Data protection is an enabler for trust and confidence in the implementation of digital identity systems

A blog by Steve Wood, Deputy Commissioner (Executive Director, Regulatory Strategy) 22 April 2021 Digital identity systems have started to come of age, driven by the opportunities and challenges of the digital economy and public services. The public need safe and secure ways to establish their identity in light of the reality of how digital services work in their daily lives. Such systems need to recognise the risks of fraud and security that exist at present, such as through the continued reliance on paper records. Inspiring trust and confidence in…

How the ICO Innovation Hub is enabling innovation and economic growth through cross-regulatory collaboration

The COVID-19 pandemic has changed work for so many of us around the world; forcing innovation and new ways of working. And that’s just as true for regulators – we’ve had to adapt to develop new ways to support organisations. The Innovation Hub participated in the Financial Conduct Authority’s (FCA) Virtual Women’s Economic Empowerment TechSprint, providing advice and expertise on real life applications of data protection law. As this was a virtual cross-regulatory TechSprint, there were a host of novel challenges. For instance; how do you replicate the informal conversations…

Blog: Data Protection law can help create public trust and confidence around COVID-status certification schemes

A blog from Elizabeth Denham, Information Commissioner 26 March 2021 From contact tracing apps to temperature checks at airports, from businesses recording customers’ details to organisations sharing health data to help the vulnerable, it is clear that the responsible use of personal data has been vital in responding to the COVID-19 pandemic. Public trust has been at the heart of each of these projects, and I am pleased that the ICO has been able to help organisations earn that trust by providing pragmatic advice to ensure data is used in a…

Blog: Building on the data sharing code – our plans for updating our anonymisation guidance

A blog by Ali Shah, Head of Technology Policy 19 March 2021 Data is the lifeblood of the digital economy, and the sharing of personal data is key to opening up new opportunities. Data shared in healthcare environments can map out trends and provide new insights to improve patient care, while in the financial sector, data sharing can help to protect against money laundering and ensure individuals are protected from fraud. In our experience, organisations want to use and share data in a safe and legally compliant way, but can…

Blog: Supporting UK democracy through data protection with new political campaigning guidance

A blog from Elizabeth Denham, Information Commissioner 9 March 2021 In a year where the challenges of the pandemic have prompted digital innovation in so many aspects of our lives, it is no surprise that campaigning for the upcoming elections in England, Scotland and Wales will be a little different. Electoral Commission data has already shown a rapid acceleration in the use of digital political advertising over the past five years. The limitations on traditional door-to-door canvassing and static advertising due to the pandemic will make technological approaches even more…

ICO fines firms for sending more than 2.7 million spam text messages during the pandemic

Two separate companies that sent nuisance text messages during the Covid-19 pandemic have been fined a total of £330,000 by the Information Commissioner’s Office (ICO). Messages from one of the firms prompted a record 10,000 complaints. Leads Works Ltd The ICO has fined West Sussex-based Leads Works Ltd £250,000 for sending more than 2.6 million nuisance text messages to customers without their valid consent. The messages, sent between 16 May and 26 June 2020, resulted in over 10,000 complaints. Andy Curry, ICO Head of Investigations, said: “The number of complaints we’ve…

From facial recognition technology to children online: regulating data protection in 2021

Original script may differ from delivered version. As you have heard, I was due to deliver this lecture in person, twelve months ago. March 2020 felt like a perfect time to talk with you about my office’s work. It felt like data privacy had become mainstream, and that my work was more relevant than ever. Little did I know what the next year would bring. Contact tracing apps. Health data stats headlining the news. Temperature checking at airports. Businesses recording the details of every customer. Employers wanting to know the…

ICO urges businesses to act now as Children’s Code comes into force in six months

Initial findings from industry research set up by the Information Commissioner’s Office (ICO) show that three quarters of businesses surveyed are aware of the Children’s Code. Some 500 services and businesses were part of a survey to gauge understanding of the code, and the opportunities and challenges that it may present to organisations. The full findings will be published in May but initial analysis shows businesses are still in the preparation stages. And with just six months to go until the code comes into force, the ICO is urging organisations…

Guest blog: Working for a regulator like the ICO

01 March 2021 If you work in digital technology, as a researcher, software developer, or designer, you have probably considered the impact of what you are building on rights, freedoms, and the public interest. Navigating this complicated terrain requires a mixture of people with different skills and experience including legal, policy, and technology expertise. But as increasingly complex technologies and data flows are integrated into consequential decisions in society, there is a greater need for technologists to explain technology and highlight where engineering and design choices will create significant impacts…

ICO statement in response to the publication of a draft adequacy decision from the European Commission

The European Commission has today published its draft UK adequacy decisions. If adopted these decisions will allow for continued free flow of personal data from the EU into the UK. As well as its decision under the General Data Protection Regulation (GDPR), the EU also published another draft decision for personal data related to law enforcement. The adequacy decisions are now with the European Data Protection Board (EDPB) who will deliver an opinion to the European Commission and representatives from the EU member states. During this process, UK businesses and…