The ICO exists to empower you through information.

We are marking our 40th anniversary by launching a digital exhibition telling the story of the most important moments in privacy and information rights over the past four decades.

Our lives, our privacy: the 40 items that shaped 40 years of privacy rights showcases key objects – from lawn aerator shoes to mobile phones to the Tesco Clubcard – that represent how our relationship with privacy has evolved since 1984 through cultural, societal, political and technological changes, and how the regulator has evolved with it. 

Recognising that privacy is personal and reflects people’s lived experiences, the ICO has left the “final plinth” empty and is encouraging people to put forward an object representing what privacy means to them. 

The exhibition, which launches today, and will open in physical form at Manchester Central Library next April, covers four main themes: data sharing; freedom of information; action we have taken to enforce and protect the public’s rights and how technology has affected privacy.

John Edwards, the Information Commissioner, said:

“Information rights are fundamental human rights. They give us control over our lives and the information we wish to share, and empower us to question and hold our public authorities to account. I have my own personal experience of this: helping people – including in my own family - exercise their information rights which exposed the scandal of abuse of children in the New Zealand mental health system in the 1970s. The result – payment of compensation, the issuing of apologies to those affected and the establishment of a Royal Commission looking at abuse in state care – showed the true power of our rights. 

“Put simply, our information rights allow us to live freely and protect us from harm.

“The explosion of technology over the past four decades has changed and challenged our relationship with what is private and what isn’t in ways we could never have imagined – but as tech has evolved, so too have the protections put in place by the law. The ICO has been on the frontline of upholding those rights for the last forty years.

“Our exhibition – “our lives, our privacy” showcases 40 items that have shaped 40 years of information rights. We all recognise the opportunities and challenges that items like smartphones and smart devices bring but items like school dinner trays, Covid face masks, football shirts and food hygiene ratings have just as much of a privacy and information rights story to tell, often with the ICO at the centre of them.”

A history of privacy

Data sharing brings great benefits enabling society to build knowledge and find more efficient ways of doing things. But this information must be kept safe, used responsibly and only for the reasons we understand it to be used. In 2007, HMRC lost the personal information of all UK families claiming child benefit, when it posted two CDs to another government department. The CDs were never found and the data loss affected 25 million people. It was a stark reminder of the duty on all organisations to keep information safe and secure. The incident led to the ICO being given stronger powers and the ability to issue fines. 

In November 2000, the UK passed its first freedom of information law giving everyone the legal right to question public authorities. Perhaps the most famous use came in 2009, after the ICO ordered Parliament to disclose information it had been asked for about MPs’ expenses. The disclosure and subsequent public outcry over what was being claimed had huge repercussions, including prison sentences for some, and led to the creation of the Independent Parliamentary Standards Authority. This ended the self-regulation of MPs’ pay and expenses. 

Over the past 40 years, we have taken action against many companies variously breaking the laws it regulates, from nuisance marketing calls to data breaches. But the ICO has also been at the forefront of investigations affecting democracy and society. Cambridge Analytica is one such example. It spawned a Netflix documentary, a TV dramatisation and political enquiries in both the House of Commons and the American Congress. Our investigation into this story was the largest of its type by any data protection authority and involved online social media platforms, data brokers, analytics firms, academic institutions and all the major UK political parties. The scandal sparked an increased public interest in privacy and how the information that we give away may reveal more than we intend. 

Technology has changed the world and we now live digitally. Widespread internet availability allowed us to share our personal information across the world instantly. Smartphones placed powerful, pocket-sized PCs in the palm of our hands and the discovery of genetic fingerprinting transformed criminal investigations. The ICO has remained at the forefront of this technology revolution producing emerging technology reports, holding tech companies to account, issuing guidance to organisations, tips for buyers when purchasing new tech, publishing a world-first Children’s code requiring online companies to design their platforms with the best interests of children and more. 

The world is starkly different today than in 1984 and people’s rights are stronger than ever. The ICO will continue to uphold these rights, as the world around us continues to evolve.

Notes to editors
  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator that exists to empower people through their information rights. The ICO regulates the whole economy, including government and the public sector.
  2. Established in 1984 as the Data Protection Registrar, from 2000 known as the Data Protection Commissioner and from 2001 the Information Commissioner’s Office, the regulator has grown to a staff of over 1,000 with five offices based in Belfast, Cardiff, Edinburgh, London and the head office in Wilmslow (Cheshire).
  3. The ICO has been led by:
    • Eric Howe CBE, Data Protection Registrar 1984-1994.
    • Elizabeth France CBE, Data Protection Registrar / Data Protection Commissioner 1994-2002.
    • Richard Thomas CBE, Information Commissioner 2002-2009.
    • Christopher Graham, Information Commissioner 2009-2016.
    • Elizabeth Denham CBE, Information Commissioner 2016-2021.
    • John Edwards, Information Commissioner 2022 to date.
  4. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  5. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  6. To report a concern to the ICO call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.