Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

pen, phone and newspaper

This page highlights coverage of our work in the media, as well as providing rebuttals and clarifications of articles and commentary where necessary.

Highlights from the Data Protection Practitioners’ Conference 2022 – 10 August 2022

Our Data Protection Practitioners’ Conference 2022 brought together more than 3,000 data protection professionals from across the country in July 2022.

Politics Home covered the speech from Marcial Boo, chief executive of the Equalities and Human Rights Commission, where he emphasised the importance of the ICO’s work in supporting organisations to make the right decisions about collecting good-quality data to address inequalities.

At the conference, John Edwards, UK Information Commissioner, highlighted the information governance and legislation training modules we provide to our staff as part of our internal training. He urged organisations to encourage staff to find an hour or two over the coming weeks to improve their data protection and information rights expertise. He said: “Crucially, more data protection experts means more people safeguarding and empowering people, by upholding their rights.”

Read more about what we learned at DPPC 2022.

Addressing privacy concerns on the use of live facial recognition technology – 27 July 2022

City AM, The Guardian and Mail Online reported on Big Brother Watch’s complaint to us about Southern Co-operative’s use of live facial recognition (LFR) technology in their stores.

Here’s our statement:

“Data protection law sets a high bar for police forces, public authorities and businesses to justify the use of live facial recognition (LFR) technology and its algorithms in public places. We have explained in two separate Opinions the important data protection standards that organisations must follow before and during the use of LFR.

“As with any new technology, it is crucial that people’s privacy is at the heart of any decisions to deploy LFR so public trust and confidence are not lost.

“We are assessing the compliance of a small number of private companies who have used, or are currently using, live facial recognition technology. Facewatch is amongst the organisations under consideration. We will also assess the information provided by Big Brother Watch.”

You can read our guidance on the use of LFR by law enforcement agencies and other organisations and businesses here:

 

 

 

ICO25: empowering people through information – 15 July 2022

The ICO’s three year strategic plan, launched at an event in London on 14 July 2002, was covered by a number of outlets including: BBC Radio 4 Today programme, PA Media, the Daily Telegraph, the Guardian, Sky news, City A.M, Mail online, the Independent, Evening Standard, Wales online, ITPro and Computer Weekly.

The plan received support from a number of stakeholders on social media including: Ofsted, techUK, Federation of Small Businesses, Campaign for Freedom of Information and UK Finance.

John Edwards, UK Information Commissioner said:

“My most important objective is to safeguard and empower people, by upholding their information rights. Empowering people to confidently share their information to use the products and services that drive our economy and society.

“My office will focus our resources where we see data protection issues are disproportionately affecting already vulnerable or disadvantaged groups. The impact that we can have on people’s lives is the measure of our success. This is what modern data protection looks like, and it is what modern regulation looks like.”

Behind the screens: ICO calls for review into use of private email and messaging apps within government - 12 July 2022

Yesterday (11 July), a report was laid in government where we called for a review into the systemic risks and areas for improvement around the use of private correspondence channels within DHSC.

The full story was covered by The Times, Sky News, Mail, BBC, IT Pro, The Guardian, Forbes, Computing, MSN, UK Authority and PA.

On social media, the story received supportive feedback from stakeholders including Campaign for FOI.

John Edwards, UK Information Commissioner, said:

“Public officials should be able to show their workings, for both record keeping purposes and to maintain public confidence. That is how trust in those decisions is secured and lessons are learnt for the future.

“The broader point is making sure the Freedom of Information Act keeps working to ensure public authorities remain accountable to the people they serve.”

ICO and NCSC stand together against ransomware payments - 8 July 2022

In a joint letter to The Law Society and The Bar Council, ICO and the National Cyber Security Centre (NCSC) called on the legal sector to play their part in supporting online safety across the UK, stressing that law enforcement does not encourage, enforce or condone the payment of ransoms.

The story, which featured in The Telegraph, states that paying ransoms only incentivises criminals and does not guarantee the return of compromised data.

