Personal data privacy risks
Reputational and privacy risks associated with increased use of personal data for content personalisation.
Strongest theme matches
Mixed across source types and ranked by classifier confidence plus text match strength.
Committee recommendation
69match
#77 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
Open Rights Group notes: “[o]ur concern is that these clauses risk invasive digital searches. The broad definition of “relevant articles” and the broad authority to search persons for electronic devices, especially the power to access, copy, and use data stored on those devices, raise serious privacy concerns. For migrants, refugees, and asylum seekers (who may already be in...
Matched on
terms: personal, privacy
Committee recommendation
59match
#19 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
Given the severe infringement on the right to privacy posed by the imposition of electronic monitoring, the threshold test for electronic monitoring should be one of “necessity and proportionality”, not whether it is “appropriate”. Clause 52 should be amended accordingly. (See Amendment 18, Annex). (Recommendation, Paragraph 162)
Matched on
terms: privacy
Committee recommendation
57match
#9 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
We are concerned that clause 35(7) and (8), deeming transfer of personal data to third countries and international organisations to be necessary for important reasons of public interest, inappropriately disapplies the normal safeguards in data protection legislation when data is transferred to third countries. (Conclusion, Paragraph 89) Whilst recognising the need for the Home Office to act with...
Matched on
terms: personal
Committee recommendation
57match
#162 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
recommendation Given the severe infringement on the right to privacy posed by the imposition of electronic monitoring, the threshold test for electronic monitoring should be one of “necessity and proportionality”, not whether it is “appropriate”. Clause 52 should be amended accordingly. (See Amendment 18, Annex). 201 Open Rights Group,, p4 202 Migrant Help Q6 203 Migrant Help Q6...
Matched on
terms: privacy
Committee recommendation
57match
#143 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
The current restrictions, set out in section 3(1)(c) of the Immigration Act 1971, permit restrictions to be placed on individuals such as restrictions on the right to work and study, requirements to report to immigration officers, and residency requirements. The introduction of the power to impose curfews, exclusions, confinement, and electronic monitoring go far beyond the existing permissible...
Matched on
terms: personal
Committee recommendation
57match
#89 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
conclusion We are concerned that clause 35(7) and (8), deeming transfer of personal data to third countries and international organisations to be necessary for important reasons of public interest, inappropriately disapplies the normal safeguards in data protection legislation when data is transferred to third countries. recommendation Whilst recognising the need for the Home Office to act with expedition...
Matched on
terms: personal
Committee recommendation
57match
#86 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
However, clause 35(7) provides that if the information is used to identify a person for the purposes of facilitating their departure from another state or territory, and the information is transferred to a third country or international organisation for that purpose, the transfer will automatically meet the requirement in the UK GDPR that it is “necessary for important...
Matched on
terms: personal
Committee recommendation
57match
#74 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
The European Court has held that legislation applying to search and seizure must afford adequate and effective safeguards against abuse and arbitrariness.112 Further, section 37 of the Data Protection Act 2018 requires that personal data processed for law enforcement purposes is adequate, relevant and not excessive.
Matched on
terms: personal
Committee recommendation
57match
#73 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
The new powers would interfere with rights under Article 8 and Article 1 of Protocol 1, which are incorporated into domestic law by the Human Rights Act, because they would allow access to private information (stored electronically) and would interfere with the enjoyment of property (seizure and retention of electronic devices). The nature of the data liable to...
Matched on
terms: personal
Committee recommendation
57match
#2 - Recommend a trial of a centralised Secure Data Environment and simplify ethical governance
Should our successor Committee wish to explore the reform of the UK health data strategy, we recommend it considers: • Investigating the replication of the academic model of open and competitive funding to solve problems and develop Privacy Enhancing technologies (PETs) and other critical pieces of data infrastructure as an alternative to internal or contracted software development work;...
Matched on
terms: privacy
Committee recommendation
57match
#15 - HMRC lags in secure digital file sharing; plans secure messaging via app and tax accounts.
HMRC said it uses email sparingly due to security concerns.42 Several organisations representing taxpayers and their agents wrote to us to highlight the need for a secure digital way to share files and correspondence with HMRC so that communication by post and phone became the exception.43 HMRC acknowledged that it is clearly behind many other 31 Customer service,...
