ICO consults on its powers to investigate, regulate and enforce

December 21, 2021

The Information Commissioner’s Office has launched a consultation about how it regulates the laws it monitors and enforces.  

It is seeking views on three documents:

  • The Regulatory Action Policy (RAP) updates the ICO’s 2018 policy and sets out its general approach. It reinforces the ICO’s commitment to a proportionate and risk-based approach to enforcement, and it explains the factors taken into consideration before taking regulatory action such as imposing monetary penalties, orders to stop processing or compulsory audits. It also sets out how the ICO promotes best practice and ensures compliance and how it works with other regulators. The RAP covers all 11 pieces of legislation that the ICO is responsible for including the UK GDPR, Data Protection Act 2018, Freedom of Information Act and the Privacy and Electronic Communications Regulations 2003 (PECR).
  • “Statutory Guidance on our Regulatory Action” focuses on the sections in DPA 2018 that specify the ICO’s legal obligations to publish guidance to help organisations navigate the law. It also explains how the ICO uses its statutory powers to investigate and enforce UK information rights legislation.
  • “Statutory Guidance on our PECR Powers” explains how the ICO uses its statutory powers to enforce the data protection legislation (PECR) relating to electronic communications, like nuisance calls, emails and texts. The guidance focuses on the ICO’s statutory powers to issue monetary penalty notices on a person, or an officer of a body, for data protection failures in respect of the PECR. 

The three documents set out how the ICO aims to carry out its mission to uphold information rights for the UK public in the digital age.

While the UK government is considering changes to the current data protection regime, the ICO will update its policies when it is both necessary and appropriate. The three documents reflect the current regulatory landscape and are not time limited.

Publication of final documents, which is expected by the end of 2022, will be overseen by the new UK Information Commissioner. The Statutory Guidance documents must also be ratified by the Secretary of State for Digital, Culture, Media and Sport before being laid before Parliament.

The consultation ends on 24 March 2022.