Profiling under the GDPR: feedback request

By Jo Pedder, Interim Head of Policy and Engagement.

Imagine a friend tells you about a holiday deal. You go online to book the same deal but you cannot see it on the website. Unbeknown to you, behind the scenes an algorithm has analysed where you live, your age, gender, occupation, online activity and more and decided you wouldn’t be interested.

This is called profiling. Continue reading

Posted in Jo Pedder | Tagged , , | Leave a comment

ePrivacy reform: Privacy and electronic communications regulations (PECR) under review

By Jo Pedder, Interim Head of Policy and Engagement.

While preparations for the GDPR dominate the headlines, it’s not the only change for the digital economy. As technology evolves at a phenomenal rate, the laws that govern internet-based services are moving at an equally rapid pace.

The next piece of legislation in line for an overhaul is the European directive that forms the basis of the Privacy and Electronic Communications Regulations (PECR). Continue reading

Posted in Jo Pedder | Tagged , , , | Leave a comment

Garages, new homes and old offices: the records management mistakes that put health records at risk

By Leanne Doherty, Group Manager.

When Cabinet Office Minister Ben Gummer announced the government was spending £1.9bn on UK cyber security, he highlighted health data as needing strong protection.

But while money is (rightly) invested in hi-tech cyber security solutions in the health sector, our experience is that data breaches in the sector are often caused by far more basic mistakes.

Indeed, a quick look through the health cases seen by the ICO enforcement team suggests work to do around garages and decommissioning as well as gigabytes and denial of service attacks.

Continue reading

Posted in Leanne Doherty | Tagged , | Leave a comment

Information Governance Survey: What councils need to do now

By Anulka Clarke, ICO Head of Good Practice.

Local Government Information Governance Survey

We’re here to help local councils comply with the Data Protection Act and get ready for the new General Data Protection Regulation (GDPR) coming into force from May 2018.

The ICO’s Good Practice department conducted a survey at the end of last year to find out more about information governance practices in local government. It received 173 responses. We already knew from our work with councils that there are some positive measures in place at local authorities but wanted to find out more about patterns of existing practices. Continue reading

Posted in Anulka Clarke | Tagged , , , , | Leave a comment

AI, machine learning and personal data

By Jo Pedder, Interim Head of Policy and Engagement.

AI, machine learning and personal data

Today sees the publication of the ICO’s updated paper on big data and data protection.

But why now? What’s changed in the two and a half years since we first visited this topic? Well, quite a lot actually:


Continue reading

Posted in Jo Pedder | Tagged , , , , , , , | Leave a comment

ICO guidance for consent in the GDPR

By Jo Pedder, Interim Head of Policy and Engagement.

gdpr-12-steps-to-take-nowBack in January I wrote about our plans for GDPR guidance in 2017 and our commitment to help organisations improve their practices and prepare for the GDPR.

I’m pleased to announce that our first piece of detailed topic-specific GDPR guidance has been published today for public consultation. This new guidance is about consent in the GDPR and we are interested to gain your feedback on it through a short consultation which is running from now until 31 March 2017.

The basic concept of consent, and its main role as one lawful basis (or condition) for processing, is not new. However the GDPR does set a high standard for consent. It builds on the Data Protection Act (DPA) standard of consent in a number of areas, and it contains significantly more detail on both the standard and processes for consent.

Continue reading

Posted in Jo Pedder | Tagged , , , | 1 Comment

Big data and the insurance sector

By Carl Wiper, Group Manager.

big-data-b-blogThe insurance sector is among those facing both the challenges and opportunities presented by the large volumes of data which are now available from sources such as social media.

How to benefit from this data explosion whilst respecting the rights of customers, maintaining people’s trust and complying with the law were the themes of an industry forum organised jointly by the ICO and Financial Conduct Authority.

The event was an opportunity for the two regulators to hear concerns and questions from the insurance sector and outline what they are doing to help.

Continue reading

Posted in ICO | Leave a comment

ICO International Strategy

By Elizabeth Denham, Information Commissioner.

international-c-blog You only need glance at your mobile phone to see how international data protection is today. Apps developed 5,000 miles away on America’s West Coast, following rules written 400 miles away in Brussels, in the palm of your hand to help you keep in touch with friends who live around the corner.

As a regulator and data protection authority, it’s important we have an international outlook. That’s long been the case, given the borderless nature of the digital economy, but it’s especially true today, as the UK reassesses its place in the world.

It’s an important context to consider as I set out what I want my office to achieve during my five year term as Information Commissioner. I expect to publish our information rights strategy in time for the new financial year, and it will have a clear international element.

Continue reading

Posted in Elizabeth Denham | Tagged , | Leave a comment

GDPR guidance in 2017

By Jo Pedder, Interim Head of Policy Delivery.


There’s nothing like a new year to focus the mind on self-improvement. And from a data protection perspective, there’s something about the arrival of 2017 that makes the implementation of GDPR in May 2018 seem so much closer.

The ICO remains committed to helping organisations to improve their practices and prepare for the GDPR. Today we’ve published an update setting out what guidance organisations can expect. It’s essential reading, as it will help you plan what areas to address across the next twelve months.

Continue reading

Posted in Jo Pedder | Tagged , , , , , , | 1 Comment