Coverage also included the Evening Standard, Shropshire Star, Legal Futures and Tech Monitor.

John Edwards, Information Commissioner, said:

“I want to work with the legal profession and NCSC to ensure that companies understand how we will consider cases and how they can take practical steps to safeguard themselves in a way that we will recognise in our response should the worst happen.”  

Working more effectively with public authorities – 1 July 2022

The Guardian, Civil Service World and Computer Weekly reported on our revised approach to working more effectively with public authorities.

John Edwards, UK Information Commissioner, will use his discretion to reduce the impact of fines on the public sector. We will also work more proactively with public authorities to encourage compliance with data protection law and prevent harms before they happen.

This revised approach will be trialled over the next two years and is just one of the initiatives that will be set out in the coming weeks as part of ICO25 – the ICO’s new three-year strategic vision.

In his open letter, John Edwards said:

"For the next two years the ICO will also be trialling an approach that will see a greater use of my discretion to reduce the impact of fines on the public. In practice this will mean an increase in public reprimands and the use of my wider powers, including enforcement notices, with fines only issued in the most egregious cases.

"However, the ICO will continue to investigate data breaches in the same way and will follow up with organisations to ensure the required improvements are made. We will also do more to publicise these cases, sharing the value of the fine that would have been levied, so there is wider learning."

Taking action against nuisance calls - 29 June 2022

The Daily Mail published a story today about nuisance calls and how the UK Government has proposed to increase fines to organisations that breach the Privacy and Electronic Communications Regulations (PECR), which aim to prevent companies contacting people for marketing purposes without consent.

It is proposed that our power to fine companies will increase from the current maximum of £500,000 to up to four per cent global turnover or £17.5 million, whichever is greater.

Our work in this area has been more active than ever. Since May 2021, we have issued 37 fines for a total of £3.04 million to companies for nuisance calls and messages.

Natasha Longson, ICO Acting Head of Investigations, said:

“Nuisance calls, texts and emails made by rogue operators blight people’s lives. It’s our job to take action against firms that break the law and we have the powers to fine them.

“We rely on the public to report spam calls, texts and emails to us so we can track down illegal operators but people can also protect themselves. Be careful when ticking boxes so that you don’t give consent for companies to contact you or to use and share your information. You can also sign up to the Telephone Preference Service using your landline or your mobile phone number.

“If you do get nuisance calls or texts from firms, ask them to stop. If they don’t, report them to us using our online reporting tool.”

View advice on how to protect yourself from nuisance calls and texts.

Government's proposed reforms to data protection law – 21 June 2022

The BBC, Daily Mail, The Guardian and Independent have covered the government’s announcement on the upcoming Data Reform Bill.

Responding to the government’s proposals, UK Information Commissioner, John Edwards said:

“I share and support the ambition of these reforms.

“I am pleased to see the government has taken our concerns about independence on board. Data protection law needs to give people confidence to share their information to use the products and services that power our economy and society. The proposed changes will ensure my office can continue to operate as a trusted, fair and impartial regulator, and enable us to be more flexible and target our action in response to the greatest harms.

“We look forward to continuing to work constructively with the government as the proposals are progressed and will continue to monitor how these reforms are expressed in the Bill.”

Our work to recover fines - 15 June 2022

The New Statesman published a story about our fines issued since 2017.

We can issue fines under the Data Protection Act 2018, which sets out the obligations for organisations using personal data in the UK, and under the Privacy and Electronic Communications Regulations (PECR), which sets out the rules around marketing by electronic means, including marketing calls, texts, emails and faxes.

Here’s our statement:

An ICO spokesperson said:

“The ICO has robust but fair approach when recovering fines, providing payment plans where debtors are in genuine financial hardship. However, where we identify organisations that can pay but won’t pay, we will pursue formal recovery action which can result in insolvency. Equally, where directors seek to avoid payment via insolvency we actively exercise our full rights as a creditor, including nominating Insolvency Practitioners whose investigations can result in personal claims against directors.

