The ICO has published its annual report for 2019-20, covering what the Information Commissioner has called a “transformative period” for privacy and data protection and broader information rights.
Highlights from the report, which covers the 12 months to 31 March 2020, include:
- supporting and protecting the public and organisations: publication in January of the Age Appropriate Design Code, introduced by the Data Protection Act 2018; first Commissioner’s Opinion issued on the use of facial recognition technology following the High Court case on the use of such technology by the South Wales Police; publication of guidance for businesses and organisations on data protection and Brexit implementation; new freedom of information strategy launched;
- enforcement: regulatory action taken 236 times in response to breaches of the legislation regulated by the ICO, including 54 information notices, eight assessment notices, seven enforcement notices, four cautions, eight prosecutions and 15 fines; over 2,100 investigations conducted; settlement with Facebook over action brought under the Data Protection Act 1998;
- innovation: launch of the regulatory sandbox service; establishment with other regulators of a hub to streamline and reduce burdens on businesses and public services using data; encouragement of innovative research into privacy and data protection issues through the ICO’s research grants programme; publication of a consultation on an AI framework to allow the auditing and assessment of the risk associated with AI applications and how to ensure their use is transparent, fair and accountable; and
- international: the ICO continues to chair the Global Privacy Assembly.
Due to the period covered by the report it does not reflect the impact of COVID-19, although acknowledging the pandemic Ms Denham said: “The digital evolution of the past decade has accelerated at a dizzying speed in the past few months. Digital services are now central to how so many of us work, entertain ourselves and talk to friends and family”. However, she noted that the law has not changed “and the ICO continues to be a proportionate and practical regulator”. To access the full report, click here.