惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Hacker News
The Hacker News
F
Full Disclosure
Cloudbric
Cloudbric
Blog — PlanetScale
Blog — PlanetScale
W
WeLiveSecurity
N
News and Events Feed by Topic
T
Troy Hunt's Blog
V2EX - 技术
V2EX - 技术
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
B
Blog
GbyAI
GbyAI
C
Check Point Blog
B
Blog RSS Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Recorded Future
Recorded Future
The Last Watchdog
The Last Watchdog
N
News and Events Feed by Topic
T
The Blog of Author Tim Ferriss
O
OpenAI News
V
V2EX
人人都是产品经理
人人都是产品经理
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
WordPress大学
WordPress大学
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Security @ Cisco Blogs
C
Cisco Blogs
Security Latest
Security Latest
S
Security Affairs
V
Visual Studio Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Hacker News - Newest:
Hacker News - Newest: "LLM"
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Microsoft Azure Blog
Microsoft Azure Blog
Last Week in AI
Last Week in AI
AWS News Blog
AWS News Blog
雷峰网
雷峰网
Apple Machine Learning Research
Apple Machine Learning Research
PCI Perspectives
PCI Perspectives
博客园_首页
U
Unit 42
Google DeepMind News
Google DeepMind News
Hugging Face - Blog
Hugging Face - Blog
Project Zero
Project Zero
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
N
Netflix TechBlog - Medium
L
LINUX DO - 热门话题
H
Hacker News: Front Page

Open Rights Group

Joint Letter: Protect VPNs Open letter for an investigation into the ICO over eVisas Civil society organisations call for ICO to be investigated over eVisas The end is nigh for US data transfers How AI in asylum decision-making drives failure and cost Dear Andy, we need a complete reset on digital policy John Edwards resignation is opportunity to appoint a regulator with teeth AI in Asylum Decisions: Transparency and Accountability Failures Stop Killing the Internet: New global movement launches MPs urged to vote for a Digital Sovereignty strategy The social media policy ratchet Starmer’s social media ban fails to address root causes of online harms This refugee week, take courage! The rise of copyright trolling Growing up in an online world: ORG Consultation Response Reset the ICO The ICO isn’t doing its job – why the data watchdog needs an overhaul The ICO isn’t doing its job – why the data watchdog needs to be reset ORG response to ICO call for views on our approach to regulating online advertising ORG response to Consultation on the ICO’s approach to data protection complaint handling Companies and civil society warn that UK is undermining open web Papers Please! MPs back mass online digital ID checkpoints MPs call for publication of secret documents that outline chronic risks from UK’s dependence on Big Tech New report: UK needs digital sovereignty strategy to address threats from reliance on big tech The case for Digital Sovereignty and the Digital Commons After the LA Court verdict, the UK must disrupt surveillance capitalism business models 13 year olds could be compelled to use unregulated age verification Children’s Wellbeing and Schools Bill: Analysis of Amendment 38b ICO must investigate Reform ‘competition’ for data protection breaches Break privacy to make privacy? Age verification isn’t the answer Home Office use of AI in asylum cases likely to be unlawful, legal opinion finds Legal Opinion: The use of Artificial Intelligence tools in asylum cases MPs give ministers powers to restrict entire Internet Board Election Results Palestine Action ruling: Human rights organisations call for Ofcom to issue guidance on content takedowns
Wanted: Government to fix the ICO
16 Jul 2026 Mariano delli Santi · 2026-07-16 · via Open Rights Group

Digital Privacy

Following the conclusion of an internal HR process, the Information Commissioner is on garden leave, before his final exit. As reported in the Times, the investigation into his behaviour found “sexual harrasment, bullying and discrimination”. The Secretary of State, Liz Kendall, said she had “seen evidence of the vulgar and highly sexualised language that was used in his interactions with his staff and am extremely concerned that he continues to describe these incidents as misplaced humour”.

The government have now determined to carry out, jointly with the ICO, an independent review, but questions remain about how such behaviour was kept in the dark for so long. The competition to select the new Information Commissioner is expected to be published shortly, and the government is also expected to appoint the new non-executive members, as the ICO transforms to an Information Commission.

Deeper problems

While this affair is appalling, it cannot become an excuse to overshadow the deeper issues surrounding the ICO and its regulatory function. The fish may be smelling from its head, but it must be reckoned that the whole institution is suffering from deep problems, especially around its timidity in enforcing data protection law, which existed in similar forms during the last Commissioner’s tenure, and long beforehand.

As pointed out by a previous letter, convened by ORG and supported by over 70 experts, the ICO is experiencing a collapse in enforcement action. Data protection is a key instrument to regulate Artificial Intelligence and promote online safety, children protection, workers’ rights, and public service delivery. More and more evidence shows that, without proper regulation and policing of data practices, harms ensue, public trust erodes, and markets fail. Technology is a layer that spreads across all areas of society, and what may look as abstract issues such as data protection can easily undercut government ambitions where it matters.

As the new government moves in, selecting a new Commissioner cannot become a convenient exit door for sweeping the ICO under the proverbial rug. A change of leadership can, however, become a first step to fix the ICO, and bring about meaningful change.

OVERSIGHT MELTDOWN AND THE PUBLIC SERVICE DELIVERY

In 2022, the Ministry of Defence (MoD) leaked sensitive personal data of 18,700 Afghan nationals who had assisted UK forces, and up to 100.000 of their family members. At least “49 relatives or colleagues of affected Afghans have been killed in incidents linked to Taliban reprisals following the leak”, and a “survey of those notified found that 87% had received direct threats to their safety”. The ICO, however, their new “public sector approach” and left the MoD off the hook. First, by reducing a monetary penalty against the MoD. Then, by refusing to take any further action after the repeated nature of the Afghan data breach was revealed.

