The Information Commissioner’s Office has continued its mission to crack down on both rogue marketers and business which flout data protection law yet the battle to collect the fines continues.
According to the regulator’s annual report, during the 2023/24 period, it imposed £15.6m in monetary penalties (slightly higher than the figure for previous period of £15.3m).
These fines included a £12.7m penalty for TikTok, a £7.5m fine for Clearview AI and 26 monetary penalties totalling £2.6m for rogue telemarketing firms.
However, at the year-end, the monetary penalties still to be collected and paid to the consolidated fund amount to £25.9m (compared to £16.6m for 2022/23), with many being carried over from the previous period. Some £21.6m relates to those under appeal, including Clearview AI and TikTok.
Even so, four companies were wound up as a result of ICO petitions, three directors were disqualified for a total of 21 years, and it removed and replaced liquidators in two cases. A number of financial investigations under the the Proceeds of Crime Act have progressed, and the ICO maintains its exercised its new powers “on a range of cases”, although it does not provide details.
Elsewhere in the report, the ICO says its personal data breach work increased 28% this year, with 11,680 cases reported, compared to 9,146 in the previous period. The highest reporting sectors remained health, education and childcare.
Over 20% of all reported breaches relate to emailing, posting or faxing personal data to the wrong person. In most cases, it took informal action, including giving advice to organisations to help them with the current incident, to avoid repeat occurrences and to learn from breaches experienced by similar organisations.
In civil investigations and high priority inquiries, the ICO has concluded 285 investigation cases and 80 incidents and delivered reprimands on 31 cases, covering a diverse range of sectors and compliance concerns including disclosures in error, inaccurate data and data subjects’ rights.
It issued ten enforcement notices, including taking regulatory action on employment monitoring and biometric data collection.
The number of complaints about rogue calls and texts (under PECR) was up slighty on the previous period (53,476 compared to 50,954) but still down on the high of 105,438 during 2021/22. Complaints about cookies still hover around the 2,000 mark, while emails are nudging up year on year 31,635 for 2023/4 and 20,331 and 22,890 for 2022/3 and 2021/2 respectively).
The regulator says it targeted its resources towards enforcement action where people were at most risk of harm for green energy schemes; subscriptions and warranties; debt management and personal loans; and claims management, including personal contract purchase (PCP) and payment protection insurance (PPI) tax refunds.
Commissioner John Edwards said: “We are a whole-economy regulator, which means we have to be selective about where we focus our efforts. This is an ongoing process, but one I believe you can see the beginnings of.
“Our purpose, our strategic enduring objectives – all of these serve as guidelines and guardrails as to our priorities. And we will hold ourselves accountable to these objectives, ensuring that our work continues to help us achieve them.
“We are preparing for a volatile and uncertain future, as are many organisations across the country. However, we remain focused on our mission to empower you through information.”
Related stories
‘Threatening’ telemarketing firm hit with £80,000 fine
HelloFresh scorched for 80m illegal emails and texts
Edwards: Clearview AI appeal ‘a matter of principle’
Red faces at ICO as Clearview AI overturns £7.5m fine
Clearview AI gets £7.5m fine; is facial recognition dead?
TikTok whacked with £12.7m fine for UK privacy failings
Clouds gather over TikTok: Do marketers give a toss?
TikTok rocked by fresh claims of 18 violations of GDPR