“Formal debt recovery via insolvency can be complex and take several years to conclude so whilst it may appear that no money has been recovered, action is still actually ongoing. We also work closely with other enforcement agencies to disrupt and obstruct seriously non-compliant directors who for example, may persist in continuing to make nuisance calls or send unsolicited spam despite our fine. This can result in directors being disqualified and further civil action or criminal prosecutions.”

Find out more about our work to recover fines.

“Who’s under investigation?” - Commissioner’s Opinion on excessive collection of personal information from victims of rape and serious sexual assault – 6 June 2022

The Opinion received widespread media coverage including the Commissioner being interviewed live on BBC Breakfast News, the Today programme and LBC news channel. The Commissioner was also interviewed on Sky, Channel 4 and 5 news. The Opinion also featured in a number of publications including The Daily Telegraph, The Times, The Guardian, Daily Mail, Glamour magazine and policing trade press.

The Commissioner’s Opinion, published on 31 May 2022, called for an end of the “digital strip search” when victims of rape or serious sexual assault report attacks to the police. The Commissioner said that the police should immediately stop asking victims to consent to handing over excessive amounts of personal information. Known as the ‘Stafford statement’ in England and Wales, this gives police access to victim’s information that can include school, medical and social service records.

The Commissioner’s recommendations received support from a number of victims and policing representative bodies including Rape Crisis England & Wales, London’s Victims’ Commissioner, Refuge, the National Police Chief’s Council and the Association of Police and Crime Commissioners.

John Edwards, UK Information Commissioner said:

“Our investigation reveals an upsetting picture of how victims of rape and serious sexual assault feel treated. Victims are being treated as suspects, and people feel revictimised by a system they expect to support them.

“Change is required to rebuild trust that will enable more victims to seek the justice to which they’re entitled.

“This work brings home why we do what we do at the ICO. This Opinion isn’t about data protection and data processing, it is about relationships, trust, human rights and human dignity.”

This work builds on the ICO’s previous work on Mobile Phone Extraction by police forces when conducting criminal investigations

You can read the Commissioner’s Opinion on our website.

You can read the press release on our website.

You can read about our previous work on mobile phone extraction on our website.

Tackling global privacy harms with international cooperation – 26 May 2022

There has been widespread coverage in the media, including in The Guardian, Daily Mail and Sky News about our enforcement action against Clearview AI Inc.

We fined Clearview AI Inc £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.

We also ordered the company to stop obtaining and using the personal data of UK residents that is publicly available on the internet, and to delete the data of UK residents from its systems.

Watch our video of how Clearview AI Inc operates.

While at the Computers, Privacy and Data Protection conference in Brussels, UK Information Commissioner John Edwards highlighted the importance of international collaboration to tackle global privacy harms.

In a speech at the UK Ambassador's Residence in Brussels, John Edwards said:

"This world of globalised digital industry requires coordinated enforcement. Coordinated across DPAs, such as in the case of the Clearview facial recognition case I concluded yesterday. That was an investigation conducted in collaboration with my Australian counterpart.

"But also coordinated across disciplines. It is increasingly important that regulators concerned with different aspects of the digital ecosystem are able to work together to achieve optimal outcomes for consumers."

You can read John Edwards' full speech on our website.

Our approach to promoting our Freedom of Information work - 20 May 2022

The Campaign for FOI published an analysis of the ICO’s public statements about Freedom of Information issues

Our full response is below.

ICO spokesperson said:

“The FOI Act plays a vital role helping public authorities maintain public trust by being transparent and accountable to the people they serve. We have focused on providing regular updates to support public authorities operating in a challenging environment. This is alongside the wider engagement work and advice we provide to public authorities on a daily basis. Our FOI work remains a key priority for the new Information Commissioner. We are looking at how we can further promote our activities in this area in the future.”

We have also published a blog by Warren Seddon, Director of FOI and Transparency, on our work with the FOI community.

