Information Commissioner's Office
ICO’s priorities and impact of our work
The Daily Telegraph recently (31 July 2021) ran a story about the focus of the ICO’s work and the impact that we make.
The article criticises the ICO's choice of regulatory priorities. As a regulator responsible for the whole economy, including the public sector and Government, with an important international mandate, our work requires us to make often difficult choices about how best to protect the public while enabling the responsible use of personal data.
We reject the claims that we chase headlines
The ICO takes a proportionate, pragmatic approach to its regulatory responsibilities. The approach is designed to build the public’s trust and confidence in data protection.
Modern regulation uses a wide range of tools. Fines and penalties are always a last resort.
Our work to advise organisations, helping them make changes and improvements to comply with the law, is the most effective way of reducing misuse of people’s data. Where monetary penalties are needed, we haven't shied away from using these powers, but effective regulation is about far more than the number of monetary penalties issued.
Our approach has been praised by business and government alike. Anthony Walker, deputy CEO of TechUK, speaking at their 2020 Digital Ethics Summit, said the ICO had “played a fundamental and important role” in developing digital ethics in the UK. John Whittingdale, Minister of State for Media and Data, speaking at the Data and the Future of Financial Services 2021, described the ICO as one of the most important regulators in the UK, adding: “I should like to thank Elizabeth Denham for the great job that she has done.”
In response to the claim that nuisance call fines have remained static despite the growth in size of the ICO
Following the introduction of the new data protection law, the GDPR in May 2018, the ICO has doubled in headcount, with a focus on increasing the technical, legal, and economic expertise in line with our increasingly complex technical remit.
Tech companies based across the world have a huge presence in the UK, processing UK citizens data. With our responsibility to protect the public, we need to understand and engage with these companies as well as to provide as much regulatory clarity and certainty to all the organisations we regulate.
Our growth has also involved increasing the number of people working in our teams dealing with complaints from the public and enquiries from small businesses as demand for these services has doubled since 2018. Over a third of all ICO staff now work in these public facing services.
With specific reference to nuisance marketing, the ICO has always, and continues to, take action where our advice is not followed and where we find serious, systemic or negligent behaviour that puts people’s information rights at risk.
Since April 2015, a total of £13,598,500 in PECR fines has been issued.
Where we identify organisations that can pay but won’t pay, we will pursue formal recovery action, via our financial recovery unit, which can result in insolvency. Equally, where directors seek to avoid payment via insolvency we actively exercise our full rights as a creditor, including nominating Insolvency Practitioners whose investigations can result in personal claims against directors. We also work closely with other enforcement agencies to disrupt and obstruct seriously non-compliant directors who, for example, may persist in continuing to make nuisance calls or send unsolicited spam despite our fine. This can result in directors being disqualified and further civil action or criminal prosecutions.
The nuisance call industry is growing in scale and complexity. Our successful and effective regulatory interventions in this area are now far more sophisticated and labour intensive than in 2015. Our record of being able to issue a consistent level of penalties year on year and take wider disruptive action is evidence of our continued commitment to this work.
We continue to work with our fellow regulators and with government to best direct and co-ordinate our collective resources on this important issue.
In response to the claims about the ICO’s approach to international travel
The ICO has an extensive remit both domestically and internationally, and ministers have been supportive of the ICO’s current leadership role among its data protection regulator counterparts.
It is vital for the work of the ICO that the Commissioner has a visible role, championing the rights of the public and directly engaging with stakeholders across the whole economy the ICO regulates. Any travel commitments for the Commissioner, or any member of ICO staff, are proportionate to the role and accounted for transparently. When travel to multiple overseas locations is necessary we work hard to reduce the number of flights involved.
Our statement, which was published in the Telegraph, in full
An ICO spokesperson recently said:
“The Commissioner travels internationally when required, as the ICO’s work is both domestic and global.
“Our approach of working with organisations and taking proportionate action is making a real impact in protecting people’s rights, from how charities use donors’ information to changing how police use data from victims’ mobile phones to supporting innovation through the Covid-19 pandemic.
“This approach helps to build the public trust in data-driven innovation that benefits people, businesses and economic growth.”
Latest News from
Information Commissioner's Office
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted24/05/2022 09:10:00
The Information Commissioner’s Office (ICO) has fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.
Director’s Update: Doing more with less – working with the FOI community to improve future FOI regulation23/05/2022 12:25:00
This is the second in a series of updates from Warren Seddon, Director of FOI and Transparency.
Blog: What does equality of access really mean when developing a career with a visual impairment?19/05/2022 12:25:00
On Global Accessibility Awareness Day, Paul Arnold, ICO Deputy Chief Executive and Chief Operating Officer shares his story.
Blog: A day in the life of the ICO’s information management team13/05/2022 12:25:00
“It’s important to remember the people behind the information.”
ICO response to Channel 4 ‘Inside the Metaverse’ documentary29/04/2022 12:25:00
A recent C4 Dispatches – Inside the Metaverse looked at the metaverse and how the platforms enforce against users that act inappropriately.
Conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC – 19 April 202220/04/2022 12:25:00
The ICO found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Statement following conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC13/04/2022 16:20:00
The Information Commissioner’s Office (ICO) has found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Children's privacy and international collaboration12/04/2022 15:20:00
John Edwards, UK Information Commissioner, is in Washington DC this week to meet with regulators, civil society, lawmakers and tech companies, as well as present the work of the ICO at the IAPP Global Privacy Summit.