The missing courage of the ICO

Dave Levy
2 min readSep 4, 2024

I note from Jim Killock’s pinned repost of a post by David Erdos on X, that the media and the ICO have issued a report, dated March 2024, on journalistic practices and the Data Protection Act 2018. This was produced as part of response to the Leveson Report, itself, spawned by the Millie Dowler & celebrity phone hacking scandal. Erdos makes the point that the ICO did not make use of its investigatory powers, which he refers to as §17 powers nor that the story was followed by … err! … the Press.

Man walking passed a mural of the word courage
Photo by Oliver Cole on Unsplash

Additionally, over the last week, the ICO announced its report into its investigations into the Labour Party and its compliance with GDPR/DPA. Again, they weren’t asking the big questions and say more about the mitigation actions than the compliance failures. This allows the Guardian to run a headline focusing on the failure to respond to DSARs, in fact the Guardian focuses only on late response, and not on failure and everyone is silent on the refusals.

I would like to know what measures the Party took to ensure that their IT sub-contractors met their obligations as data processors, what measures the Party took to ensure their DPO was qualified according to Article 37 of the GDPR, why no compensation has been offered/mandated to victims of the breach, what measures Labour took to ensure the completeness of any DSARs, what measures the Labour Party took to ensure that only…

--

--

Dave Levy

Brit, Londoner, economist, Labour, privacy, cybersecurity, traveller, father - mainly writing about UK politics & IT, https://linktr.ee/davelevy