Connect with us

Tech

ICO fails to reveal majority of reprimands under GDPR

Published

on

ICO fails to reveal majority of reprimands under GDPR
.

London lawyer firm Mishcon de Reya demands disclosure of reprimands that were issued by the Information Commissioner’s Office to organisations for violating UK data protection law

Sebastian  Klovig Skelton

By

Published: 10 Jun 2022 17: 16

The Information Commissioner’s Office (ICO) has failed to publicly disclose the majority of “reprimands” it has issued since November 2021 to public sector organisations – including the Government Digital Service (GDS) – for UK data protection law breaches, a freedom of information (FOI) request shows.

Under the UK General Data Protection Regulation (GDPR), the ICO has the power to serve formal reprimands, as well as fines and other enforcement notices, when organisations contravene the law.

The 15 reprimand recipients include the GDS (part of the Cabinet Office), the UK Independence Party (UKIP), the Crown Prosecution Service (CPS) and the Welsh Language Commissioner. Four police forces, two local authorities, and two NHS trusts are also recipients.

The ICO confirmed to Computer Weekly that all of the reprimands issued to criminal justice sector bodies were issued under Part Three of the Data Protection Act 2018, which lays out specific rules for the processing of personal data by law enforcement entities for law enforcement purposes.

The undisclosed reprimands were revealed by a Freedom of Information (FOI) request submitted by Jon Baines, a senior data protection specialist at law firm Mishcon de Reya, who was following up on a previous request that showed the ICO had issued 42 reprimands between 25 May 2018 (when the UK GDPR came into effect) and 15 November 2021.

In the vast majority cases, the ICO did not publicly disclose that it had taken action against these organizations, despite its policy which states its “default position” to publish all formal regulatory results.

“By ‘formal regulatory outcomes’ we mean those where we serve or issue some form of notice, reprimand, recommendation or report following our regulatory work,” said the ICO in its Regulatory and Enforcement Activity Policy. “Our default position is that we will publish (and, where appropriate, publicise) all formal regulatory work, including significant decisions and investigations, once the outcome is reached.”

On reprimands specifically, the ICO added: “We will publicise these if it will help promote good practice or deter non-compliance.”

While the ICO has not disclosed details of the specific contraventions that led to the reprimands being issued, its Regulatory Action Policy says the watchdog will reserve its “most significant powers (i) for organisations and individuals suspected of repeated or wilful misconduct or serious failures to take proper steps to protect personal data”.

In response to the FOI disclosure about the lack of public reprimands, Mishcon de Reya said the ICO had confirmed that, going forward, it would include reprimands when publishing its online datasets of casework outcomes.

Computer Weekly asked the ICO to confirm that it would publish all reprimands going forward, to which a spokesperson responded that reprimands were published as part of the datasets available on its website.

While the spreadsheets attached to this web page do contain entries that show some of the reprimands were issued, there is no accompanying documentation detailing the nature of the reprimand.

Computer Weekly asked the ICO whether it would publish the actual reprimand documents going forward, rather than confirming whether one had been issued through entries in spreadsheets, to which a spokesperson responded: “Presently, the reprimands are published on the dataset. Looking ahead, we’ll be reviewing our approach to publicising our work once the Regulatory Action Policy has been agreed by Parliament.”

The only reprimands the ICO decided to make fully public since November 2021 were those given to the Scottish Government and NHS National Services Scotland in February 2022, which were issued over their failure to provide people with clear information about how the NHS Scotland Covid Status app was using their data.

“The ICO has decided to make this reprimand public because of the significant public interest in the issues raised. It stated that it had decided to issue a public reprimand in this instance because it was the most efficient and proportionate way of ensuring the identified issues are resolved quickly.

On why these reprimands would be deemed of “significant public interest” and the others not, Baines told Computer Weekly he presumed that the connection to the Covid-19 pandemic made them “particularly compelling when it came to a public interest analysis”.

Other reprimands are in the public domain, but only through news reports (in the case of Sheffield Council) or brief mentions buried in the ICO website that do not provide detail (in the case of UKIP). Baines stated that he wasn’t aware of any other public reprimands.

Computer Weekly asked the ICO directly why the reprimands issued to Scottish authorities were deemed to be of significant public interest, while all the others issued since November 2021 were not.

Pointing to its Regulatory and Enforcement Activity Policy, an ICO spokesperson said: “We state that we will publicise reprimands if it will help promote good practice or deter non-compliance. In the case of the Scottish Covid app, the reprimand was publicised to deter non-compliance.”

