Information Commissioner's Office
ICO’s priorities and impact of our work
The Daily Telegraph recently (31 July 2021) ran a story about the focus of the ICO’s work and the impact that we make.
The article criticises the ICO's choice of regulatory priorities. As a regulator responsible for the whole economy, including the public sector and Government, with an important international mandate, our work requires us to make often difficult choices about how best to protect the public while enabling the responsible use of personal data.
We reject the claims that we chase headlines
The ICO takes a proportionate, pragmatic approach to its regulatory responsibilities. The approach is designed to build the public’s trust and confidence in data protection.
Modern regulation uses a wide range of tools. Fines and penalties are always a last resort.
Our work to advise organisations, helping them make changes and improvements to comply with the law, is the most effective way of reducing misuse of people’s data. Where monetary penalties are needed, we haven't shied away from using these powers, but effective regulation is about far more than the number of monetary penalties issued.
Our approach has been praised by business and government alike. Anthony Walker, deputy CEO of TechUK, speaking at their 2020 Digital Ethics Summit, said the ICO had “played a fundamental and important role” in developing digital ethics in the UK. John Whittingdale, Minister of State for Media and Data, speaking at the Data and the Future of Financial Services 2021, described the ICO as one of the most important regulators in the UK, adding: “I should like to thank Elizabeth Denham for the great job that she has done.”
In response to the claim that nuisance call fines have remained static despite the growth in size of the ICO
Following the introduction of the new data protection law, the GDPR in May 2018, the ICO has doubled in headcount, with a focus on increasing the technical, legal, and economic expertise in line with our increasingly complex technical remit.
Tech companies based across the world have a huge presence in the UK, processing UK citizens data. With our responsibility to protect the public, we need to understand and engage with these companies as well as to provide as much regulatory clarity and certainty to all the organisations we regulate.
Our growth has also involved increasing the number of people working in our teams dealing with complaints from the public and enquiries from small businesses as demand for these services has doubled since 2018. Over a third of all ICO staff now work in these public facing services.
With specific reference to nuisance marketing, the ICO has always, and continues to, take action where our advice is not followed and where we find serious, systemic or negligent behaviour that puts people’s information rights at risk.
Since April 2015, a total of £13,598,500 in PECR fines has been issued.
Where we identify organisations that can pay but won’t pay, we will pursue formal recovery action, via our financial recovery unit, which can result in insolvency. Equally, where directors seek to avoid payment via insolvency we actively exercise our full rights as a creditor, including nominating Insolvency Practitioners whose investigations can result in personal claims against directors. We also work closely with other enforcement agencies to disrupt and obstruct seriously non-compliant directors who, for example, may persist in continuing to make nuisance calls or send unsolicited spam despite our fine. This can result in directors being disqualified and further civil action or criminal prosecutions.
The nuisance call industry is growing in scale and complexity. Our successful and effective regulatory interventions in this area are now far more sophisticated and labour intensive than in 2015. Our record of being able to issue a consistent level of penalties year on year and take wider disruptive action is evidence of our continued commitment to this work.
We continue to work with our fellow regulators and with government to best direct and co-ordinate our collective resources on this important issue.
In response to the claims about the ICO’s approach to international travel
The ICO has an extensive remit both domestically and internationally, and ministers have been supportive of the ICO’s current leadership role among its data protection regulator counterparts.
It is vital for the work of the ICO that the Commissioner has a visible role, championing the rights of the public and directly engaging with stakeholders across the whole economy the ICO regulates. Any travel commitments for the Commissioner, or any member of ICO staff, are proportionate to the role and accounted for transparently. When travel to multiple overseas locations is necessary we work hard to reduce the number of flights involved.
Our statement, which was published in the Telegraph, in full
An ICO spokesperson recently said:
“The Commissioner travels internationally when required, as the ICO’s work is both domestic and global.
“Our approach of working with organisations and taking proportionate action is making a real impact in protecting people’s rights, from how charities use donors’ information to changing how police use data from victims’ mobile phones to supporting innovation through the Covid-19 pandemic.
“This approach helps to build the public trust in data-driven innovation that benefits people, businesses and economic growth.”
Latest News from
Information Commissioner's Office
Data breaches put domestic abuse victims’ lives at risk, UK Information Commissioner warns28/09/2023 13:15:00
The UK Information Commissioner has today called on organisations to handle personal information properly to avoid putting victims of domestic abuse at the risk of further danger.
“This needs to be dealt with.” - ICO issues Enforcement Notice to City of York Council over FOI backlog21/09/2023 16:25:00
The Information Commissioner’s Office (ICO) has issued an Enforcement Notice to City of York Council to clear its backlog of 261 unanswered Freedom of Information requests
ICO issues half a million pounds in new fines as fight to tackle illegal nuisance calls continues21/09/2023 15:25:00
The Information Commissioner’s Office (ICO) has issued fines totalling £590,000 to five companies for collectively making 1.9 million unwanted marketing calls which targeted the elderly and people with vulnerabilities.
Share information to protect children and young people at risk, urges UK Information Commissioner15/09/2023 10:15:00
Organisations will not get in trouble if they share information to protect children and young people at risk of serious harm, the UK Information Commissioner’s Office (ICO) has promised.
Former social services council employee fined for unlawfully accessing sensitive personal data14/09/2023 09:15:00
A former family intervention officer at St Helens Borough Council has been sentenced for unlawfully accessing social services records.
UK Information Commissioner and NCSC CEO sign Memorandum of Understanding13/09/2023 13:10:00
The UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (NCSC), Lindy Cameron, yesterday signed a joint Memorandum of Understanding (MoU) that sets out how both organisations will cooperate.
ICO to review period and fertility tracking apps as poll shows more than half of women are concerned over data security07/09/2023 16:20:00
The Information Commissioner’s Office (ICO) is reviewing period and fertility apps as new figures show more than half of women have concerns over data security
ICO publishes new guidance on sending bulk communications by email31/08/2023 16:20:00
The Information Commissioner’s Office (ICO) yesterday issued a warning to organisations to use alternatives to the blind carbon copy (BCC) email function when sending emails containing sensitive personal information, following a catalogue of business blunders.
Joint statement on data scraping and data protection25/08/2023 09:10:00
The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on social media sites.