Reflecting on a year of regulator collaboration in the DRCF – 29 April 2022

We are not the only regulator with an interest in the digital world - the CMA, Ofcom and FCA also have a role to play. We work together as the Digital Regulator Cooperation Forum (DRCF) to coordinate our regulation of the digital world more efficiently and achieve better outcomes for consumers.

Yesterday we published details of our work for the coming year and Gill Whitehead, the CEO of the DRCF, did her first interview in the Financial Times.

While the first year was about setting up the forum, there has also been some good research – notably building on our existing understanding of algorithms. ITPro highlighted some of this work, and our joint call for industry input on how algorithms can be effectively audited and assured by regulators, users and third parties.

We are now looking forward to carrying out 2022/23 workplan with the other regulators in the DRCF. We’ll be working closely with Ofcom on protecting children online and with the CMA on the privacy and competition implications of online advertising.

ICO response to Channel 4 ‘Inside the Metaverse’ documentary – 27 April 2022

A recent C4 Dispatches - Inside the Metaverse looked at the metaverse and how the platforms enforce against users that act inappropriately. The programme showed examples of racist and sexually explicit behaviour, including actions targeted at children. Issues raised are likely to be covered by the Online Safety Bill however we are assessing data protection risks of these new technologies.

An ICO spokesperson said:

“Online services and products that use personal data and are likely to be accessed by children are required to comply with the standards of our Children’s Code. Services must take proportionate steps to assess the age of users and provide high default privacy settings for children or, alternatively, apply the code’s standards to all users.

“We are continuing to assess the data protection risks associated with the deployment of new and emerging immersive technologies, like virtual and augmented reality, as well as the interaction between privacy and online safety in this area. Parents and children who have concerns about how their data is being handled can complain to us at the ICO.”

Conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC – 19 April 2022

The ICO found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC). 

The national press, including The Guardian, Sky News and The Sun, covered the conclusion of the investigation. 

The leaked CCTV images showed the former Secretary of State for Health and Social Care, Matthew Hancock MP, and his former aide, Gina Coladangelo. 

We launched a criminal investigation after we received a report of a personal data breach from DHSC’s CCTV operator, EMCOR Group plc. 

Given the seriousness of the report and the wider implications it potentially had for the security of information across government, the ICO had a legal duty to carry out an impartial assessment of the evidence available to determine if there had been a breach of the law. 

The investigation was never about a newspaper’s decision to publish the pictures.

Read our full statement.

Google revises its approach to cookies consent - 14 April 2022

Google is giving consumers more choice and control over how their data is tracked.

Stephen Bonner, ICO’s Executive Director of Regulatory Futures and Innovation said:

“We welcome news of Google’s revised approach to cookie consent. It’s a change we’ve been seeking through our ongoing discussions with Google and broader adtech work. The new ‘reject all’ option gives consumers greater control and balance of choice over the tracking of their online activity.

“There’s still a long way to go to address concerns around consent across the whole online advertising industry, but short term, we expect to see industry following Google’s lead to provide clearer choices for consumers. This is only a first step; current approaches to obtaining cookie consent need further revision in order to provide a smoother and increasingly privacy-friendly browsing experience.”

You can read more on our advice for companies developing or using online advertising technology in our Opinion.

Children's privacy and international collaboration - 11 April 2022

John Edwards, UK Information Commissioner, is in Washington DC this week to meet with regulators, civil society, lawmakers and tech companies, as well as present the work of the ICO at the IAPP Global Privacy Summit.

Ahead of the conference, Mr Edwards spoke with the Telegraph and the Wall Street Journal about the importance of international collaboration to drive higher data protection standards, and how our Children’s code can be used as a model for regulation so children around the world are protected online.

In an op-ed in the Telegraph, Mr Edwards said:

“The digital world is borderless, and so many of the online services children access are based outside of the UK. That is one of the reasons why I’m heading to Washington this week for the biggest international gathering to help protect people’s personal information.

