Information Commissioner's Office
Blog: Providing practical data protection guidance to the media sector
A blog by Elizabeth Denham, Information Commissioner
Freedom of expression and freedom of information play a vital role in our democracy. Trust in our democratic system relies on people to ask questions of public bodies who operate on their behalf, to understand and scrutinise the decisions of local and national government.
A free press is a crucial part of that trust. Journalists perform an essential function – whether that is by informing the public about what takes place in the halls of power or by holding elected officials and public institutions accountable, at a national or local level. Their work can create social change, bring issues to the forefront of decision makers and help citizens to participate in society.
Personal data is often at the heart of the stories journalists tell. Data protection law recognises and specifically protects the special public interest served by journalism and freedom of expression. And the law also protects people’s privacy rights, reassuring them that there are proportionate checks and balances in place.
My office has been working on a statutory code of practice to help media organisations and key staff with compliance responsibilities, such as senior editors, data protection officers and lawyers, understand their obligations. The ICO is required to produce the code under the Data Protection Act 2018.
The draft journalism code of practice is now out for consultation, and the support it offers reflects changes in legislation, developments in privacy case law and the digital age. It provides practical help to strike the right balance between journalism, freedom of expression and data protection and responds to feedback from our earlier call for views.
Let me be clear, the code is about data protection law. The code does not concern press conduct or standards in general, and journalists can be reassured that data protection law and the code will not stop them from doing their job of informing the public and holding the powerful to account.
In fact, many of the key data protection principles, such as treating people fairly, keeping personal data secure and making sure it is accurate, will already be familiar practice to journalists in their day-to-day work.
Our code will support media organisations and journalists in getting data protection right, which ultimately helps them build and maintain public trust and confidence in their work.
Through our consultation, we want to hear more from journalists, media organisations, civil society and campaign groups, academics, bloggers and individuals so they can continue to help shape the final code. We will also be running online workshops with the industry and other experts in November 2021 to discuss key themes in the code and the development of tools and resources. Register your interest to attend the workshops by completing this online survey.
By engaging closely with the sector we will make sure the final code and its resources are practical and effective in supporting the vital public interest work journalists do.
Notes to Editors
About the draft Journalism Code of Practice
- The Data Protection Act 2018 (DPA18) requires the ICO to produce a statutory code of practice that provides practical guidance for organisations and individuals processing personal data for the purposes of journalism.
- The DPA18 also requires the ICO to create guidance for the public on how to complain about media organisations, and review how personal data is being processed for the purposes of journalism.
- The draft journalism code of practice builds on the ‘Data protection and journalism: a guide for the media’ published in 2014, and it takes into account the responses from the initial call for views in 2019. You can read the responses here.
- The ICO is encouraging journalists, media organisations, civil society and campaign groups, academics, bloggers and members of the public to submit their opinions on the draft code through the consultation by 10 January 2022.
- The ICO will also be running online workshops with the industry in November 2021 to discuss key themes in the code and the development of practical tools and resources. To register your interest to attend the workshops please complete this online survey.
- Alongside the draft code, the regulator is also seeking views on a draft impact assessment. Responses will help the ICO understand the practical impact of proposed approaches on organisations and individuals.
- The current consultation and stakeholder engagement will inform a final code of practice the ICO will lay before Parliament.
About the Information Commissioner’s Office
- The Information Commissioner’s Office (ICO) upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- Since 25 May 2018, the ICO has the power to impose a civil monetary penalty (CMP) on a data controller of up to £17million (20m Euro) or 4% of global turnover.
- The DPA2018 and UK GDPR gave the ICO new strengthened powers.
- The data protection principles in the UK GDPR evolved from the original DPA, and set out the main responsibilities for organisations.
- To report a concern to the ICO, go to org.uk/concerns.
Latest News from
Information Commissioner's Office
Statement in response to the government’s announcement on the upcoming Data Reform Bill17/06/2022 13:10:00
The government has published its response to a consultation on the upcoming Data Reform Bill.
Information Commissioner calls for an end to the excessive collection of personal information from victims of rape and serious sexual assault31/05/2022 14:05:00
The UK Information Commissioner has called on the criminal justice sector to immediately stop collecting excessive amounts of personal information from victims of rape and serious sexual assault cases.
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted24/05/2022 09:10:00
The Information Commissioner’s Office (ICO) has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.
Director’s Update: Doing more with less – working with the FOI community to improve future FOI regulation23/05/2022 12:25:00
This is the second in a series of updates from Warren Seddon, Director of FOI and Transparency.
Blog: What does equality of access really mean when developing a career with a visual impairment?19/05/2022 12:25:00
On Global Accessibility Awareness Day, Paul Arnold, ICO Deputy Chief Executive and Chief Operating Officer shares his story.
Blog: A day in the life of the ICO’s information management team13/05/2022 12:25:00
“It’s important to remember the people behind the information.”
ICO response to Channel 4 ‘Inside the Metaverse’ documentary29/04/2022 12:25:00
A recent C4 Dispatches – Inside the Metaverse looked at the metaverse and how the platforms enforce against users that act inappropriately.
Conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC – 19 April 202220/04/2022 12:25:00
The ICO found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Statement following conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC13/04/2022 16:20:00
The Information Commissioner’s Office (ICO) has found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).