Information Commissioner's Office
ICO’s priorities and impact of our work
The Daily Telegraph recently (31 July 2021) ran a story about the focus of the ICO’s work and the impact that we make.
The article criticises the ICO's choice of regulatory priorities. As a regulator responsible for the whole economy, including the public sector and Government, with an important international mandate, our work requires us to make often difficult choices about how best to protect the public while enabling the responsible use of personal data.
We reject the claims that we chase headlines
The ICO takes a proportionate, pragmatic approach to its regulatory responsibilities. The approach is designed to build the public’s trust and confidence in data protection.
Modern regulation uses a wide range of tools. Fines and penalties are always a last resort.
Our work to advise organisations, helping them make changes and improvements to comply with the law, is the most effective way of reducing misuse of people’s data. Where monetary penalties are needed, we haven't shied away from using these powers, but effective regulation is about far more than the number of monetary penalties issued.
Our approach has been praised by business and government alike. Anthony Walker, deputy CEO of TechUK, speaking at their 2020 Digital Ethics Summit, said the ICO had “played a fundamental and important role” in developing digital ethics in the UK. John Whittingdale, Minister of State for Media and Data, speaking at the Data and the Future of Financial Services 2021, described the ICO as one of the most important regulators in the UK, adding: “I should like to thank Elizabeth Denham for the great job that she has done.”
In response to the claim that nuisance call fines have remained static despite the growth in size of the ICO
Following the introduction of the new data protection law, the GDPR in May 2018, the ICO has doubled in headcount, with a focus on increasing the technical, legal, and economic expertise in line with our increasingly complex technical remit.
Tech companies based across the world have a huge presence in the UK, processing UK citizens data. With our responsibility to protect the public, we need to understand and engage with these companies as well as to provide as much regulatory clarity and certainty to all the organisations we regulate.
Our growth has also involved increasing the number of people working in our teams dealing with complaints from the public and enquiries from small businesses as demand for these services has doubled since 2018. Over a third of all ICO staff now work in these public facing services.
With specific reference to nuisance marketing, the ICO has always, and continues to, take action where our advice is not followed and where we find serious, systemic or negligent behaviour that puts people’s information rights at risk.
Since April 2015, a total of £13,598,500 in PECR fines has been issued.
Where we identify organisations that can pay but won’t pay, we will pursue formal recovery action, via our financial recovery unit, which can result in insolvency. Equally, where directors seek to avoid payment via insolvency we actively exercise our full rights as a creditor, including nominating Insolvency Practitioners whose investigations can result in personal claims against directors. We also work closely with other enforcement agencies to disrupt and obstruct seriously non-compliant directors who, for example, may persist in continuing to make nuisance calls or send unsolicited spam despite our fine. This can result in directors being disqualified and further civil action or criminal prosecutions.
The nuisance call industry is growing in scale and complexity. Our successful and effective regulatory interventions in this area are now far more sophisticated and labour intensive than in 2015. Our record of being able to issue a consistent level of penalties year on year and take wider disruptive action is evidence of our continued commitment to this work.
We continue to work with our fellow regulators and with government to best direct and co-ordinate our collective resources on this important issue.
In response to the claims about the ICO’s approach to international travel
The ICO has an extensive remit both domestically and internationally, and ministers have been supportive of the ICO’s current leadership role among its data protection regulator counterparts.
It is vital for the work of the ICO that the Commissioner has a visible role, championing the rights of the public and directly engaging with stakeholders across the whole economy the ICO regulates. Any travel commitments for the Commissioner, or any member of ICO staff, are proportionate to the role and accounted for transparently. When travel to multiple overseas locations is necessary we work hard to reduce the number of flights involved.
Our statement, which was published in the Telegraph, in full
An ICO spokesperson recently said:
“The Commissioner travels internationally when required, as the ICO’s work is both domestic and global.
“Our approach of working with organisations and taking proportionate action is making a real impact in protecting people’s rights, from how charities use donors’ information to changing how police use data from victims’ mobile phones to supporting innovation through the Covid-19 pandemic.
“This approach helps to build the public trust in data-driven innovation that benefits people, businesses and economic growth.”
Latest News from
Information Commissioner's Office
ICO and Ofcom strengthen partnership on online safety and data protection25/11/2022 15:20:00
The Information Commissioner’s Office (ICO) and Ofcom have today set out how we will work together to ensure coherence between the data protection and the new online safety regimes.
International transfers: empowering innovation and growth whilst protecting people’s personal information18/11/2022 12:25:00
Blog posted by: Emma Bate, 17 November 2022.
ICO launches consultation on how it prioritises FOI complaints09/11/2022 10:20:00
The Information Commissioner’s Office (ICO) has launched a consultation on how it prioritises the complaints it receives about public bodies’ handling of Freedom of Information (FOI) requests.
Department for Education warned after gambling companies benefit from learning records database08/11/2022 12:25:00
The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children.
ICO and Cabinet Office reach agreement on New Year Honours data breach fine03/11/2022 15:05:00
The UK Information Commissioner has agreed to reduce the £500,000 Monetary Penalty Notice (MPN) imposed on the Cabinet Office in 2021 in relation to the New Year Honours data breach to £50,000, which the Cabinet Office has agreed to pay, reflecting our new approach to working more effectively with public authorities.
Making our employment guidance work for you28/10/2022 09:05:00
A blog by Elanor McCombe, Group Manager - Policy
‘Immature biometric technologies could be discriminating against people’ says ICO in warning to organisations26/10/2022 09:10:00
The Information Commissioner’s Office (ICO) is warning organisations to assess the public risks of using emotion analysis technologies, before implementing these systems.
‘Biggest cyber risk is complacency, not hackers’ - UK Information Commissioner issues warning as construction company fined £4.4 million24/10/2022 12:25:00
The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.