On whether its failure to publish the reprimands was contrary to its own disclosure policies, the spokesperson added that the ICO had recently closed a consultation on its Regulatory Action Policy: “Once the Regulatory Action Policy is agreed by Parliament, we will be reviewing our approach to disclosure, publishing and publicising our work, which is laid out in the document Communicating Our Regulatory and Enforcement Activity Policy.”

The document already says the ICO’s “default position” is to publish all formal regulatory outcomes.

Commenting on the FOI disclosure generally, Baines said: “It’s still not clear to me why the ICO hasn’t published in the past, as their own policy on publishing regulatory action says, ‘Publicity helps to raise confidence in – and awareness of – our work to promote good practice and deter those who may be thinking of breaching information rights legislation’.”

He added: “I feel I have a good understanding of the data protection practitioner community, and members of that community can learn from the outcomes of regulatory investigations; a failure by the ICO to publicise is a missed opportunity to help raise general standards of awareness and compliance.”

Read more on IT governance

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Tech

USB logos finally make sense, thanks to a redesign

Published

on

By

USB logos finally make sense, thanks to a redesign


Author: Mark Hachman
, Senior Editor

As PCWorld’s senior editor, Mark focuses on Microsoft news and chip technology, among other beats. He has formerly written for PCMag, BYTE, Slashdot, eWEEK, and ReadWrite.

Read More

Continue Reading

Tech

Cheaper OLED monitors might be coming soon

Published

on

By

Cheaper OLED monitors might be coming soon


Author: Michael Crider
, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Read More

Continue Reading

Tech

New Pixel Watch leak reveals watch faces, strap styles and more

Published

on

By

New Pixel Watch leak reveals watch faces, strap styles and more
Google Pixel watch



The Google Pixel Watch is incoming
(Image credit: Google)

We’re expecting the Google Pixel Watch to make its full debut on Thursday, October 6 – alongside the Pixel 7 and the Pixel 7 Pro – but in the meantime a major leak has revealed much more about the upcoming smartwatch.

Seasoned tipster @OnLeaks (opens in new tab) has posted the haul, which shows off some of the color options and band styles that we can look forward to next week. We also get a few shots of the watch interface and a picture of it being synced with a smartphone.

Watch faces are included in the leak too, covering a variety of different approaches to displaying the time – both in analog and digital formats. Another image shows the watch being used to take an ECG reading to assess heartbeat rate.

Just got my hands on a bunch of #Google #PixelWatch promo material showing all color options and Watch Bands for the first time. Some details revealed as well…@Slashleaks 👉🏻 https://t.co/HzbWeGGSKP pic.twitter.com/N0uiKaKXo0October 1, 2022

See more

Full colors

If the leak is accurate, then we’ve got four silicone straps on the way: black, gray, white, and what seems to be a very pale green. Leather straps look to cover black, orange, green and white, while there’s also a fabric option in red, black and green.

We already know that the Pixel Watch is going to work in tandem with the Fitbit app for logging all your vital statistics, and included in the leaked pictures is an image of the Pixel Watch alongside the Fitbit app running on an Android phone.

There’s plenty of material to look through here if you can’t wait until the big day – and we will of course be bringing you all the news and announcements as the Google event unfolds. It gets underway at 7am PT / 10am ET / 3pm BST / 12am AEDT (October 7).


Analysis: a big moment for Google

It’s been a fair while since Google launched itself into a new hardware category, and you could argue that there’s more riding on the Pixel Watch than there is on the Pixel 7 and Pixel 7 Pro – as Google has been making phones for years at this point.

While Wear OS has been around for a considerable amount of time, Google has been leaving it to third-party manufacturers and partners to make the actual hardware. Samsung recently made the switch back to Wear OS for the Galaxy Watch 5 and the Galaxy Watch 5 Pro, for example.

Deciding to go through with its own smartwatch is therefore a big step, and it’s clear that Google is envious of the success of the Apple Watch. It’s the obvious choice for a wearable for anyone who owns an iPhone, and Google will be hoping that Pixel phones and Pixel Watches will have a similar sort of relationship.

What’s intriguing is how Fitbit fits in – the company is now run by Google, but so far we haven’t seen many signs of the Fitbit and the Pixel lines merging, even if the Pixel Watch is going to come with support for the Fitbit app.

Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.

Read More

Continue Reading

Trending

Copyright © 2022 Xanatan