“The more other countries require companies to protect children’s data, the more children in the UK are protected. And the UK has an opportunity to influence real change based on the world-leading code that we have developed.”

Your can read more about our Children’s code and our international work in a blog by Mr Edwards.

Statement in response to openDemocracy's letter – 7 April 2022

openDemocracy has issued an open letter about the Freedom of Information Act. This was picked up by The Guardian, The Daily Mail and Hold the Front Page. This is our response.

Information Commissioner John Edwards said:

“We acknowledge the concerns expressed in this letter. FOI plays an important part in civic engagement and holding public services to account, and we share the desire to see the law work effectively.

“The ICO’s role is to administer the law, and we always want to hear views that help us to understand where our role can be improved. I recognise the concern around timely access to information, and addressing this is a priority.

“We all benefit from a modern law, and I think there are suggestions in this letter that warrant further consideration. My office will be part of those discussions, though decisions about law reform are for Ministers and Parliament to make.”

John Edwards article in Civil Service World – 5 April 2022

Civil Service World have published an article by John Edwards, in which he discusses what he’s learned so far from his listening tour, and offers reassurance about the service that the ICO is looking to give to people and businesses.

Mr Edwards said:

“In my first three months, I’ve been meeting businesses, central and local government, and civil society groups from across the UK, learning more about what you’re looking for from us at the ICO.

I’ve learned that you’re concerned about the level of change that’s happened over the last few years. You spent 2017 and 2018 preparing for the arrival of GDPR. You spent 2019 adapting to the new law. And the next two years were dominated by the pandemic. 2022 was meant to be an easier year, but instead you are faced with a government promising a shake-up of UK data protection law, and a new information commissioner.

I want to reassure you that my focus is on bringing certainty in what the law requires of you and your organisations, and in how my office acts.”

One thing has already become clear for Mr Edwards since beginning his listening tour: that you want to be heard. The way to do this is by filling in our listening tour survey – we want a range of viewpoints from across the spectrum of people who we regulate and protect.

Fill in the survey here.

Data protection and COVID-19 – 28 March 2022

The FT ran a story today about how the hospitality sector felt the pressure of providing contact tracing details, while protecting people’s privacy, during the pandemic. Now that restrictions are being relaxed, the article says some businesses may be in doubt on what to do with the personal data collected.

Throughout the pandemic, we worked with the UK Government and devolved administrations, as well as industry stakeholders as new regulations came into force to ensure our guidance was relevant, taking into consideration the different approaches across the UK. We helped thousands of businesses that wanted to handle people’s data responsibly, through our guidance and our helpline.

We continue to offer support. With COVID-19 measures relaxing across the UK, we have set out some key points organisations need to consider around the use of personal information, including advice on how to securely dispose of any information that is no longer needed.

John Edwards speaks at IAPP London – 24 March 2022

The UK Information Commissioner, John Edwards, spoke with MLex and POLITICO ahead of his first speech at IAPP London.

ITPro and IAPP reported on Mr Edwards' speech, where he reassured the audience that his focus is on bringing certainty in what the law requires of businesses and organisations, and in how the regulator acts.

Mr Edwards said:

"Privacy, and data protection, are not values and rules imposed upon an unwilling populace by some external force. They are not burdens to be shucked off. They are laws that represent deeply ingrained features of the UK culture and legal system."

On data protection law reform, Mr Edwards said that a streamlined law that more effectively protects people’s rights should not put adequacy at risk. He said:

"Ultimately, the decision to grant adequacy rests with the EU, who must decide whether the data of its citizens enjoys the same level of protection in Manchester as it does in Munich. Given DCMS have committed to maintaining high standards of protection, I struggle to see how the legal protections will be less in Cardiff than is afforded to those in Copenhagen."

You can read and view Mr Edwards' speech on our website.

