All appeals against Information Commissioner’s Office rulings have been suspended for at least 28 days because the regulator’s staff cannot do the necessary admin work to put their evidence in front of the court due to the Covid-19 lockdown.
The move is understood to affect over 60 cases which are being heard at the First-Tier Tribunal, including rulings made under both the Data Protection Act 2018 and 1998 and the Freedom of Information Act.
Among the raft of cases which have been halted are appeals by Doorstep Dispensaree against the ICO’s first GDPR fine of £275,000; Dixons Carphone against its £500,000 penalty, Heathrow Airport against a £120,000 fine, as well as cases brought by E.On, the Cabinet Office, the Dental Law Partnership and the Home Office.
According to a report in The Register, not only did the General Regulatory Chamber (GRC) grant a 28-day stay of all cases against the ICO, it did so just a day after the ICO asked a judge to temporarily stop appeals against its decisions from being decided. Tribunal judge Alison McKenna, top judge of the GRC, made the final decision.
The ICO said: “The Tribunal deals with appeals against notices issued by the Commissioner; the Commissioner is a respondent to every such appeal. The Tribunal’s standard practice is to ask respondents to appeals for paper bundles for each case.
“Once the ICO office closed due to the pandemic, it was not possible to create the paper bundles which is why we suggested a general stay of tribunal cases for a fixed period. We are currently exploring the option of using electronic bundle software.”
The number of cases on appeal highlights the burgeoning workload of the ICO’s legal team. Late last year, the regulator was forced to get a £600,000 bail out from the Treasury to meet increased legal and professional services expenditure.
In last year’s annual report it warned: “A risk to ensuring the ICO has adequate resources is the increased risk of contentious, complex and lengthy legal proceedings which has already started with the Facebook appeal and is likely to continue with the size of the fines that can be assessed under GDPR and the Data Protection Act 2018.
“We are currently exploring options to mitigate this risk. These options include ring-fencing fine income specifically to fund litigation costs, additional grant in aid, deficit budgeting, use of reserves, or seeking awards of costs through court proceedings. A key piece of work for 2019-20 will be to identify the way forward in this area.”
Dixons Carphone appeals ICO fine for ‘systemic’ failings
ICO issues first GDPR fine, but it’s not BA or Marriott
Millions of firms in firing line in data protection fee blitz
Data protection fee dodgers face fresh ICO clampdown
ICO funding pays off but fears grow over huge legal bills
Heathrow blunders trigger data governance warning