Elizabeth Denham

ICO publishes annual tracking research

Retrieved on: 
Wednesday, July 7, 2021

77% of people say protecting their personal information is essential, research commissioned by the ICO has found.

Key Points: 
  • 77% of people say protecting their personal information is essential, research commissioned by the ICO has found.
  • The ICO commissions annual track research to monitor changes in public attitude and perceptions and why these changes may occur.
  • Information Commissioner, Elizabeth Denham said:

    This research is important to the ICO.

  • ICO has also published its annual report today.

Safer Internet Day 2021

Retrieved on: 
Tuesday, February 9, 2021

Information Commissioner, Elizabeth Denham said:

Key Points: 
  • Information Commissioner, Elizabeth Denham said:

    The ICO is proud to support Safer Internet Day, which contributes to the national conversation about online privacy and trust.

  • Children must be protected within the digital world while they learn, explore and play online.
  • The introduction of our Childrens Code in September 2020 was a vital step towards providing that protection.
  • Were engaging with organisations and creating resources to ensure that they know what changes they need to make to keep kids safe online.

ICO launches fourth and final phase of privacy innovation grants programme

Retrieved on: 
Thursday, January 28, 2021

Applications are now open for the fourth and final round of funding for the Information Commissioners Offices (ICO) current grants programme.

Key Points: 
  • Applications are now open for the fourth and final round of funding for the Information Commissioners Offices (ICO) current grants programme.
  • The ICO committed to run the grants programme until 2021 and work is ongoing this year to review and report on its progress.
  • The scheme, now in its fourth year, supports independent research into privacy and data protection issues and develops privacy-enhancing solutions.
  • Elizabeth Denham, Information Commissioner, said:

    When I launched our grants programme in 2017, it was to encourage research and privacy innovation in significant areas of data protection risk.

Elizabeth Denham's term as Information Commissioner extended

Retrieved on: 
Monday, January 25, 2021

“Following a request from the Secretary of State for DCMS , Elizabeth Denham has agreed to extend her term as Information Commissioner to 31 October 2021, while the recruitment process for her successor is completed."

Key Points: 

“Following a request from the Secretary of State for DCMS , Elizabeth Denham has agreed to extend her term as Information Commissioner to 31 October 2021, while the recruitment process for her successor is completed."

ICO and National Privacy Commission, Philippines, sign Memorandum of Understanding

Retrieved on: 
Thursday, January 14, 2021

UK Information Commissioner, Elizabeth Denham, and her counterpart in the Philippines, Commissioner and Chairman Raymund Enriquez Liboro (NPC), have today signed a Memorandum of Understanding (MOU).

Key Points: 
  • UK Information Commissioner, Elizabeth Denham, and her counterpart in the Philippines, Commissioner and Chairman Raymund Enriquez Liboro (NPC), have today signed a Memorandum of Understanding (MOU).
  • The MOU, signed virtually via video-teleconference, sets out the commitment of the Information Commissioners Office (ICO) and the NPC to fostering closer collaboration and cooperation in data protection in the two jurisdictions.
  • Under the MOU, the two authorities will collaborate to deliver the regulatory cooperation necessary to support their data-based economies and protect the fundamental rights of citizens of each jurisdiction.
  • It lays the basis of the enhanced work relationship for the two authorities to go forward in matters of mutual regulatory interest.

ICO takes enforcement action against Experian after data broking investigation

Retrieved on: 
Wednesday, October 28, 2020

Other thematic failings identified were:Although the CRAs did provide some privacy information on their websites about their data broking activities, their privacy information did not clearly explain what they were doing with people’s data;Separately, they were using certain lawful bases incorrectly for processing people’s data.The enforcement notice follows a two-year investigation by the ICO into how Experian, Equifax and TransUnion used personal data within their data broking businesses for direct marketing purposes.

