Privacy activists have accused the UK Information Commissioner’s Office (ICO) of repeatedly failing to take action against the government’s apparent violations of data protection laws. According to the Open Rights Group (ORG), the ICO failed to fully enforce GDPR Article 35 requirements for Data Protection Impact Assessments (DPIAs) in the NHS Test and Trace, NHS Contact Tracing App, and NHS Datastore programmes. The ORG also revealed that sensitive contact tracing data was exposed on social media channels, women were harassed with misuse of data, and large-scale processing of data by public authorities and numerous third parties violated personal data protection standards. The ORG has urged the government to scrap the Data Protection and Digital Information Bill (DPDI) and weaken data subject rights, accountability requirements, and ICO’s independence. Meanwhile, ICOs need to audit government departments, exercise stronger enforcement mechanisms, and develop robust oversight systems.
The ICO has denied any wrongdoing, stating that its priority during the pandemic was to help organizations understand how data protection laws could facilitate action in an emergency. The ICO mobilized a dedicated task force and published quick advice for organizations for utilizing their data in new ways.
As a writer focusing on legal and regulatory issues related to technology, I have contributed to various publications, including The Times, Daily Telegraph, Financial Times, BBC Radio and numerous technology titles. From censorship to online piracy to copyright, I have covered various aspects of content control on the internet. Follow me on Twitter to stay updated on my latest posts.