FOIA: an update on our definition documents and template guides for publication schemes

By Steve Wood, Head of Policy Delivery.

outsourcingWhen most people think of freedom of information, they probably think of the right to request information about public bodies. While this is an important tool for transparency, it isn’t the only requirement of the Freedom of Information Act (FOIA). Under FOIA every public authority must also have a publication scheme where they proactively publish information. In 2008 the ICO approved a model publication scheme for public authorities to adopt; it sets out the framework they must follow to meet their legal obligations. Publication schemes enable a public authority to demonstrate their commitment to openness and to build trust with the public. Continue reading

Posted in Steve Wood | Tagged , , , , , , , , , , , , , , , | Leave a comment

“The best journalism works within the law, although it often tests the boundaries”

By Christopher Graham, Information Commissioner

“News is what somebody doesn’t want you to print,” said William Randolph Hearst, the great American newspaper publisher. “All the rest is advertising,” he added.

But when somebody doesn’t want something printed, what are their privacy rights? What does the law say about press freedom and the right of free expression? How does the law balance the competing rights and obligations? Are data protection and journalism opposites that don’t mix, like oil and water? Or are they in fact complementary?

Twenty years a broadcast journalist and another twenty years as a communications regulator of one sort or another, I’d say that the best journalism works within the law, although it often tests the boundaries. Continue reading

Posted in Christopher Graham | Tagged , , , , , , , , , | Leave a comment

The Internet of Things: what is it and what does it mean for you?

By Andrew Paterson, Senior Technology Officer

Picture yourself coming home from work in twenty years’ time. The house alarm reacts to a signal from your car as you pull up on the drive and turns off. The alarm then triggers the doors to unlock. The doors unlocking tells the lights in your house to come on. You’ve already turned the heating on, using a mobile device while you were at work. All of these processes will have taken place because the devices are connected and able to respond to the others’ actions, based on commands you’ve already given or pre-programmed behaviour.

blog-internet-of-thingsThis trend of increasingly network-connected objects has loosely been termed the Internet of Things. And if you’re not familiar with the phrase already, you soon will be.

As well as offering convenience, the Internet of Things also has the potential to save you money. In the UK, the roll out of smart meters is imminent, giving you the opportunity to see how much power your home is using in real time. The devices will allow you to make choices that will not only be reflected on the display, but also in your bill at the end of the month. Continue reading

Posted in Andrew Paterson | Tagged , , , , , , , , , , , | 1 Comment

An effective regulator needs effective powers

By Steve Eckersley, Head of Enforcement.

Sometimes the simplest statements are the strongest: to be an effective regulator the ICO needs effective powers. This is especially true when it comes to battling the complex and continuing problem of tackling nuisance calls and texts. The statistics are staggering: in the last year we received 120,000 concerns regarding unsolicited calls and 30,000 concerns regarding texts. And these, of course, are just a small slice of a much larger issue. Across newspapers, social media and radio the message from the public is loud and clear – please put a stop to the spammers.

reading-textUntil recently one our most effective tools to reduce the number of complaints and tackle those responsible was the civil monetary penalty, with recent research identifying them as a successful sanction that changed behaviour and improved compliance.

Continue reading

Posted in Steve Eckersley | Tagged , , , , , , , | 4 Comments

Update on our response to the European Google judgment

By David Smith, Deputy Commissioner and Director of Data Protection.

jigsawIt’s now 11 weeks since I last wrote about the Court of Justice of the European Union judgment in the Costeja case.

The publicity given to the judgment has certainly raised awareness of people’s data protection rights, and we understand that several thousand search results and URLs have already been taken down, showing that the judgment is starting to have an effect. Whilst a small number of often borderline cases have generated negative media headlines, even Google has recognised that the removal of links from search results can have a real benefit. Continue reading

Posted in David Smith | Tagged , , , , , , , , , , , | 1 Comment

Seven things you should know about the ICO’s big data report

By Carl Wiper, Senior Policy Officer

Big data is a hot topic at the moment, with businesses, scientists and governments all keen to see what benefits it can offer. But big data is not a game that is played by different rules. If it involves personal data, you need to follow the Data Protection Act. The ICO’s report gives our perspective as the regulator of that law.

big data1. What big data is

Big data is often defined by the so-called ‘three Vs’: volume, variety and velocity: big data typically uses massive datasets, brings together data from different sources and can be used to analyse data in real time. But it is difficult to produce a watertight definition. Big data has been described as a phenomenon rather than a technology, and that’s a useful distinction. Continue reading

Posted in Carl Wiper | Tagged , , , | Leave a comment

Wearable technology – the future of privacy

By Andrew Paterson, Senior Technology Officer

UPDATE, 01/07/2014: Our consultation on updating our CCTV Code of Practice has now ended. We are currently considering the responses received with a view to publishing an updated version of our guidance later in the year.

Not so long ago, the collection of personal information by body worn devices was limited to trials in specific police forces, and others that could afford the specialist equipment. However, recent progress in hardware means that wearable technology may well become as common as mobile phones, as more and more technology companies start bringing out new devices that use personal information to make your life that little bit easier.

wearable-technologyIf you’re one of the more than one million people in the UK who go running each week you may already be familiar with the range of smart bands that can track useful information, such as heart rate, running speed and location, all using something no bigger than a standard watch. All of this can help you improve your times, find out how many calories you burn off and plan your next route. Continue reading

Posted in Andrew Paterson | Tagged , , , , , , , , , , , , | 16 Comments

ICO clarifies rules on charging for access to environmental information

By Thomas Oppé, Senior Policy Officer, Policy Delivery.


While the Environmental Information Regulations do not prompt as many enquiries to the ICO as the Freedom of Information Act, there are still parts of the regulations that require clarification and case law is still emerging.

One of the most notable is how much public authorities can charge for access to environmental information. That’s the focus for two revised pieces of guidance published today, which will be of use to any public authority that handles EIR requests. Continue reading

Posted in Thomas Oppé | Tagged , , , , , | 1 Comment

International study looks at phone app privacy

By Steve Eckersley, Head of Enforcement.

When we published our data protection guidance for app developers just before Christmas, I was shocked to see that half the people surveyed about apps had decided not to download one due to privacy concerns.

ico-blog-tabletThat figure is sure to be a concern for legitimate app developers, who can ill-afford to be losing half of their target audience. But it’s a concern too for data protection regulators: here’s an industry in its formative years that is already raising privacy concerns.

The issue is an international one – many mobile apps are developed abroad, and many sold to a domestic audience from abroad, and so it was an ideal subject to address through the Global Privacy Enforcement Network, of which ICO is a member. Continue reading

Posted in Steve Eckersley | Tagged , , , , , , , , , | Leave a comment

eBay attack is ‘wake-up call to all of us’

By Christopher Graham, Information Commissioner.

On Wednesday, eBay wrote to us to tell us they believed a cyberattack had compromised a database of customer information. We’re actively looking at this situation, with a view to launching a formal investigation. On the face of it, this is a very serious breach.

ico-blog-ebay-dOur response is made complicated by the nature of a big multinational internet company like eBay. They’re an American company, so the Federal Trade Commission will look into this. They’ve got a European headquarters in Luxembourg, and so the Luxembourg data protection authority will lead on an investigation in Europe. And there’s millions of UK citizens affected, so clearly we will be involved where we can. Continue reading

Posted in Christopher Graham | Tagged , , , , , , , | 14 Comments