for judicial review by Dr Kelway against two decisions of … Continue Reading

ICO adopts enforcement action plan

This post was written by Cynthia O’Donoghue. The UK data protection watchdog, the Information Commissioner’s Office (ICO), has published a Data Protection Regulatory Action Policy, setting out factors the ICO will consider when deciding whether to initiate enforcement action and what form it should take. The policy should assist organisations with understanding the enforcement process … Continue Reading

UK data protection authority publishes data breach statistics

The UK data protection authority, Information Commissioner’s Office (ICO), has published statistics regarding breach incidents in the first quarter of this year (1 April – 30 June 2013). In a related press release, the ICO discussed conclusions drawn from the numbers regarding the most common types of data breaches and the sectors that appear to … Continue Reading

Sony Computer Entertainment Europe to appeal the ICO’s £250k fine

The UK Information Commissioner’s Office (the “ICO”) has served a monetary penalty notice of £250,000 on Sony Computer Entertainment Europe following the hacking of Sony’s PlayStation Network in April 2011, which it described as a serious breach of the UK Data Protection Act (the “Act”). The ICO stated that Sony did not take “appropriate technical … Continue Reading

UK Information Commissioner’s Office Releases ‘Bring Your Own Device’ Guidance

The UK Information Commissioner’s Office (ICO) published guidance on ‘bring your own device’ (BYOD), given the tremendous increase in employees both connecting to, and seeking to be able to use their personal devices to connect to, their employers’ systems. The ICO reported that 47% of employees now use personal smartphones, laptops or tablets for work, … Continue Reading

The UK Information Commissioner details the timeline of the EU data protection reforms

The UK Information Commissioner’s Office (“ICO”) has published an explanation of the process and timeline of the proposed EU data protection reform and its involvement in the on-going negotiations. According to the ICO, the proposed EU data protection reforms could “be one of the biggest changes to data protection that the (UK) has ever seen.” … Continue Reading

UK Information Commissioners Office presents article-by-article analysis of the proposed new General Data Protection Regulation

Following the publication of its “further thoughts” on the European Commission’s proposed new data protection framework, the ICO has now published an in-depth, article-by-article analysis of the proposed General Data Protection Regulation (the Regulation). The ICO pointed out that this is an important opportunity to get the framework correct, as it is likely to remain … Continue Reading

The UK Information Commissioner’s Office publishes report on new cookie rules compliance activity

The UK Information Commissioner’s Office (ICO) has published a report detailing compliance and consumer concerns about use of cookies, following the changes under Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR), which require consent, more transparent notice and opt-out. In response to more than 550 consumer complaints about implied consent mechanisms and the … Continue Reading

UK Information Commissioner fines company distributing spam texts for illegal marketing

In a clampdown on the UK’s growing illegal telemarketing, the Information Commissioner’s Office (ICO) issued its first monetary penalties under the Privacy and Electronic Communications Regulations 2011 (PECR) in November. Following an 18-month investigation, Christopher Niebel and Gary McNeish of Tetrus Telecoms were fined £300,000 and £140,000 respectively for distributing up to 840,000 illegal spam … Continue Reading

ICO publishes guide on Anonymisation in the UK

The UK Information Commissioner’s Office (ICO) has published a code of good practice on managing the risks related to anonymisation. Christopher Graham, UK Information Commissioner, believes this to be the first code of practice on anonymisation to be published by any European data protection authority, but Liechtenstein published a guide on anonymisation and pseudonymisation earlier … Continue Reading

UK’s ICO Seeks Input on Use of Privacy Seals

The EU’s proposed EU Data Protection Framework encourages the use of privacy seals, certification mechanisms and trust marks. Any organisation which has obtained a privacy seal would be considered to have attained a ‘stamp of approval’, indicating good privacy standards. Anticipating the development of data protection kite marks, the UK Information Commissioner’s Office has launched … Continue Reading

UK Information Commissioner fines Prudential Assurance for breaching the Data Protection Act

The UK Information Commissioner’s Office (ICO) served a monetary penalty of £50,000 on Prudential, after Pru merged accounts of two people with the same name and same date of birth five years ago. The “mix-up” in administration of two accounts culminated in tens of thousands of pounds ending up in the wrong account. Despite repeated … Continue Reading

Information Commissioner’s Office set to issue first fines under the Privacy and Electronic Communications Regulations

Since March of this year, the Information Commissioner’s Office (ICO) has been asking members of the public to report any calls or texts they have received from unknown senders by using an online survey. The survey information has allowed the ICO to focus its investigations on organisations responsible for making unsolicited communications. The ICO received … Continue Reading