New UK ICO bringing ‘renewed vigour’ to cyber regulation

  • Market Insight 03 January 2023 03 January 2023
  • Asia Pacific, North America, UK & Europe

  • MGA

The frequency of monetary fines and the use of children’s data are just two of the areas in which we could see change in 2023

In 2022 the UK welcomed a new Information Commissioner, John Edwards, whose arrival brought renewed vigour to the regulatory focus of the ICO. This will undoubtedly lead to further change in 2023.

The ICO indicated that a monetary fine is only one of a number of enforcement tools, and that issuing of such fines will be reduced in cases involving public authorities. The ICO will also be publishing all reprimands issued from January 2022 onwards. Whilst the ICO is likely to be more circumspect in the issuing of fines to organisations, particularly public authorities, we anticipate the publication of reprimands will increase potential litigation risk exposure and reputation damage for organisations subject to such reprimands. 

The use of children’s data is a key focus. In September 2022, the ICO issued social media giant TikTok with a notice of intent for a £27m fine due to its failure to protect children’s privacy. Mr Edwards confirmed the ICO is investigating companies which are not conforming with the UK’s Children’s Code. He considers the UK could be a leading force in enacting change for children’s safety online across jurisdictions.

Throughout 2022, the ICO focussed on clamping down on predatory marketing calls. Marketing calls which include an element of profiling will be faced with larger penalties (such as the fine issued to Easylife Ltd for £1.4m). The current form of the new Data Protection and Digital Information Bill proposes increasing the ICO’s power to fine companies for such breaches.

Biometric technology is a sensitive area which may face further regulatory scrutiny. In May 2022, the ICO fined Clearview AI £7.5m for collecting data to create a database to be used for facial recognition. ICO guidance on the use of biometric technology is due in Spring 2023.

Of course, this is all against the backdrop of the new Data Protection and Digital Information Bill and we wait to see how this will impact the role of the ICO.

View all our Insurance 2023 Predictions here


Stay up to date with Clyde & Co

Sign up to receive email updates straight to your inbox!

You might be interested in...