The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Current topics

Current topics

Our views on the latest issues

Read our views on a wide range of issues that have implications for privacy and openness.

ICO helps establish new Commonwealth network

The ICO has been helping to establish a new network of Commonwealth privacy regulators to promote cross-border co-operation and build capacity for effective data protection.

Agreement reached on international cooperation

A key agreement has been reached to improve international enforcement cooperation when regulators investigate data breaches.

'Cyber Essentials' scheme launched

The Department for Business, Innovation and Skills (BIS) has launched Cyber Essentials - a scheme aimed at highlighting security controls that will help organisations mitigate the risk to their IT systems from internet-based threats.

Quiz: data controllers or data processors?

The definitions of data controller and data processor are often misunderstood, which is why we've introduced updated guidance on the subject. How much do you know about which is which? Take our test and find out.

eBay ‘hack’: consumer advice

The Information Commissioner Christopher Graham provides advice in response to reports in the media about eBay having their customer database ‘hacked’

Information Commissioner to apply for a judicial review of Transport Secretary veto

March 2014
The Information Commissioner has begun the process of applying for a judicial review of the veto imposed by the Transport Secretary overruling the Commissioner’s Decision Notice under the Freedom of Information Act in relation to publication of the HS2 Performance Assessment Report. The move follows the recent Court of Appeal ruling in relation to letters written to Ministers by the Prince of Wales. That judgement, while subject to appeal, states that the exercise of the ministerial veto in respect of environmental information is incompatible with European law.

Read the letter informing the Justice Committee of the Information Commissioner’s intention to apply for the judicial review (pdf)

Joint letter with Local Government Association to local councils

December 2013
The Information Commissioner has sent a joint letter with Cllr Sir Merrick Cockell, Chairman of the Local Government Association, to local council leaders urging them to take stock of how their authority meets its data protection obligations and how excercises its governance responsibilities in this area. 
View a copy of the joint ICO and LGA letter 

Data protection media workshop summary report

October 2013
the ICO has held a media workshop on the development of its guidance on data protection and journalism, in light of the Leveson Inquiry recommendation.
View a summary report of the workshop

Statement on

October 2013
Earlier this year, the NHS Commissioning Board (NHS England) announced plans to introduce a new system for collecting and analysing data called

We have, this week, received an updated plan from NHS England which confirms that the data extraction for the system will not begin until Spring 2014. We have been assured that further communication will be provided to GPs to enable them to more clearly understand the process and to ensure they are fully aware of their fair processing obligations under the Data Protection Act. 

Prior to the extraction we understand that a national and regional communications campaign aimed at informing patients about the new changes will be launched by NHS England and this is welcome. We will continue to advise NHS England, GPs and the other relevant bodies about the importance of ensuring patients fully understand the options available to them and how they can object if they wish to do so.

It is a fundamental principle of the Data Protection Act that people are aware of how organisations may use or disclose their personal information. We expect all of the organisations involved to use the time between now and the Spring to make sure patients are aware of these changes, how their information will be used and how they can object to this if they wish to do so.

As the organisation with primary responsibility for their patients’ data, GP surgeries have an obligation to ensure that information about the use of their data is actively communicated to patients. They should satisfy themselves that the national and regional communications campaigns organised by NHS England, along with their proactive communication at a local level, ensures that, as far as practically possible, all patients are aware of these changes.

We will continue to work with and support the key organisations as work progresses to make sure patients’ information is being looked after correctly.

Fake emails offering shares

August 2013
We have received a small number of reports that people have received spam emails claiming to be from the ICO ( The emails appear to be asking people to buy shares in a company. 

We can confirm these emails do not originate from the ICO and that we are working with the relevant authorities to investigate this matter. We are advising people to delete these emails.

If you are unsure if an ICO email you have received is genuine, please contact our helpline on 0303 123 1113.

If you’re still concerned, visit the Action Fraud website.

Update: Amendments to the Freedom of Information Act

June 2013
We understand from the Ministry of Justice that the planned amendments to the FOIA will be commenced in August.

These changes are those made by the Protection of Freedoms Act 2012 (POFA), and cover:

• Amendments to FOIA in section 102 POFA – duty to provide datasets in re-usable form
• Amendments to FOIA in section 103 POFA – meaning of “publicly owned company”
• Amendments to FOIA and the Data Protection Act in Sections 105-108 POFA – the Information Commissioner

The changes will be accompanied by a new section 45 code of practice on datasets and new fees regulations for the re-use of data sets. We will publish guidance on the dataset amendments before they are commenced.

