Information Commissioner's Office
ICO invites comments on how it uses its powers to investigate, regulate and enforce
The Information Commissioner’s Office (ICO) has launched a consultation to gather the views of stakeholders and the public on how it regulates the laws it monitors and enforces.
People will have 14 weeks to comment on three documents, which are all designed to give direction and focus to the organisations it regulates.
The Regulatory Action Policy (RAP) updates the ICO’s 2018 policy and sets out the regulator’s general approach. It reinforces the ICO’s commitment to a proportionate and risk-based approach to enforcement, and it explains the factors taken into consideration before taking regulatory action such as monetary penalties, stop-processing orders or compulsory audits.
It also sets out how the ICO promotes best practice and ensures compliance and how it works with other regulators.
The RAP covers all 11 pieces of legislation that the ICO is responsible for including the UK GDPR, Data Protection Act 2018, Freedom of Information Act and the Privacy and Electronic Communications Regulations which cover nuisance calls, texts and emails.
Statutory Guidance on our Regulatory Action focusses on the sections in DPA 2018 that specify the ICO’s legal obligations to publish guidance to help organisations navigate the law. It also explains how the ICO uses its statutory powers to investigate and enforce UK information rights legislation.
Statutory Guidance on our PECR Powers explains how the ICO uses its statutory powers to enforce the data protection legislation relating to electronic communications like nuisance calls, emails and texts. The guidance focusses on the ICO’s powers to issue monetary penalty notices on a person, or an officer of a body, for data protection failures in respect of the PECR. This is a power that has recently been incorporated into law.
Taken together, these three documents set out how the ICO aims to carry out its mission to uphold information rights for the UK public in the digital age.
Chief Regulatory Officer James Dipple-Johnstone said:
“Information rights have never been more important or impactful. Now more than ever, we support innovation and economic growth, but both require the public to have trust in the way their personal information is used.
“We are focussed on promoting best practice and compliance but, where it is necessary, we will exercise a fair and proportionate approach to enforcement action.”
The ICO is inviting comments about how it exercises its regulatory responsibilities and statutory powers from individuals and organisations. Contributing views is easy through an online survey or via email. You can get more detailed information about the documents and how to feed back on the ICO website. Responses to the documents will be considered before final publication.
While the UK Government is considering changes to the current data protection regime, the ICO will continue to update its policies when it is both necessary and appropriate. The three documents, which are being consulted on, reflect the current regulatory landscape and are not time limited.
Publication of final documents, which is expected by the end of 2022, will be overseen by the new UK Information Commissioner. The Statutory Guidance documents must also be ratified by the Secretary of State for Digital, Culture, Media and Sport before being laid to Parliament.
Notes to editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the UK General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five Acts / Regulations.
- Monetary Penalties are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- Monetary Penalties under past and current law are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
- To report a concern to the ICO, visit ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
Blog: What does equality of access really mean when developing a career with a visual impairment?19/05/2022 12:25:00
On Global Accessibility Awareness Day, Paul Arnold, ICO Deputy Chief Executive and Chief Operating Officer shares his story.
Blog: A day in the life of the ICO’s information management team13/05/2022 12:25:00
“It’s important to remember the people behind the information.”
ICO response to Channel 4 ‘Inside the Metaverse’ documentary29/04/2022 12:25:00
A recent C4 Dispatches – Inside the Metaverse looked at the metaverse and how the platforms enforce against users that act inappropriately.
Conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC – 19 April 202220/04/2022 12:25:00
The ICO found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Statement following conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC13/04/2022 16:20:00
The Information Commissioner’s Office (ICO) has found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Children's privacy and international collaboration12/04/2022 15:20:00
John Edwards, UK Information Commissioner, is in Washington DC this week to meet with regulators, civil society, lawmakers and tech companies, as well as present the work of the ICO at the IAPP Global Privacy Summit.
Blog: Why protecting children online in UK living rooms starts 5,000 miles away12/04/2022 09:10:00
Blog posted by: John Edwards, UK Information Commissioner, 11 April 2022.
Statement in response to open Democracy's letter08/04/2022 12:25:00
openDemocracy has issued an open letter about the Freedom of Information Act.
John Edwards article in Civil Service World – 5 April 202207/04/2022 12:25:00
Civil Service World have published an article by John Edwards, in which he discusses what he’s learned so far from his listening tour, and offers reassurance about the service that the ICO is looking to give to people and businesses.