| Status | Governmental office |
|---|---|
| Territory | United Kingdom |
| Leadership | Information Commissioner: Christopher Graham |
| Appointment | 29 June 2009 |
| Founded | 1984 (Data Protection Registrar) |
| HQ | Wilmslow, Cheshire |
| Website | www.ico.gov.uk |
The Information Commissioner's Office (ICO; stylized as ico.) in the United Kingdom, is a non-departmental public body which reports directly to Parliament and is sponsored by the Ministry of Justice. It is the independent regulatory office dealing with the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland.
Contents |
The Information Commissioner is an independent official appointed by the Crown. The Commissioner's decisions are subject to the supervision of the Courts and the Information Tribunal. The Office's mission is to "uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals".[1]
During the tenure of Richard Thomas as Commissioner, the ICO was particularly noted for raising serious concerns over the Government's proposed British national identity card and database, as well as other similar databases such as the Citizen Information Project, Universal Child Database, and the NHS National Programme for IT, stating that the country is in danger of sleepwalking into a surveillance society,[2] drawing attention to the misuse of such information by the former states of the Eastern bloc and Franco's Spain. The position of Information Commissioner is currently held by Christopher Graham, who took over from Richard Thomas on 29 June 2009.
The United Kingdom as a member of the European Union is subject to a strict regime of Data Protection. The Data Protection Act 1984 created the post then named Data Protection Registrar with whom people processing personal data had to register the fact of their processing of that data on the Register of Data Controllers. Under the provisions of EC Directive 95/46 (introduced in the UK as the Data Protection Act 1998, rather than as an SI under the European Communities Act 1972) the name of the post was changed to Data Protection Commissioner and later to Information Commissioner.
The register of data controllers is publicly available and searchable at the website of the ICO, which also gives links to the ICO's counterparts around Europe.
Prior to 2010 the enforcement powers were limited to issuing enforcement notices and to pursuing those alleged to have broken the Data Protection Act 1998 through the courts. In 2010 The Information Commissioner has started to issue fines, known as monetary penalties, by its own authority, granted in April 2010. The first such were served on 24 November 2010.[3] More recently, at the Leveson Inquiry it came to light that the ICO had felt unable to challenge the press related to allegations of breaches due to the power of the press and perceived weakness of its own powers.[4] Moreover, the lack of framing legislation to regulate government itself continues to raise questions over the scope of Act itself. Recent proposals to release NHS patient records to private research companies, for example, provide the means to circumvent the Act. [5]
Under the Freedom of Information Act 2000 the Commissioner's role was expanded to include freedom of information and the job title was changed to Information Commissioner ('IC'). The Freedom of Information (Scotland) Act 2002 is the domain of the Scottish Information Commissioner and is aimed at public bodies administered by the Scottish Parliament (which are not covered by the UK Act).
The Information Commissioner is also responsible for appeals made under the Environmental Information Regulations 2004.
In 2002, under 'Operation Motorman', the ICO under Richard Thomas raided various newspaper and private investigators' offices, looking for details of personal information kept on unregistered computer databases. The operation uncovered numerous invoices addressed to newspapers and magazines, which detailed prices for providing the journalists with personal information, with 305 journalists being identified as having been the recipients of a wide range of information.[6]
In 2006, a request under the Freedom of Information Act led to the publication of a report to the British Parliament called "What Price Privacy Now?".[7] The newspaper with the highest number of requests was the Daily Mail with 952 transactions by 58 journalists; the News of the World came fifth in the table, with 182 transactions from 19 journalists.[6] The Daily Mail immediately issued a press release, in which it rejected the accusations within the report. Editor Paul Dacre said that Associated Newspapers only used private investigators to confirm public information, such as dates of birth.[6]
In a July 2011 appearance in front of a parliamentary committee, a day after former News International CEO Rebekah Brooks had been arrested and bailed in light of the News International phone hacking scandal, Dacre told them that he had never "countenanced" phone hacking or blagging at his newspaper, as both acts were clearly "criminal".[8]
The role of the IC is mirrored throughout the countries of the European Union and European Economic Area who have equivalent officials created under their versions of Directive 95/46.