Letter to Google about Google Glass

June 2013
Google Glass, the new wearable-technology device from Google has been the subject of substantial media coverage recently. The ICO, as Vice-Chair of the Article 29 Working Party, has agreed to provide its support to a letter inviting Google to provide further information about Google Glass, the new internet-connected glasses. The letter was sent by Canada’s Office of the Privacy Commissioner. The letter is signed on behalf of the Article 29 Working Party by Chairman Jacob Kohnstamm, of the Dutch data protection regulator CBP. This is a separate action to the ongoing ICO investigation into whether Google’s revised March 2012 privacy policy is compliant with the Data Protection Act.
Read the letter on the Privacy Commissioner of Canada’s website

Letter to Justice Secretary Chris Grayling

June 2013
nformation Commissioner Christopher Graham writes to Justice Secretary Chris Grayling over the draft EU Data Protection regulation.
Read the letter sent to the Justice Secretary

Work continues to tackle spam texts and calls

May 2013
The ICO has published details of headline figures relating to our work to tackle the problem of spam texts and calls. The figures provide an overview of the enforcement action taken so far and the response we have received from the public and our online reporting tool.
Find out about the action we've taken

Letter to Better Together and Yes Scotland

May 2013
Last month the ICO wrote out to the campaign groups Better Together and Yes Scotland to remind them of their legal obligations under the Data Protection Act and Privacy and Electronic Communications Regulations when campaigning during the lead up to the Scottish referendum.
Read the letter sent to both groups
Read our guidance on political campaigning

New website homepage

May 2013
The new design should make it easier for people to find what they’re looking for and do things on the site; plus it’s clearer, and more modern. We hope you like it!
Read more about the changes

Progress report on actions agreed in the Information Commissioner’s response to the Leveson Report

April 2013
The Information Commissioner’s response to the Leveson Report included a number of agreed actions. This summary report sets out our progress against agreed actions as at the end of March 2013.
the Leveson Report on the Culture, Practices and Ethics of the Press
The Information Commissioner’s response, 7 January 2013

Amendments to the Freedom of Information Act

April 2013
A number of public authorities have asked us when the amendments to the Freedom of Information Act (FOIA) made by the Protection of Freedoms Act 2012 (POFA) will come into force.

We now understand that the following amendments to FOIA will be commenced later this spring, with the intention that they should take effect in May or June of this year:

• Amendments to FOIA in section 102 POFA – duty to provide datasets in re-usable form
• Amendments to FOIA in section 103 POFA – meaning of “publicly owned company”
• Amendments to FOIA and the Data Protection Act in Sections 105-108 POFA – the Information Commissioner

To accompany the new dataset provisions there will be a new section 45 code of practice on datasets and new fees regulations for the re-use of data sets. We expect that these will come into force at the same time. We will publish a guidance document on the dataset provisions before they come into force.

Response to Secretary of State for Education, regarding ‘free schools’ information request

February 2013
Last summer, the Information Commissioner ordered the release of information related to the Department for Education’s ‘free schools’ project, a decision backed by the Information Tribunal following an appeal by the Department. The information has now been published on the Department for Education website, accompanied by an open letter from the Secretary of State, explaining his concerns with its release.

- View the Information Commissioner’s open letter in response

The three Decision Notices from 2012 ordering the release of information can be found here:

FS50427672 - 29 May 2012
FS50415927 - 4 July 2012
FS50426626 - 9 July 2012
View the Information Tribunal ruling to uphold the ICO’s decision

EU data reform in detail

February 2013
The ICO has expanded the analysis paper it published last year, providing an in-depth, article-by-article analysis of the implications of the proposed EU data reform’s key areas.

Commenting on the paper, Information Commissioner Christopher Graham said: “There’s no doubt in my mind that the EU’s proposals offer an opportunity to update data protection law for today’s world and tomorrow’s innovations. But we won’t get two bites of the cherry: history suggests it could be another 18 years until this law is reformed again, so it’s crucial we get it right first time around.”
Read the paper

Changes to cookies on our website

January 2013
We will shortly be making a change to set cookies from the time people arrive on our website. This will help us collect reliable information to make our website better. For those who don’t want cookies, we’ll be providing an easy way to remove them.
Read more about the changes

ICO publishes further thoughts on reform of Europe’s data protection rules

January 2013
The ICO has published its further thoughts on the reform of Europe’s data protection rules in light of recent announcements from the European Parliament, Council of the European Union and European Commission.
Read the ICO’s thoughts

Other useful items

  • News releases

    Data protection and freedom of information news from the ICO.

  • ICO blog

    Our thoughts on current information rights issues.