Information Commissioner encourages disclosure of fire safety information in light of the Grenfell Tower tragedy

By Elizabeth Denham, Information Commissioner.

In the wake of tragedies like the Grenfell Tower fire, public bodies are forced to look at all aspects of their roles and responsibilities.

They take a critical look at how they do things and evaluate how their practices can be improved.

My office is concerned with transparency. As the independent regulator of the Freedom of Information Act, my job is to ensure people have easy access to records they are entitled to see.

Continue reading

Posted in Elizabeth Denham | Tagged | 4 Comments

When is a breach not a breach?

By Steve Eckersley, Head of Enforcement.

cctv-blogThe ICO has ruled that Virgin Trains East Coast did not break data protection law when it published CCTV footage of Jeremy Corbyn looking for a seat on a service from London.

But the company did breach the law when it published images of other passengers on the same service. The ICO found that Virgin should have taken better care to obscure the faces of other people on the train. Publication of their images was unfair and a breach of the first principle of the Data Protection Act.

Continue reading

Posted in Steve Eckersley | Tagged , | 3 Comments

Subject access policy updated after court rulings on disproportionate effort

By Vivienne Adams, Senior Policy Officer.


As July arrives and brings with it summer (albeit a damp version of it here in Wilmslow so far), there are now fewer than 11 months until the arrival of the much-heralded GDPR.

As you can imagine, that means a busy time in the policy team, working on the guidance to help organisations understand the new law. But while there’s plenty of work still to do there, our work on guidance for the Data Protection Act (DPA) doesn’t stop. Continue reading

Posted in ICO, Vivienne Adams | Leave a comment

Four lessons NHS Trusts can learn from the Royal Free case

By Elizabeth Denham, Information Commissioner.


Today my office has announced that the Royal Free London NHS Foundation Trust did not comply with the Data Protection Act when it turned over the sensitive medical data of around 1.6 million patients to Google DeepMind, a private sector firm, as part of a clinical safety initiative. As a result of our investigation, the Trust has been asked to sign an undertaking committing it to changes to ensure it is acting in accordance with the law, and we’ll be working with them to make sure that happens. Continue reading

Posted in Elizabeth Denham, ICO | 2 Comments

The ICO Grants Programme and why the time is right to support independent research

“Once you stop learning, you start dying.”

So said Albert Einstein, and while the school year may be nearing its end and university students are already returning home for the summer, we at the ICO have launched our first ever Grants Programme for new, independent research into data protection and privacy enhancing solutions, and we believe it is a genuinely exciting development. Continue reading

Posted in ICO, Steve Wood | Tagged | Leave a comment

Interesting times, and how we navigate them

By Elizabeth Denham, Information Commissioner.

Interesting times, and how we navigate them

I remember hearing my predecessor talk about a Chinese saying “may you live in interesting times”.

I think it’s fair to say we’re living in them!

My term in office is five years, and it’s abundantly clear to me as the first year draws to a close, ‘interesting times’ will be a recurring theme of my term. GDPR, Brexit, and whatever follows those two. Add to that a general election too. Continue reading

Posted in Elizabeth Denham | Tagged , , , | 1 Comment

The Information Commissioner opens a formal investigation into the use of data analytics for political purposes

By Elizabeth Denham, Information Commissioner.

data-political-purposes-blogIn March we announced we were conducting an assessment of the data protection risks arising from the use of data analytics, including for political purposes.

Engagement with the electorate is vital to the democratic process. Given the big data revolution it is understandable that political campaigns are exploring the potential of advanced data analysis tools to help win votes. The public have the right to expect that this takes place in accordance with the law as it relates to data protection and electronic marketing. Continue reading

Posted in Elizabeth Denham | Tagged , , , | 1 Comment

Draft GDPR Consent guidance receives a significant response

By Jo Pedder, Interim Head of Policy and Engagement.

gdpr-12-steps-to-take-nowThe issue of consent surrounding the use of data has proved to be increasingly high-profile recently – and that has been reflected in the large number of responses to our draft GDPR Consent guidance.

I previously announced back in early March that we were running a public consultation on our first piece of detailed, topic-specific GDPR guidance as we were interested in gaining your feedback on our draft.

The consultation is now closed and we received more than 300 responses from organisations across a variety of sectors, along with interested members of the public.

Continue reading

Posted in Jo Pedder | Tagged , , , | Leave a comment

Profiling under the GDPR: feedback request

By Jo Pedder, Interim Head of Policy and Engagement.

Imagine a friend tells you about a holiday deal. You go online to book the same deal but you cannot see it on the website. Unbeknown to you, behind the scenes an algorithm has analysed where you live, your age, gender, occupation, online activity and more and decided you wouldn’t be interested.

This is called profiling. Continue reading

Posted in Jo Pedder | Tagged , , | Leave a comment

ePrivacy reform: Privacy and electronic communications regulations (PECR) under review

By Jo Pedder, Interim Head of Policy and Engagement.

While preparations for the GDPR dominate the headlines, it’s not the only change for the digital economy. As technology evolves at a phenomenal rate, the laws that govern internet-based services are moving at an equally rapid pace.

The next piece of legislation in line for an overhaul is the European directive that forms the basis of the Privacy and Electronic Communications Regulations (PECR). Continue reading

Posted in Jo Pedder | Tagged , , , | Leave a comment