Matched on
terms: personal
Committee recommendation
57match
#4 - Prioritise introducing systems for customers to submit files and send secure digital messages.
HMRC does not provide an efficient means for taxpayers to communicate digitally with HMRC. In 2022–23, HMRC received 22 million items of correspondence, including physical post and forms and interactive forms. Approximately 70% of this comes in through the post. Postal correspondence, as well as some electronic correspondence, requires scanning, manual entry into HMRC’s systems, or both. In...
Matched on
terms: personal
LGO / SPSO decision
57match
25-009-787 - City of York Council
Summary: We will not investigate Mrs B’s complaint that the Council wrongly sent her sensitive personal information relating to someone else. This is because Mrs B may complain to the Information Commissioner’s Office which is in the best position to consider this complaint.
Matched on
terms: personal
NAO recommendation
56match
A digital BBC
set out how it plans to develop its personalisation strategy, including managing potential data risks. As it moves towards greater use of personal data and sign-in, the BBC now needs to fully develop a comprehensive personalisation strategy. This should include how it will manage potential compliance risks around the capture, storage and use of personal data, as well...
Matched on
terms: personal
Committee recommendation
53match
#88 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
ILPA notes that EU law specifically prohibits the transfer of personal data to a third country or international organisation for law enforcement purposes, “if there is a real risk that, as a result of such a transfer, the data subject might be subjected to torture, inhuman and degrading treatment or punishment or any other violation of his or...
Matched on
terms: personal
Committee recommendation
53match
#87 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
With regard to children, Open Rights Group notes that collecting biometric data from children over 16 without consent could violate child protection standards: “According to the guidance of the Information Commissioner’s Office (ICO) on processing sensitive personal data under the UK GDPR, biometric data is categorised as special category data and requires explicit consent. The guidance stresses that...
Matched on
terms: personal
Committee recommendation
53match
#78 - 4th Report - Legislative Scrutiny: Border Security, Asylum and Immigration Bill
Migrant Rights Network also notes the risk of disproportionality: “[m] obile phone seizures have also had limited success in other countries where the practice is commonplace, like Germany: 73% of data extracted from asylum seekers’ phones is unusable. As a result, mass device seizure as an immigration policy to target people seeking asylum is entirely disproportionate in relation...
Matched on
terms: privacy
Committee recommendation
53match
#20 - 1st Report – Raising the standard: licensing of taxis and private hire vehicles
We recommend that the government consult within the next 12 months on introducing mandatory in-vehicle CCTV, with a view to including this requirement within national standards if it is sufficiently supported by evidence. The consultation should also seek views on how data protection, privacy and storage concerns could be suitably addressed. (Recommendation, Paragraph 82)
Matched on
terms: privacy
LGO / SPSO decision
53match
25-007-980 - Middlesbrough Borough Council
Summary: We will not investigate Ms X’s complaint about an alleged breach of her personal data. The Information Commissioner’s Office is better placed to consider this complaint.
Matched on
terms: personal
Inquiry recommendation
52match
L60 - ICO Public Guidance
The Information Commissioner's Office should take steps to prepare and issue guidance to the public on their individual rights in relation to the obtaining and use by the press of their personal data, and how to exercise those rights.
Matched on
terms: personal
LGO / SPSO decision
52match
22-004-393 - City of Bradford Metropolitan District Council
Summary: We will not investigate Mrs X’s complaint the Council committed a data breach by sharing her sensitive personal information with third parties. This is because complaints about data matters such as this are best considered by the Information Commissioner’s Office.
Matched on
terms: personal
LGO / SPSO decision
52match
22-009-829 - Luton Borough Council
Summary: We will not investigate this complaint about the Council disclosing the complainant’s personal details. This is because this matter is best dealt with by the Information Commissioner’s Office.
Matched on
terms: personal
LGO / SPSO decision
52match
24-021-524 - Sefton Metropolitan Borough Council
Summary: We will not investigate Mr X’s complaint about a personal data breach. This is because complaints about data matters, such as this, are best considered and decided by the Information Commissioner’s Office.
Matched on
terms: personal
LGO / SPSO decision
52match
24-020-876 - Westminster City Council
Summary: We will not investigate Mr X’s complaint that the Council unlawfully processed and shared his personal data. This is because the Information Commissioner’s Office is better placed to consider this complaint. We will not investigate Mr X’s complaint about the Council’s complaint process because it does not meet the tests in our assessment code.