Key Points: 
  • Other thematic failings identified were:
    • Although the CRAs did provide some privacy information on their websites about their data broking activities, their privacy information did not clearly explain what they were doing with people’s data;
    • Separately, they were using certain lawful bases incorrectly for processing people’s data.
    • The enforcement notice follows a two-year investigation by the ICO into how Experian, Equifax and TransUnion used personal data within their data broking businesses for direct marketing purposes.
    • A complaint from the campaign group Privacy International to the ICO also raised concerns about the data broking industry, specifically Equifax and Experian.
    • The investigation found how the three CRAs were trading, enriching and enhancing peoples personal data without their knowledge.
    • It is invisible because the individual is not aware that the organisation is collecting and using their personal data.
    • Findings from the investigation have been published today in an ICO report into data protection compliance in the direct marketing data broking sector.
    • Although the CRAs varied widely in size and practice, the ICO found significant data protection failures at each company.
    • As a result, Experian has been given an enforcement notice compelling it to make changes within nine months or risk further action.
    • Information Commissioner Elizabeth Denham said: Our investigation uncovered data protection failings that likely affected millions of adults in the UK.
    • Disrupting the flow of non-compliant personal data will have significant impact not just across the sector but will drive benefits for individuals and organisations wherever this data is used.
  • Other key requirements of the notice include:
    • Setting out improvements to privacy information to make clear what personal data is collected, where it has come from, what it is being used for or who the data is being sold to and why.
    • Deleting any data supplied to Experian under the lawful basis of consent which is now being processed using a different lawful basis of legitimate interests.
    • Stop the processing of any personal data that has been collected unlawfully.
  • Notes to Editors
    1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
    2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five Acts / Regulations.
    3. Article 5 of the GDPR requires that personal data shall be:
    4. Processed lawfully, fairly and in a transparent manner in relation to individuals;
    5. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
    6. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
    7. Accurate and, where necessary, kept up to date
    8. Kept in a form which permits identification of data subjects for no longer than is necessary; and
    9. Processed using appropriate technical or organisational measures in a manner that ensures appropriate security of the personal data.
    10. Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
    11. Section 146 of the DPA 2018 contains a provision for the Information Commissioner to issue an assessment notice. It’s a notice the ICO issues to a data controller or processor to allow it to audit and assess whether they are compliant with data protection legislation.
    12. Section 149 of the DPA 2018 contains a provision for the Information Commissioner to issue an enforcement notice. It orders specific actions by an individual or organisation to resolve breaches (including potential breaches). An individual or organisation can be fined for failing to comply with the terms of an enforcement notice.
    13. Organisations issued with an ICO enforcement notice have the right to appeal to the First Tier Tribunal (Information Rights) within 28 days of receiving the notice.
    14. The ICO investigation into data analytics for political campaigns is one example of where invisible processing and profiling prevented people from exercising their data protection rights. As part of that investigation, the ICO announced that it had served assessment notices to Experian, Equifax and TransUnion (formerly Callcredit) in order to investigate the data broking sector further.
    15. Data broking involves collecting people’s personal data from a variety of sources, then combining it and selling or licensing it to other organisations to support direct marketing.
    16. The scope of this investigation was limited to ‘offline’ data broking. Offline direct marketing services focus on providing marketing to individuals through methods other than the internet. This can include postal, telephone and SMS marketing. It also means that the focus of the profiling activities we investigated and address in this report does not include data collected about an individual’s online behaviours. We are investigating participants in the online advertising industry separately.
    17. The scope of the investigation did not cover online data broking. It also did not extend beyond looking at the provision of marketing services by the data brokers. In the context of the CRAs, this means that the investigation did not look at their credit referencing functions.
  • ICO launches consultation on draft Statutory guidance

    Retrieved on: 
    Thursday, October 1, 2020

    The Information Commissioner's Office (ICO) has launched a public consultation on its draft Statutory guidance, which details how it will regulate and enforce data protection legislation in the UK.

    Key Points: 
    • The Information Commissioner's Office (ICO) has launched a public consultation on its draft Statutory guidance, which details how it will regulate and enforce data protection legislation in the UK.
    • Designed to ensure the rights and freedoms of individuals are protected, the draft guidance also seeks to provide assurance to business that the ICO will use its powers proportionately and consistently.
    • Elizabeth Denham, Information Commissioner said:

      The primary role of my office is to protect the rights and freedoms of individuals in the digital age, and this draft guidance explains how my office will achieve this.

    • A requirement of the Data Protection Act 2018, the draft Statutory guidance explains how the ICO will exercise its regulatory functions when issuing: information notices; assessment notices; enforcement notices and penalty notices.

    Privacy Commissioner for Personal Data, Hong Kong, China and United Kingdom Information Commissioner Sign MOU UK and Hong Kong regulatory authorities will work together when citizens’ data is at risk

    Retrieved on: 
    Sunday, August 2, 2020

    Media Statements

    Key Points: 
    • Media Statements

      Date:2 August 2020

      Privacy Commissioner for Personal Data, Hong Kong, China and United Kingdom Information Commissioner Sign MOU UK and Hong Kongregulatory authoritieswill work together when citizens data is at risk

      The Privacy Commissioner for Personal Data, Hong Kong, China Mr Stephen Kai-yi WONG (PCPD) and the United Kingdom Information Commissioner Ms Elizabeth Denham CBE (ICO) signed a Memorandum of Understanding (MOU) on 29 July 2020.

    • It lays the basis of the enhanced work relationship for the two authorities to go forward in matters of mutual regulatory interest.
    • The MoU will demonstrate to the outside world that the UK and Hong Kong data protection authorities will work together where necessary when our citizens data is at risk.
    • About the Privacy Commissioner for Personal Data, Hong Kong, China (PCPD)

      The PCPD is an independent statutory body in Hong Kong set upto promote, monitor and supervise compliance with the Personal Data (Privacy) Ordinance (Cap.

    Statement in response to the decision by National Police Chiefs' Council to withdraw digital consent forms

    Retrieved on: 
    Thursday, July 16, 2020

    Information Commissioner Elizabeth Denham said:

    Key Points: 
    • Information Commissioner Elizabeth Denham said:
      In our report published on 18th June , we recommended that these forms were withdrawn, and I am pleased to see that this action has been taken.
    • People expect to understand how their personal data is being used.
    • An approach that does not seek this engagement risks dissuading citizens from reporting crime, and victims may be deterred from assisting police.
    • The ICO is also recommending the introduction of a new code of practice to improve mobile phone extraction practices and better support police and prosecutors in their work.

    Commissioner comment on Lord’s Committee digital technology report

    Retrieved on: 
    Friday, July 10, 2020

    ICO statement following the Lords Committee on Democracy and Digital Technologys report Digital Technology and the Resurrection of Trust.

    Key Points: 
    • ICO statement following the Lords Committee on Democracy and Digital Technologys report Digital Technology and the Resurrection of Trust.
    • Elizabeth Denham, Information Commissioner, said:

      The report Lord Puttnam and his committee have published is a welcome contribution to important conversations around the role digital technology has in all of our lives.

    • In particular, I am pleased to see an acknowledgment of how integral personal data is in this debate.
    • Any discussion of online harms must include consideration of the personal data processing that fuels algorithms and profiling.