John Edwards discusses our work to tackle ‘predatory’ calls on BBC Radio 4 – You and Yours programme – 16 March 2022

The UK Information Commissioner, John Edwards, spoke on BBC Radio 4’s You and Yours programme at lunchtime today to discuss the ICO’s work to protect vulnerable people from ‘predatory’ marketing calls. The programme included an interview with Julie, from Yorkshire who highlighted the damaging impact one of the five companies fined in total £405,000 by the ICO today previously had on her brother’s life.

You can listen back to the full interview on the BBC Sounds app (starting 30:00). Today’s action by the ICO has also featured across a wide range of media outlets – including Sky News, the Daily Mail and the website of the consumer group Which?.

Find out more about today’s action on the news section of the ICO website. Announcing today’s action, John Edwards said:

“These are unlawful predatory marketing calls that were targeted at some of the most vulnerable members of our society and driven purely by financial gain.

“It is clear from the complaints we received that people felt frightened and distressed by the aggressive tactics of these companies, sometimes giving their financial details just so they could hang up the phone. This is unacceptable and clearly exploitative. It is only right that we take tough and prompt action to punish those companies responsible using our full powers.”

John Edwards Letter to the Editor, Financial Times – 11 March 2022

The FT has printed the following letter from John Edwards.

"Bolstering online security is timely advice as my office has seen a 19 per cent rise in reports of cyber security incidents involving people’s personal data over the past two years (“Cybersecurity: pa55word protectors”, Lex, March 3).

But while technical measures are an absolute priority, my experience is that many organisations need to take some of the more basic steps to protect people’s information.

My office’s stats show that a growing number of cyber attacks come from phishing, with emails looking to trick or persuade staff to share usernames and passwords. Measures such as multi-factor authentication help here, but up to date staff training is essential to spot and report phishing attempts.

This is an important area. People need to be confident their personal data will be treated with respect. If organisations do not keep data secure, they will lose both people’s confidence and business.

There is a wealth of guidance and advice available in this area, both from ourselves and the National Cyber Security Centre’s Cyber Essentials campaign.

People can take positive action here too: stronger passwords, not repeating, and taking the opportunity for two-factor authentication all have important roles to play.

John Edwards
UK Information Commissioner"

Smart video doorbells – 6 March 2022

We’ve built on previous coverage about the use of smart video doorbells and domestic CCTV by speaking to the Mail on Sunday’s You Magazine.

Our advice for the public is to keep it simple: limit what you film to your house boundaries, turn off the audio, and delete it when you don't need it anymore.

We have more guidance to help you if you have CCTV at home.

Cyber security vigilance – 4 March 2022

Information Commissioner John Edwards spoke to the Guardian about the importance of creating a culture of vigilance when it comes to cyber security.

His comments come as the UK’s National Cyber Security Centre urges organisations to strengthen their cyber resilience in response to the developing situation in Ukraine.

At the same time, the ICO has recorded a nearly 20% increase in reports of cyber security incidents involving people’s personal data over the past two years.

He said:

“Our experience is that many of the issues are preventable and getting the basics right is the first step.

“It’s not a question of do it once and forget about it. It’s about creating a culture of vigilance.

“My office’s stats show that a growing number of cyber attacks come from phishing, with emails looking to trick or persuade staff to share usernames and passwords. Measures such as multi factor authentication help here, but up-to-date staff training is essential to spot and report phishing attempts.

“Cyber security can seem intimidating but it doesn’t have to be. There’s a wealth of advice available including our practical guide to keeping your IT systems safe and secure as well as information from the National Cyber Security Centre and the Cyber Essentials campaign.”

Reprimand issued to the Scottish Government and NHS National Services Scotland – 2 March 2022

The Herald, Daily Record, The Scotsman and BBC have covered the ICO’s reprimand issued to the Scottish Government and NHS National Services Scotland over both organisations' failure to be upfront about NHS Scotland COVID Status app’s use of people’s details.

ICO Deputy Commissioner, Steve Wood, said:

“People need to be able to share their data and go about their lives with confidence that their privacy rights will be respected.

