Information Commissioner's Office
ICO’s priorities and impact of our work
The Daily Telegraph recently (31 July 2021) ran a story about the focus of the ICO’s work and the impact that we make.
The article criticises the ICO's choice of regulatory priorities. As a regulator responsible for the whole economy, including the public sector and Government, with an important international mandate, our work requires us to make often difficult choices about how best to protect the public while enabling the responsible use of personal data.
We reject the claims that we chase headlines
The ICO takes a proportionate, pragmatic approach to its regulatory responsibilities. The approach is designed to build the public’s trust and confidence in data protection.
Modern regulation uses a wide range of tools. Fines and penalties are always a last resort.
Our work to advise organisations, helping them make changes and improvements to comply with the law, is the most effective way of reducing misuse of people’s data. Where monetary penalties are needed, we haven't shied away from using these powers, but effective regulation is about far more than the number of monetary penalties issued.
Our approach has been praised by business and government alike. Anthony Walker, deputy CEO of TechUK, speaking at their 2020 Digital Ethics Summit, said the ICO had “played a fundamental and important role” in developing digital ethics in the UK. John Whittingdale, Minister of State for Media and Data, speaking at the Data and the Future of Financial Services 2021, described the ICO as one of the most important regulators in the UK, adding: “I should like to thank Elizabeth Denham for the great job that she has done.”
In response to the claim that nuisance call fines have remained static despite the growth in size of the ICO
Following the introduction of the new data protection law, the GDPR in May 2018, the ICO has doubled in headcount, with a focus on increasing the technical, legal, and economic expertise in line with our increasingly complex technical remit.
Tech companies based across the world have a huge presence in the UK, processing UK citizens data. With our responsibility to protect the public, we need to understand and engage with these companies as well as to provide as much regulatory clarity and certainty to all the organisations we regulate.
Our growth has also involved increasing the number of people working in our teams dealing with complaints from the public and enquiries from small businesses as demand for these services has doubled since 2018. Over a third of all ICO staff now work in these public facing services.
With specific reference to nuisance marketing, the ICO has always, and continues to, take action where our advice is not followed and where we find serious, systemic or negligent behaviour that puts people’s information rights at risk.
Since April 2015, a total of £13,598,500 in PECR fines has been issued.
Where we identify organisations that can pay but won’t pay, we will pursue formal recovery action, via our financial recovery unit, which can result in insolvency. Equally, where directors seek to avoid payment via insolvency we actively exercise our full rights as a creditor, including nominating Insolvency Practitioners whose investigations can result in personal claims against directors. We also work closely with other enforcement agencies to disrupt and obstruct seriously non-compliant directors who, for example, may persist in continuing to make nuisance calls or send unsolicited spam despite our fine. This can result in directors being disqualified and further civil action or criminal prosecutions.
The nuisance call industry is growing in scale and complexity. Our successful and effective regulatory interventions in this area are now far more sophisticated and labour intensive than in 2015. Our record of being able to issue a consistent level of penalties year on year and take wider disruptive action is evidence of our continued commitment to this work.
We continue to work with our fellow regulators and with government to best direct and co-ordinate our collective resources on this important issue.
In response to the claims about the ICO’s approach to international travel
The ICO has an extensive remit both domestically and internationally, and ministers have been supportive of the ICO’s current leadership role among its data protection regulator counterparts.
It is vital for the work of the ICO that the Commissioner has a visible role, championing the rights of the public and directly engaging with stakeholders across the whole economy the ICO regulates. Any travel commitments for the Commissioner, or any member of ICO staff, are proportionate to the role and accounted for transparently. When travel to multiple overseas locations is necessary we work hard to reduce the number of flights involved.
Our statement, which was published in the Telegraph, in full
An ICO spokesperson recently said:
“The Commissioner travels internationally when required, as the ICO’s work is both domestic and global.
“Our approach of working with organisations and taking proportionate action is making a real impact in protecting people’s rights, from how charities use donors’ information to changing how police use data from victims’ mobile phones to supporting innovation through the Covid-19 pandemic.
“This approach helps to build the public trust in data-driven innovation that benefits people, businesses and economic growth.”
Latest News from
Information Commissioner's Office
International progress for domestic benefit: why the ICO convened a G7 meeting on data flows20/09/2021 16:15:00
A blog by Elizabeth Denham, UK Information Commissioner
We Buy Any Car, Sports Direct and Saga fined £495,000 after sending millions of ‘frustrating and intrusive’ nuisance messages.15/09/2021 13:20:00
The ICO has today announced fines totalling £495,000 to well-known companies that between them sent more than 354 million nuisance messages.
Blog: Sharing personal data in an emergency – a guide for universities and colleges15/09/2021 09:15:00
A blog by Viv Adams, Principal Policy Adviser in the ICO Parliament and Government Affairs team
G7 data protection and privacy authorities’ meeting: communiqué13/09/2021 09:10:00
The UK Information Commissioner’s Office (ICO) brought together data protection and privacy authorities from G7 countries, as well as guests from the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF), for a discussion this week on shared emerging challenges that need closer international collaboration.
Statement in response to DCMS consultation into proposed data protection reform10/09/2021 14:10:00
Statement given yesterday in response to DCMS consultation into proposed data protection reform.
ICO to call on G7 countries to tackle cookie pop-ups challenge07/09/2021 14:10:00
The UK Information Commissioner’s Office (ICO) will today call on fellow G7 data protection and privacy authorities to work together to overhaul cookie consent pop-ups, so people’s privacy is more meaningfully protected and businesses can provide a better web browsing experience.
ICO fines Glasgow company for making half a million nuisance calls05/09/2021 09:10:00
The Information Commissioner’s Office (ICO) has fined Glasgow-based company DialADeal Scotland Ltd (DDSL) for making more than half a million nuisance marketing calls.
Statement on DCMS announcement of next Information Commissioner26/08/2021 12:10:00
The Department for Culture, Media and Sport has today announced that John Edwards is the Government's preferred nominee to be the next Information Commissioner.