Blog: Information Commissioner looks ahead to 2021

25 January 2021 While January is always a month for looking ahead, it feels like no discussions of plans for 2021, professionally or personally, are possible without the mention of lockdown, vaccinations or talk of when ‘all this is finished’. I expect that will also be true of my appearance before the DCMS Select Committee this week. But for all the challenges, I am pleased there is a positive story to tell about the ICO’s upcoming work. The ICO’s immediate focus remains supporting organisations through the impacts of COVID 19.…

Blog: Maintaining data flows for a digital world

Information Commissioner Elizabeth Denham looks at the data protection aspects of the recently agreed UK-EU trade agreement. 22 January 2021 The digital world has few borders. When a woman in Manchester watches a video clip on her phone, it’s likely that the delivery of that video clip content to her is because of personal data. She can be accessing content made anywhere in the world and targeted to her based on a personal profile, on an app designed in Japan, with her personal data held on servers in the US,…

Adtech investigation resumes | ICO

Simon McDougall, ICO Deputy Commissioner – Regulatory Innovation and Technology said: “In May 2020, we paused our investigation into real time bidding (RTB) and the adtech industry, as we prioritised activities responding to the COVID-19 pandemic. We have now resumed our investigation. “Enabling transparency and protecting vulnerable citizens are priorities for the ICO. The complex system of RTB can use people’s sensitive personal data to serve adverts and requires people’s explicit consent, which is not happening right now. “Sharing people’s data with potentially hundreds of companies, without properly assessing and…

ICO supports innovative data sharing projects to protect vulnerable people

The ICO Sandbox has selected three innovative data sharing services aimed at helping those who are vulnerable to online gambling harms, supporting ex-service men and women get the care they need, and a platform to help fight against cyber-criminals. The projects proposed by the Gambling Commission, by CDD Services and by Global Cyber Alliance demonstrate how data sharing can help deliver efficient services that support our communities, while protecting people’s privacy. Now in its third year, the ICO Sandbox is a free service designed to help organisations to explore new…

Motor industry employee sentenced in ICO Computer Misuse Act prosecution

A motor industry employee has been sentenced to eight months’ imprisonment, suspended for two years, in a prosecution brought by the Information Commissioner’s Office (ICO). Kim Doyle, who worked for the RAC, transferred personal data to an accident claims management firm without authorisation. Doyle, 33, pleaded guilty to charges of conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data, at a hearing in January 2020. She was sentenced at Manchester Crown Court on 8 January 2021. The court heard that Doyle compiled lists of…

Update to the joint statement on global privacy expectations of video teleconferencing companies

Open letter On 21 July 2020 the Information Commissioner’s Office (ICO) and five other data protection and privacy regulators from around the world jointly signed an open letter to companies providing video teleconferencing services. The letter recognised the value of video teleconferencing in keeping people connected, but set out concerns about whether privacy safeguards are keeping pace with increased risks from the sharp uptake of these services during the current pandemic. The joint signatories provided video teleconferencing companies with principles to guide them in addressing some key privacy risks. The…

UK organisations using SolarWinds Orion platform should check whether personal data has been affected

SolarWinds was the victim of a cyber-attack where a vulnerability was inserted into its Orion platform. Organisations using the compromised Orion platform could potentially have allowed an attacker to move into other parts of its IT Network and systems and breach personal data. What should organisations do? Organisations should immediately check whether they are using a version of the software that has been compromised. These are versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1. SolarWinds has provided detailed instructions to allow its customers to determine…

ICO calls on UK businesses to prepare to keep data flowing at the end of the transition period

The Information Commissioner (ICO) is calling on the UK’s businesses to check whether they are impacted by data protection law before the end of the UK’s transition period with the EU on 31 December. Businesses and organisations that are affected need to take steps to ensure that data can continue to flow from the EU lawfully from 1 January. The ICO is urging businesses to visit its website – ico.org.uk/keepdataflowing – to view guidance and resources on the actions they may need to take if they use personal data. Research…

Six things to consider when using algorithms for employment decisions

18 December 2020 When developed and used responsibly, algorithms can transform society for the better. But there is also significant risk that algorithms can exacerbate issues of fairness and inequality. This often impacts the most vulnerable or marginalised people.  Algorithms do not just impact society; society also impacts the use of algorithms. This year two significant global events could lead to important changes in the use of algorithms for employment-based decision-making. First, with many people losing their jobs due to the Covid-19 pandemic, more people will be applying for limited…