ICO publishes guidance on privacy enhancing technologies

The Information Commissioner’s Office (ICO) has published draft guidance on privacy-enhancing technologies (PETs) to help organisations unlock the potential of data by putting a data protection by design approach into practice.  PETs are technologies that can help organisations share and use people’s data responsibly, lawfully, and securely, including by minimising the amount of data used and by encrypting or anonymising personal information. They are already used by financial organisations when investigating money laundering, for example, and by the healthcare sector to provide better health outcomes and services to the public. …

Read More

ICO could impose multi-million pound fine on TikTok for failing to protect children’s privacy

TikTok could face a £27 million fine after an ICO investigation found that the company may have breached UK data protection law, failing to protect children’s privacy when using the TikTok platform. The ICO has issued TikTok Inc and TikTok Information Technologies UK Limited (‘TikTok’) with a ‘notice of intent’ – a legal document that precedes a potential fine. The notice sets out the ICO’s provisional view that TikTok breached UK data protection law between May 2018 and July 2020. The ICO investigation found the company may have: processed the…

Read More

“Children are better protected online in 2022 than they were in 2021” – ICO marks anniversary of Children’s code

The ICO is marking the anniversary of the groundbreaking Children’s code, that has changed how children are treated online. The Children’s code was fully rolled out in September 2021, requiring online services including websites, apps and games to provide better privacy protections for children, ensuring their personal data is protected within the digital world. In the past year, the ICO’s action has prompted changes by social media platforms, gaming websites and video streaming services. Changes include targeted and personalised ads being blocked for children, children’s accounts set to private by…

Read More

UK Information Commissioner sets out focus on empowering people through information

The Information Commissioner’s Office (ICO) has set out a commitment to safeguard the information rights of the most vulnerable people, including regulatory work around children’s privacy, AI-driven discrimination, the use of algorithms within the benefits system and the impact of predatory marketing calls. The plans are set out in ICO25, a three year plan setting out the ICO’s regulatory approach and priorities. Speaking at the launch of the plan, UK Information Commissioner John Edwards will say: “My most important objective is to safeguard and empower people, by upholding their information…

Read More

International data protection and privacy authorities provide guidance against the threat of credential stuffing attacks

Latest report from international data protection and privacy authorities has identified credential stuffing as a significant and growing cyber threat to personal information. Credential stuffing is a cyber-attack method that exploits people’s tendency to use the same username and password combination across multiple online accounts. These attacks are automated and often in large scale, using stolen and legitimate credentials obtained from unrelated data breaches to access people’s accounts across websites. The report, published by a sub-working group of the Global Privacy Assembly’s International Enforcement Working Group (IEWG), including the ICO…

Read More