Matched on
terms: personal
LGO / SPSO decision
52match
24-022-928 - London Borough of Newham
Summary: We will not investigate this complaint about the Council sharing confidential information with a third party or the complainant’s concerns about a penalty charge notice. This is because the complainant has not suffered significant personal injustice and parts of the complaint are best dealt with by the Information Commissioner’s Office.
Matched on
terms: personal
LGO / SPSO decision
52match
25-010-838 - Liverpool City Council
Summary: We will not investigate this complaint about the Council’s failure to comply with a ruling made by the Information Commissioner’s Office. This is because this complaint relates to personal data and is a matter best dealt with by the Information Commissioner’s Office.
Matched on
terms: personal
LGO / SPSO decision
52match
24-011-715 - London Borough of Barnet
Summary: We will not investigate this complaint about the Council’s response to Ms X’s subject access requests under the GDPR legislation and its use of her personal data. This is because the Information Commissioner’s Office is best placed to deal with such issues.
Matched on
terms: personal
PFD report
49match
Donna Constantine
Police encouraging vulnerable individuals to use unmonitored work mobile phones creates risks due to a lack of off-duty response, clear escalation procedures, and proper audit trails for communication.
Matched on
classifier match
Committee recommendation
49match
#28 - Require tech companies to cleanse datasets of NCII and source data responsibly.
The private sector has innovated to create AI technology. It does not need to wait for legislation to catch up in order to safeguard individuals from harmful AI-generated content. As a starting point tech companies involved in AI content creation should cleanse their datasets of NCII content and commit to responsible sourcing of data to safeguard those datasets...
Matched on
classifier match
Inquiry recommendation
48match
L74 - Qualified One Way Costs Shifting
In the absence of the provision of an approved mechanism for dispute resolution, available through an independent regulator without cost to the complainant, together with an adjustment to the Civil Procedure Rules to require or permit the court take account of the availability of cost free arbitration as an alternative to court proceedings, qualified one way costs shifting...
Matched on
terms: privacy
Inquiry recommendation
48match
L72 - Exemplary Damages for Media Torts
Exemplary damages (whether so described or renamed as punitive damages) should be available for actions for breach of privacy, breach of confidence and similar media torts, as well as for libel and slander. The application to a defendant of any relevant system of regulation of standards enforcement which is contained in or recognised by statute and good internal...
Matched on
terms: privacy
Inquiry recommendation
48match
L70 - Civil Justice Council Damages Review
The Civil Justice Council should consider the level of damages in privacy, breach of confidence and data protection cases, being prepared to take evidence (from the Information Commissioner, the media and others) and thereafter to make recommendations on the appropriate level of damages for distress in such cases. How the matter is then taken forward will ultimately be...
Matched on
terms: privacy
Inquiry recommendation
48match
L69 - Review of Damages for Media Torts
There should be a review of damages generally available for breach of data protection, privacy, breach of confidence or any other media-related torts, to ensure proportionate compensation including for non-pecuniary loss (all referable to the duration, extent and gravity of the contravention).
Matched on
terms: privacy
Inquiry recommendation
48match
L66 - ICO Organisation Review
The Information Commissioner's Office should take the opportunity to review its organisation and decision-making processes to ensure that large-scale issues, with both strategic and operational dimensions (including the relationship between the culture, practices and ethics of the press in relation to personal information on the one hand, and the application of the data protection regime to the press...
Matched on
terms: personal
Inquiry recommendation
48match
L62 - ICO Annual Report on Press
The Information Commissioner's Office, in the Annual Report to Parliament which it is required to make by virtue of section 52(1) of the Act, should include regular updates on the effectiveness of the foregoing measures, and on the culture, practices and ethics of the press in relation to the processing of personal data.
Matched on
terms: personal
Inquiry recommendation
48match
L59 - ICO Good Practice Guidelines
In discharge of its functions and duties to promote good practice in areas of public concern, the Information Commissioner's Office should take immediate steps, in consultation with the industry, to prepare and issue comprehensive good practice guidelines and advice on appropriate principles and standards to be observed by the press in the processing of personal data. This should...
