ICO

Subscribe to ICO via RSS

UK: ICO v Clearview – a test of the ICO’s reach?

By Rachel de Souza, Jules Toynton, Alexa Smith & Deborah Okanlawon on October 17, 2025

Posted in Enforcement, General Data Protection Regulation, Privacy Law, UK

Clearview’s processing of personal information

UK: ICO launches consultations on the new Data (Use and Access) Act 2025

By Rachel de Souza on August 26, 2025

Posted in Lawful basis, Legitimate Interests, New laws, Privacy Law, UK

In response to the UK’s new Data (Use and Access) Act 2025 (DUA Act) coming into force, the UK Information Commissioner (ICO) has launched two public consultations. The consultations, which aim to shape final guidance on amendments introduced by the DUA Act, address the new lawful basis of “recognised legitimate interests” …

UK: Google’s U-Turn on Device Fingerprinting: ICO’s Response and Subsequent Guidance

By Jules Toynton & Isla Neil on January 30, 2025

Posted in Cookies, Direct marketing, ePrivacy, Privacy Law, Tracking technologies

In a December, the Information Commissioner’s Office (ICO) responded to Google’s decision to lift a prohibition on device fingerprinting (which involves collecting and combining information about a device’s software and hardware, for the purpose of identifying the device) for organisations using its advertising products, effective from 16 February 2025 (see an overview of…

UK: Data protection authority issues reprimand to gambling operator for unlawfully processing personal data

By David Cook, Benjamin Fellows, Mateusz Wojcik & Shervin Nahid on September 25, 2024

Posted in Adtech, Cookies, Enforcement, UK

On 16 September 2024, the UK’s data protection authority, the Information Commissioner’s Office (ICO), issued a reprimand against Sky Betting and Gaming (SkyBet) for unlawfully processing people’s data through advertising cookies without their consent.

Between 10 January and 3 March 2023, SkyBet’s website dropped third-party AdTech cookies to visitors’ browsers before…

Keeping an ‘AI’ on your data: UK data regulator recommends lawful methods of using personal information and artificial intelligence

By Magda Zmorka on November 8, 2022

Posted in Artificial Intelligence, General Data Protection Regulation

Authors: Jules Toynton, Coran Darling

Data is often the fuel that powers AI used by organisations. It tailors search parameters, spots behavioural trends, and predicts future possible outcomes (to highlight a just a few uses). In response, many of these organisations seek to accumulate and use as much data as possible, in order to…
Continue Reading Keeping an ‘AI’ on your data: UK data regulator recommends lawful methods of using personal information and artificial intelligence

UK: ICO issue fine of £4.4m to Interserve for security failings

By Magda Zmorka on October 25, 2022

Posted in Cyber security

Authors: Ross McKean, Henry Pelling

On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m for violations of the GDPR (the violations were pre-Brexit).
The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal…
Continue Reading UK: ICO issue fine of £4.4m to Interserve for security failings