“The law enables responsible data sharing to protect public health. But public trust is key to making that work. When governments brought in COVID status schemes across the UK last year, it was vital that they were upfront with people about how their information was being used. The Scottish Government and NHS National Services Scotland have failed to do this with the NHS Scotland COVID Status app.

“We require both bodies to act now to give people clear information about what is happening with their data. If they don’t, we will consider further regulatory action. The ICO, including our office in Scotland, remains committed to working with both bodies to address these outstanding issues and ensure this learning is applied to future activities, including the development of any future government apps that store and use people’s information.”

You can read more about the reprimand on our news release.

John Edwards talks to the Telegraph – 23 February 2022

John Edwards was interviewed by the Telegraph about the opportunities for data regulation in the UK post-Brexit, while maintaining high standards of data protection. In the interview, Mr Edwards spoke about lightening the regulatory burden on business “while maintaining a very high and robust level of protection.” 

Mr Edwards said that data protection rules should not be “regulations for regulation’s sake”, telling the Telegraph:

“They are only there to help correct information asymmetries and power imbalances to help citizens make good choices in the world.”

The full article is available on the Telegraph website.

California introduces children’s online safety bill – 17 February 2022

Our Children’s code is already having an impact and making the internet a safer place for children.

The Financial Times, Washington Post and POLITICO have reported on the California State Assembly’s introduction of a new bill to protect children’s data online. The reports say the bill is modelled after the ICO Age appropriate design code.

View the statement from John Edwards, UK Information Commissioner.

John Edwards talks to Big Issue North – 7 February 2022

John Edwards is profiled in the latest edition of the Big Issue North, discussing the importance of privacy and freedom of information.

In a wide-ranging article, Mr Edwards reflects on how everyone is entitled to have personal data respected:

“One of the things I love about privacy is that it’s completely apolitical. It applies to everyone in the community, it’s democratic, it’s an unalienable fundamental human right.”

He also discusses engaging with ministers on proposed reforms to the ICO structure and data protection law, and the importance of the regulator acting to protect vulnerable people.

Discussing freedom of information, Mr Edwards states the importance of organisations seeing freedom of information as core business, not chore business and acknowledges critics' concerns about ensuring the law works effectively.

“FOI is so important to a functioning democracy. It gives people the basis for their civic engagement. It helps with the process of holding agencies to account. All of these things are indisputable.”

The full article is available on the Big Issue North website.

Online advertising technology – 3 February 2022

The Guardian’s TechScape newsletter gives an overview of recent discussions around cookies and online advertising, including Google’s plans to replace third party cookies with alternative technologies.

We have been highly active in this space.

In a Commissioner’s Opinion published last year, we set out clear data protection standards that companies must meet when developing online advertising technologies in order to safeguard people’s privacy. We have also intervened in other areas of the adtech industry.

We are currently working with the Competition and Markets Authority to review Google’s plans from a competition and privacy perspective. You can read more about this work here.

John Edwards talks to the Financial Times and Today programme - 28 January 2022

In his first media interviews since being appointed Information Commissioner, John Edwards talked about the opportunity the UK has to learn from the experiences of GDPR, and the global influence of the UK through initiatives like the Kids Code.

He also spoke about the importance of ensuring all of society can enjoy the benefits that big tech companies bring, by working with other regulators to minimise harms, and his commitment to creating certainty for business by making data protection easy.

He told the FT:

“Coming out of the EU does present considerable opportunities. The one-stop shop…is one area that GDPR has not worked as its designers would have hoped. We, as a single regulator, can be more fleet of foot, and in a fast-moving digital environment, that too is critical for innovation”

The piece goes on to cover John wanting a “sharp supervisory focus” on tech companies, and playing a “leadership role in the digital economy”, with the Kids Code a good example of how that can be achieved.

On data protection reforms, John adds:

“There’s positives in the proposed reforms. I think we can provide greater certainty and flexibility [to businesses] without putting at risk fundamental rights that people have in the UK.”

The full article is available on the Financial Times website.