Matched on
terms: personal
Inquiry recommendation
48match
L49 - Narrow Section 32 Exemption Scope
The exemption in section 32 of the Data Protection Act 1998 should be narrowed in scope, so that it no longer allows, by itself, for exemption from: (a) the requirement of the first data protection principle to process personal data fairly (except in relation to the provision of information to the data subject under paragraph 2(1)(a) of Part...
Matched on
terms: personal
Inquiry recommendation
48match
L48 - Section 32 DPA Amendment
The exemption in section 32 of the Data Protection Act 1998 should be amended so as to make it available only where: (a) the processing of data is necessary for publication, rather than simply being in fact undertaken with a view to publication; (b) the data controller reasonably believes that the relevant publication would be or is in...
Matched on
terms: privacy
IOPC learning recommendation
48match
Recommendation - Durham Constabulary, July 2024
The IOPC recommends that Durham Constabulary should conduct a review into the way it shares people's personal and sensitive information with a view to ensuring relevant staff are appropriately trained and understand the powers they are using, and that processes comply with legislation and ICO expectations. This recommendation has arisen following an IOPC review into a complaint where...
Matched on
terms: personal
PHSO casework decision
48match
P-002878 - HM Courts and Tribunals Service
Mr W complains that HM Courts and Tribunal Service sent an Attachment of Earnings Order (AoE) sharing his personal data with a company he has never worked for.
Matched on
terms: personal
PHSO casework decision
48match
P-002301 - A practice in the Brighton and Hove area
Ms G complains the Practice inappropriately disclosed personal and sensitive historical information to a fostering agency without her knowledge and consent. She also says some of the information was not relevant or correct.
Matched on
terms: personal
PHSO casework decision
48match
P-002661 - Derbyshire Healthcare NHS Foundation Trust
Mr P complains the Trust shared his personal and medical information with the local council without his consent.
Matched on
terms: personal
LGO / SPSO decision
48match
21-015-453 - Bracknell Forest Council
Summary: We will not investigate this complaint that the Council wrongly shared Mr X’s personal information with third parties as this is a matter for the Information Commissioner’s Office.
Matched on
terms: personal
LGO / SPSO decision
48match
25-003-662 - Stoke-on-Trent City Council
Summary: We will not investigate this complaint about the Council allegedly sharing Mr X’s personal and business information with a third party. The Information Commissioner is best placed to consider how the Council handled Mr X’s data, and the county court is best placed to consider his claim for compensation.
Matched on
terms: personal
IOPC learning recommendation
48match
Recommendation - Metropolitan Police Service, January 2021
The IOPC recommends that the Metropolitan Police Service (MPS) should make their Information Code of Conduct and MPS Security Code policies clear that officers should not use their personal phones to contact members of the public unless there are no alternative options. The policies should also remind police officers and staff that those without a MPS issued mobile...
Matched on
terms: personal
LGO / SPSO decision
48match
22-002-272 - North Lincolnshire Council
Summary: We will not investigate this complaint about the Council disclosing personal details. This is because this matter is best dealt with by the Information Commissioner’s Office.
Matched on
terms: personal
LGO / SPSO decision
48match
22-007-062 - Chorley Borough Council
Summary: We will not investigate this complaint about the Council publishing the complainant’s personal information on its website. This is because this matter is best dealt with by the Information Commissioner’s Office.
Matched on
terms: personal
LGO / SPSO decision
48match
22-007-021 - Charnwood Borough Council
Summary: We will not investigate this complaint about the Council publishing the complainant’s personal information on its website. This is because the complainant has already complained to the Information Commissioner, who is best placed to deal with these matters. It would be reasonable for the complainant to pursue his claim for compensation through the courts. We cannot investigate...
Matched on
terms: personal
LGO / SPSO decision
48match
22-010-474 - Barnsley Metropolitan Borough Council
Mr X complains about the Council breaching his personal data to a third party without seeking his consent. We will not investigate this complaint. This is because it is reasonable for Mr X to complain to the Information Commissioner’s Office as the most appropriate body.
Matched on
terms: personal
LGO / SPSO decision
48match
22-009-289 - Ashfield District Council
Summary: We will not investigate this complaint that a visit by the Council to check Mr X’s welfare was a breach of his personal data. That is because there is not enough evidence of fault to justify our involvement.
Matched on
terms: personal