The Information Commissioner’s Officer has issued its annual report. The key points cover:
Helping the public and organisations
- The ICO’s helpline, chat and written advice services received 471,224 contacts in 2018-19, a 66% increase from 2017/18
- Data protection complaints received by the ICO increased from 21,019 in 2017/18 to 41,661 in 2018/19
- Supporting the public through the ICO’s many expanded public-facing services (like the helpline and live text service)
- Helping both small and large organisations embed compliance with the GDPR and DPA 2018
- Preparation of statutory codes focusing on age appropriate design, data sharing, direct marketing, and data protection and journalism.
Enforcing the law
- Using new powers of inspection – issuing 11 assessment notices in conjunction with investigations into data analytics for political purposes, political parties, data brokers, credit reference agencies and others
- Taking action through enforcement notices
- Issuing warnings and reprimands across a range of sectors including health, central government, criminal justice, education, retail and finance
- 2018/19 was a record-breaking year of monetary penalties under the DPA 1998 (though the figures quoted - 22 fines totalling over £3m - are dwarfed by the recent notices of intention to fine British Airways and Marriott Hotels a total of £282m under the GDPR/DPA 2018).
In May 2017 the ICO launched a formal investigation into the use of data analytics for political purposes, after allegations were made about the ‘invisible processing’ of personal data and the micro-targeting of political adverts during the 2016 EU referendum. The investigation eventually broadened and has become the largest investigation of its type by any data protection authority.