You can listen to the Today interview on BBC Sounds, at 6:52am.

#NoPlaceToHide - Home Office backed campaign on end to end encryption (E2EE) involving tech companies – 21 January 2022

The Guardian and BBC cover the ICO’s response to a campaign calling for the roll-out of E2EE to be delayed until tech organisations can ensure the safety of their users. We’ve highlighted that the debate around E2EE should be balanced and consider benefits of the technology alongside any other issues.

Our full response:

Stephen Bonner, ICO’s Executive Director for Innovation and Technology said:

“The discussion on end-to-end encryption use is too unbalanced to make a wise and informed choice. There is too much focus on the costs without also weighing up the significant benefits.

“E2EE serves an important role both in safeguarding our privacy and online safety. It strengthens children's online safety by not allowing criminals and abusers to send them harmful content or access their pictures or location.

"It is also crucial for businesses, enabling them to share information securely and fosters consumer confidence in digital services.

“E2EE is seen by some to hinder the clamp down on child abusers because it leaves law enforcers blind to harmful content. But having access to encrypted content is not the only way to catch abusers. Law enforcers have other methods such as listening to reports of those targeted, infiltrating the groups planning these offences, using evidence from convicted abusers and their systems to identify other offenders.

“We are also seeing a range of other techniques and innovations available that can be used without accessing content to help stop abuse or catch those trying to harm. As an example, platforms are listening to teenagers' reports and limiting search results for anyone attempting unwanted contact.

“Government should continue to put the effort into maximising law enforcement and innovative techniques, such as the Safety Tech Challenge. Until we look properly at the consequences, it is hard to see any case for reconsidering the use of E2EE - delaying its use leaves everyone at risk, including children.

“We look forward to being a key participant in this crucial discussion.”

Which?'s research on Tinder - 21 January 2022

There has been widespread coverage in the media about Which?'s research on Tinder’s pricing structure.

Our full response:

An ICO spokesperson said:

“Organisations must use personal data lawfully, fairly and transparently. That means organisations must only use people’s data in ways they would reasonably expect, and be clear with people about why they need their personal data and what they will do with it.

“Which? has made us aware of this matter and we will assess the information provided.”

Using domestic CCTV – 17 January 2022

Our director Suzanne Gordon talked about domestic CCTV and video doorbells on BBC Morning Live. You can watch it on BBC iPlayer from 10 minutes into the 17 January programme broadcast.

Our advice for the public is to keep it simple: limit what you film to your house boundaries, turn off the audio, and delete it when you don't need it anymore.

We have more guidance to help you if you have CCTV at home.

Downing Street lockdown parties - 14 January 2022

Stories about Downing Street lockdown parties continue to run in the news including The Guardian, Independent, Mail Online and Evening Standard.

We’ve highlighted the rules around not deleting emails or texts that may be relevant to answer a Freedom of Information request.

Our full response:

An ICO spokesperson said:

“It is an important principle of government transparency and accountability that official records are kept of key actions and decisions.

“Relevant information that exists in the private correspondence channels of public authorities should be available and included in responses to information requests received. Erasing, destroying or concealing information within scope of a Freedom of Information request, with the intention of preventing its disclosure is a criminal offence under section 77 of the Freedom of Information Act.”

You can read more information here about official information held in non-corporate communications channels.

Response to concerns around virtual reality headsets - 12 January 2022

You may have read stories in the media recently about Meta’s Oculus virtual reality headsets and concerns around the way children can use them. Our Children’s code aims to protect children’s privacy online.

Here’s our full response.

An ICO spokesperson said:

“Online services and products that use personal data and are likely to be accessed by children are required to comply with the standards of our Children’s code.

“We are planning further discussions with Meta on its children’s privacy and data protection by design approaches to Oculus products and virtual reality services.

“Parents and children who have concerns about how their data is being handled can complain to us at the ICO.”

For more information on our Children’s code visit ico.org.uk/childrenscode.

Previous entries