Regulator For Data Privacy Matters In The United Kingdom Publishes Annual Report

King & Spalding
Contact

On July 20, 2018, Elizabeth Denham, the Information Commissioner (“ICO”) for the United Kingdom (“UK”), released an Annual Report for 2017/18 (the “Report”). In the Report, the ICO commented that new laws and high profile investigations have helped put data protection and privacy at the centre of the UK public’s consciousness: “This is an important time for privacy rights, with a new legal framework and increased public interest. Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online.”

The Report makes interesting reading in terms of the UK regulator’s recent focus and areas of concern for enforcement purposes. In addition to outlining extensive work helping individuals and organizations prepare for the General Data Protection Regulation (“GDPR”), and providing expert advice to the Government during the passage of the Data Protection Act 2018 through Parliament (the UK’s GDPR implementing legislation), the Report confirms that the ICO also experienced “unprecedented demand for its casework on data protection and freedom of information.” Some of the highlights of the Report include:

  • A significant increase in data protection complaints (up 15%), self-reported breaches (up 30%) and freedom of information complaints (up 5%).
  • Another significant increase in telephone, live chat and written queries from the public and organisations, with new telephone services for small organisations and for self-reported breaches. In the final quarter the ICO had 30,000 more calls than in the previous three months.
  • The ICO issued the largest number and amount of civil monetary penalties in its history. This included 26 penalties totalling £3.28m for breaches of electronic marketing laws relating to nuisance calls and spam text messages, along with 10 enforcement notices and the execution of three search warrants.
  • The ICO issued eleven fines totalling £1.29 million for serious security failures under its previous legislation, the Data Protection Act 1998 (now repealed).
  • The ICO succeeded in a total of 19 criminal prosecutions resulting in 18 convictions - a further six cautions were issued and 11 search warrants were executed.

The Report illustrates a demonstrable increase in regulatory and enforcement activity by the ICO.  With this refreshed focus, and the new powers afforded to EU regulators under GDPR, we expect to see further increases in action taken by individuals and enforcement action taken by the ICO over the coming months and years. 

Also to be noted is that we continue to await the first of the expected major enforcement actions from EU regulators, including the ICO.  Many commentators expect that the vastly increased fining powers under GDPR will be exercised by the EU regulators over the coming months, for example, as data breaches which occurred after GDPR entered into force on May 25th 2018 are discovered.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.