Category Archives: Information Commissioner

No, 43% of retail businesses have NOT been fined for CCTV breaches

A bizarre news story is doing the rounds, although it hasn’t, as far as I can see, hit anything other than specialist media. An example is here, but all the stories contain similar wording, strongly suggesting that they have picked up on and reported on a press release from the company (“Secure Redact”) that undertook the research behind the story.

We are told that

research reveals that 43% of UK retailers reported that they had been fined for a violation of video surveillance GDPR legislation…Of these retailers, 37% reported paying an equivalent of 2% of their annual turnover, 30% said the fine amounted to 3% of annual turnover, and 15% said the fine was 45% [sic] of annual turnover…A staggering 33% of those fined also had to close stores as a result of enforcement action

The research was apparently based on a survey of 500 respondents in retail businesses (50% in businesses with less than 250 employees, 50% in businesses with more than 250).

What is distinctly odd about this is that since GDPR has been in force in the UK, including since it has become – post-Brexit – UK GDPR, there has been a sum total of zero fines imposed by the Information Commissioner in respect of CCTV. 43% of retail businesses have not been fined for CCTV infringements – 0% have.

You can check here (direct link to .csv file) if you doubt me.

It’s difficult to understand what has gone wrong here: maybe the survey questions weren’t clear enough for the respondents or maybe the researchers misinterpreted the data.

Whatever the reasons behind the stories, those in the retail sector – whilst they should certainly ensure they install and operate CCTV in compliance with GDPR/UK GDPR – should not be alarmed that there is a massive wave of enforcement action on the subject which threatens to put some of them out of business.

Because there isn’t.

The views in this post (and indeed most posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

Leave a comment

Filed under CCTV, GDPR, Information Commissioner, monetary penalty notice, UK GDPR

ICO secures court-awarded compensation

ICO often say they can’t award compensation, but what they can do is – in criminal cases – make an application for the court to make an award (separate to any fines or costs). But as far as I know, until this case last week, they’d never done so:

https://www.mishcon.com/news/ico-recommends-compensation-awards-in-criminal-prosecution-case

Leave a comment

Filed under crime, damages, Data Protection, Data Protection Act 2018, Information Commissioner

Data Protection reform bill – all that? or not all that?

I’ve written an “initial thoughts” analysis on the Mishcon de Reya website of the some of the key provisions of the Data Protection and Digital Information Bill:

The Data Protection and Digital Information Bill – an (mishcon.com)

Leave a comment

Filed under adequacy, Data Protection, Data Protection Act 2018, Data Protection Bill, DPO, GDPR, Information Commissioner, PECR, UK GDPR

Data reform – hot news or hot air?

I’ve written a piece for the Mishcon de Reya website on the some of the key proposals (for our client-base) in today’s data protection reform announcement.

Data protection law reform – major changes, but the (mishcon.com)

Leave a comment

Filed under adequacy, consent, cookies, Data Protection, Data Protection Act 2018, DPO, GDPR, Information Commissioner, international transfers, nuisance calls, PECR, UK GDPR

ICO to keep income from UK GDPR fines

This is a significant development – the Information Commissioner will now be able to keep up to £7.5m a year from penalties, to cover their litigation and debt recovery costs:

https://www.mishcon.com/news/ico-to-keep-money-from-uk-gdpr-fines

Leave a comment

Filed under Data Protection, DCMS, GDPR, Information Commissioner, monetary penalty notice, UK GDPR

GDPR reprimands for Cabinet Office, UKIP, CPS & ors

A piece by me just uploaded to the Mishcon de Reya website, on an FOI disclosure to me of the most recent reprimands under GDPR/ UK GDPR issued by the Information Commissioner

ICO reprimands Cabinet Office, UKIP, CPS and others for (mishcon.com)

Leave a comment

Filed under Cabinet Office, Data Protection, Freedom of Information, GDPR, Information Commissioner, UK GDPR

Commons Committee report on Cabinet Office FOI “Clearing House”

I’ve written on the Mishcon website about the PACAC report on the Clearing House.

Leave a comment

Filed under Freedom of Information, Information Commissioner

Lots of FOI contempt applications in the wings

A new piece on the Mishcon de Reya site: the First-tier Tribunal is dealing with at least eight applications to certify contempt of court for failure by public authorities to comply with decision notices.

FOI enforcement starts to get serious?

Leave a comment

Filed under Freedom of Information, Information Commissioner, Information Tribunal, access to information, contempt

First ever FOI contempt certification

I’ve written a piece on the Mishcon de Reya website on the first ever case of certification of contempt of court to the High Court, for failure to comply with a decision notice.

Leave a comment

Filed under Freedom of Information, Information Commissioner, Information Tribunal

Open Letter to new ICO

I was delighted recently to be invited by OpenDemocracy to sign an open letter to John Edwards, new Information Commissioner, calling for more to be done to regulate FOI effectively. I’ve written many posts in the past breaking the state of FOI enforcement, so everything in the letter resonated with me. The letter has now been sent, and there are some very high profile journalists, MPs and campaigners who have signed:

https://www.opendemocracy.net/en/freedom-of-information/information-commissioner-foi-open-letter-secrecy/

Edwards has already replied, and said that addressing these concerns will be a priority for him.

Leave a comment

Filed under access to information, Freedom of Information, Information Commissioner, journalism