Category: ICO

14 million people don’t know how to erase their data from an old device

New figures reveal that three in 10 UK adults (29%) don’t know how to wipe their personal information from an old device or tech product. With the festive period looming, over a quarter (27%) of UK adults are planning to treat themselves to a new device this Christmas. However, our latest poll found that the average Brit has three unused devices sitting at home. Three-quarters (75%) of people have held onto at least one old device, with a fifth (20%) having done so because they are worried about their personal…

Our response to Google’s policy change on fingerprinting

Stephen Almond is the ICO’s executive director of regulatory risk. Yesterday, Google announced to organisations that use its advertising products, that from 16 February 2025, it will no longer prohibit them from employing fingerprinting techniques. Our response is clear: businesses do not have free rein to use fingerprinting as they please. Like all advertising technology, it must be lawfully and transparently deployed – and if it is not, the ICO will act. Fingerprinting involves the collection of pieces of information about a device’s software or hardware, which, when combined, can…

Update on changes to our services for businesses

In October, we announced that we were piloting a new approach to providing business advice as part of our commitment to modernising our services and investing in tools that give businesses better access to support. Instead of calling our helpline, we encouraged businesses to use the growing range of resources available on our website to get the certainty they needed on any data protection concerns. We have kept this approach under review and gathered feedback to ensure our offer is meeting the needs of businesses, whatever their size. While our…

Transparency must be the default position for water companies

    Warren Seddon is the Director of FOI at the ICO Public interest in water companies is higher than ever, with firms across the UK facing scrutiny over sewage discharges into lakes, rivers and the sea. Concerns about sewage pollution are mounting, as people have no choice but to rely on these companies. The lack of readily available information and the reticence of water companies to disclose information about their activities has significantly dented the public’s confidence. While water companies are only subject to the Freedom of Information Act…

Water companies asked to publish sewage discharge data

We are calling on all water companies to proactively publish information relating to sewage discharges each month. Water companies have a legal obligation to make information about the environment available under the Environmental Information Regulations (EIR), both proactively and if requested by the public. Earlier this year, the UK Information Commissioner John Edwards wrote to 12 water companies, urging them to put transparency first and encouraging them to proactively publish the start and stop times of sewage discharges. So far, only two water companies, Yorkshire Water and South West Water,…

Generative AI developers, it’s time to tell people how you’re using their information

Stephen Almond is the ICO’s executive director of regulatory risk. In January we launched our consultation series on data protection in generative AI, receiving over 200 quality responses from stakeholders. We are today publishing our outcomes report which details our policy positions on generative AI and sets out what further work is still needed by industry. We looked at five areas which resulted in us refining our position in two key areas: the lawful basis for web scraped data to train generative AI models and the engineering of individual rights into…

Rogue companies receive fines totalling £290k for making millions of nuisance calls

Bolton-based Breathe Services Ltd fined £170,000 for making over 4 million unlawful direct marketing calls Oldham-based Money Bubble Ltd fined £120,000 for making over 168,000 unlawful calls We have fined two companies, based in Greater Manchester, a total of £290k and issued them both with enforcement notices after they were found to have made numerous nuisance phone calls to people – who’d opted out of receiving marketing calls – attempting to sell them life insurance and debt management solutions. Breathe Services Ltd (BSL), a debt advice company based in Bolton,…

Manchester employee handed suspended prison sentence for illegally accessing personal information

A motor insurance worker who unlawfully accessed personal information has been handed a suspended prison sentence after an investigation by the Information Commissioner’s Office. Rizwan Manjra, 44, from Bolton, led a team dealing with accident claims for Markerstudy Insurance Services Limited (MISL), based in the Arndale Centre in Manchester city centre. His unlawful conduct was discovered after MISL reported to the ICO that it suspected an employee was unlawfully accessing its systems. Concerns were raised by third party insurers that MISL worked with, relating to 185 claims. The insurers became…

ICO takes regulatory action against four public authorities under the FOI Act

We have taken action against four public authorities for continued failings to meet their obligations under the Freedom of Information Act (FOIA).  City of London Police has been issued with an enforcement notice for its FOI failings. Staffordshire Police, Dorset Police and Goldsmiths, University of London have been given practice recommendations setting out improvements they can make to better comply with their legal obligations under FOIA.   ICO Head of FOI Complaints and Appeals, Phillip Angell, said: “People have the legal right to promptly receive information they’re entitled to. This…

Statement on the public sector approach

Two years ago, I set out my vision of working more effectively with public authorities across the UK so they could better protect people’s information, while transforming public services and improving outcomes for their communities. I introduced a two-year trial of an approach where we would work proactively with senior leaders across the public sector to encourage data protection compliance, prevent harms before they occur and learn lessons when things have gone wrong. I wanted my office to be part of the conversations early on, instead of being on the…