Information Commissioner's Office
Information Commissioner’s Office publishes 2019-20 annual report
The Information Commissioner’s Office (ICO) has published its annual report for 2019-20, covering what the Information Commissioner has called a “transformative period” for privacy and data protection and broader information rights.
Information Commissioner Elizabeth Denham yesterday said:
“We have seen a transformative period in our digital history, with privacy established as a mainstream concern, and with complex societal conversations increasingly asking data protection questions.
“This report shows the ICO has been at the centre of those discussions, from how facial recognition technology is used to how we protect children online.”
Highlights from the report, which covers the 12 months to 31 March 2020, include:
Supporting and protecting the public and organisations
The Age Appropriate Design Code, introduced by the Data Protection Act 2018, was published in January. When it comes into full effect, it will help steer businesses to comply with current information rights legislation.
We intervened in the High Court case on the use of facial recognition technology by the South Wales Police as part of our work to ensure that the use of this technology does not infringe people’s rights. As a response to the judgement, we issued the first Commissioner’s Opinion.
Guidance for businesses and organisations on data protection and Brexit implementation was published to help them comply with the law once the UK leaves the EU.
Our new freedom of information strategy was launched which sets out how we work to create a culture of openness in public authorities. It also commits us to making the case for reform of the access to information law as set out previously in our Outsourcing Oversight report.
- We received 38,514 data protection complaints.
- We closed 39,860 data protection cases (up from 34,684 in 2018/19) .
- We received 6,367 freedom of information complaint cases.
We took regulatory action 236 times in response to breaches of the legislation that we regulate. That included 54 information notices, eight assessment notices, seven enforcement notices, four cautions, eight prosecutions and 15 fines.
Over 2,100 investigations were conducted.
We settled a case with Facebook, which had been brought under the Data Protection Act 1998.
Through our successful regulatory sandbox service, we have worked with a number of innovative organisations of all sizes to explore new data uses in a safe way while helping to ensure their customers’ privacy.
We also received additional resources from the government’s regulators innovation fund to set up a hub with other regulators to streamline and reduce burdens on businesses and public services using data.
Our research grants programme has encouraged innovative research into privacy and data protection issues.
In January, we launched our consultation on an AI framework to allow the auditing and assessment of the risk associated with AI applications and how to ensure their use is transparent, fair and accountable.
On a global scale, we continue to chair the Global Privacy Assembly, driving forward the development of the assembly into an international network that can have an impact on key data protection issues across the year. This helps to protect UK citizen’s personal data as it crosses borders and helps UK businesses operating internationally.
Due to the period covered by the report it does not reflect the impact of COVID-19 although, acknowledging the pandemic, Ms Denham yesterday said:
”The digital evolution of the past decade has accelerated at a dizzying speed in the past few months. Digital services are now central to how so many of us work, entertain ourselves and talk to friends and family.”
But she added:
”The law has not changed, and the ICO continues to be a proportionate and practical regulator.”
Notes to Editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and Privacy and Electronic Communications Regulations 2003 (PECR).
- The General Data Protection Regulation (GDPR) is a data protection law which has applied in the UK since 25 May 2018. Its provisions are included in the Data Protection Act 2018. The Act also includes measures related to wider data protection reforms in areas not covered by the GDPR, such as law enforcement and security.
- Since 25 May 2018, the ICO has the power to impose a civil monetary penalty (CMP) on a data controller of up to £17million (20m Euros) or 4% of global turnover.
- Previous ICO annual reports can be read on our website at https://ico.org.uk/about-the-ico/our-information/annual-reports.
- To report a concern to the ICO go to org.uk/concerns.
For further information, please contact the ICO press office on 0303 123 9070 or email email@example.com.
Latest News from
Information Commissioner's Office
Blog: Data protection considerations and the NHS COVID-19 app21/09/2020 15:38:00
Information Commissioner Elizabeth Denham talks about the regulatory work the ICO has been involved in regarding the England and Wales NHS COVID-19 app.
Data protection guidance for collecting customer information21/09/2020 12:25:00
The Information Commissioner’s Office (ICO) has published data protection guidance for organisations mandated to collect customer and visitor information.
Accountability Framework: demonstrating your compliance14/09/2020 10:15:00
Ian Hulme, Director of Regulatory Assurance discusses the launch of our new Accountability Framework and how organisations can take part in the next stage of its development.
ICO fines company £130,000 for unauthorised pensions cold calls11/09/2020 09:10:00
The Information Commissioner’s Office (ICO) has issued a fine under a law brought in to stop scammers defrauding people out of their pensions.
Blog: Ten top tips for innovators09/09/2020 09:10:00
ICO are always looking for new and innovative ways to offer advice and support to any businesses involved in data protection because it is imperative that consumers who share their personal data with your organisation are confident that this data will be treated fairly, lawfully and transparently.
ICO’s Children’s Code will help protect children online02/09/2020 10:45:00
A statutory code requiring organisations to provide better online privacy protections for children comes into force today, triggering the start of a 12 month transition period.
2020 Annual Track survey results27/08/2020 15:10:00
As the UK economy adjusts to the impact of COVID-19, it has never been more important for organisations to understand what their customers want and expect.
Children’s privacy and data sharing in focus as ICO regulatory sandbox re-opens20/08/2020 14:10:00
The ICO is re-opening the regulatory sandbox, its free service, designed to support organisations using personal data to develop innovative products and services.