In 2025, 19 civil society organisations complained to the ICO, asking to take action against endemic data security incidents that have affected the eVisa scheme since 2020. A FOI response revealed that the ICO had already received 851 complaints against the Home Office. The ICO have taken no remedial action to this date, but they have adopted a new complaints handling policy, formalising an approach under which most complaints will be shelved away “for information purposes only”.

In 2025, HMRC carried out a data-driven crackdown on child-benefits, using travel data to suspend payments of recipients deemed to be residing abroad. As a result, 15.000 families were unjustly targeted and accused of fraud. The pilot scheme, which presented obvious red flags, was approved during a DEA Review Board meeting, in the presence of ICO staff. The ICO recently signed a Memorandum of Understanding with the government, promising to adopt a less oppositional stance toward the government.

These examples reveal how the ICO failings are closely linked to its policy choices, and have enabled malpractices to thrive within the public sector. Following the ICO new approach, complaints against public sector bodies have soared, the government were left unchallenged when opposition and accountability was needed. As Dame Chi Onwurah, Chair of the Science, Innovation and Technology (SIT) Select Committee, pointed out, “the use of technology to help grow the economy and improve public services requires the public to trust that their data is being kept secure”. The ICO failure to hold public bodies to account and drive up data protection standards has become a systemic risk that affects these bodies’ ability to carry out their tasks in a safe and effective manner.

ICO GUTTING WORKERS’ RIGHTS

Algorithmic management systems and Artificial Intelligence (Automated Decision-Making, or ADM) are exposing workers to heightened risks of discrimination and wage-theft, hidden under opaque algorithms. These issues are not new to the ICO: their report on the use of ADM in recruitment has concluded “that employers have more work to do to ensure that the use of automated recruitment tools respects people’s information rights”. According to their audit report, the ICO made “almost 300 recommendations to improve compliance”. However, the ICO have taken no enforcement action to remedy the infringement of workers’ rights they found in their audit.

On top of that, workers have successfully challenge discriminatory robo-firings and wage-theft with their right not to be subject to solely automated decision-making, as enshrined in the UK data protection law. When Boris Johnson’s government proposed to remove such right, the ICO lashed against it, and made the counter-proposal to expand such protections “to also cover partly automated decisions”. This critical stance, adopted under the previous Information Commissioner, was quickly shelved after John Edwards took over. The Conservatives’ proposal to gut ADM rights survived the change of government and became law with the Data (Use and Access) Act. As a result, workers in the UK lost the right not to be subject to ADM in most circumstances.

PROTECTING CHILDREN AND ONLINE SAFETY

Protecting children online, tackling online harms and curbing the spread of disinformation are hot political topics. The UK government has signalled the intention to restrict children’s access to social media, a move that would expand existing requirements to age-gate internet services. At the same time, the SIT Committee’s recent report on social media harms identified data-driven recommendation systems and online advertising as major drivers of online harms. Before then, the government has been running the Online Advertising Taskforce with the aim of addressing “illegal harms and the protection of children in relation to online advertising”.

However, the ICO has been pushing for the adoption of age verification systems at all costs and, notably, at the expense of privacy. This does not only risk undermining trust in age assurance policies, but represents an overly-narrow approach to regulation that fails to address the exploitation of personal data which, from age verification, are being repurposed to target online advertising. In turn, advertising data is used to drive up engagement, exploit addictions, and target harmful content.

On top of that, seven years ago the ICO published an update adtech report acknowledging widespread unlawful practices in the sector. As their recent advice to DSIT on how to reform online advertising rules read, “many of the issues associated with RTB that we identified in 2019 still exist today”. The ability to target individuals based on personal data is what exposes problem gamblers to being targeted with ads that exploit their addiction. It allows exclusion from life-changing opportunities on the basis of someone’s gender, sexual preferences, ethnicity or other sensitive characteristics. It exposes children and those in a more vulnerable status to be targeted and taken advantage of.

Against this background, the ICO are shying away from taking regulatory action to address these issues, but they are instead proposing to lower legal protections against online tracking and profiling. Likewise, the ICO gave the green light to Meta to rely on consent or pay, against their own guidance and in stark contrast to the European Union, where Meta’s practice was deemed unlawful on the basis of equivalent data protection rules. Estimates have shown that, if consent or pay takes hold, “keeping your phone private could soon cost around € 8,815 a year”. Whereas privacy ought to be a right, lack of proper regulation of the digital economy risks turning it into a cost of living issue.

WHAT THE GOVERNMENT CAN DO

The upcoming government has signalled appetite to move beyond a laissez-fair approach to digital regulation, and toward a more direct intervention to ensure markets and the public sector deliver. The ICO have a role to play in materialising this vision, but the government will need to promote bold changes and learn from past mistakes. In particular, the previous government quickly moved in to politicise regulators’ work and appease US big business. As we have seen with the ICO, this approach is, ultimately, a recipe for failure: lacking sufficient arms length from the government, the ICO has been failing to properly supervise public bodies, allowing data malpractices to spread. Also, weak regulation around harmful advertising comes as a direct consequence of the commitments the ICO have taken with the government. The next government will need to reverse this pernicious direction of travel and restore the independence of the ICO. As proposed by Gordon Brown’s report, the government should consider transferring responsibility for the ICO to Parliament.

The meltdown of the ICO leadership underscores the need to restore integrity at the top. This goes beyond workplace behaviour: the ICO have a long track record of revolving doors, where senior staff and leadership members often end up working for the industries or companies they were meant to police. Establishing proper boundaries against corporate influence is necessary to preserve the integrity of the ICO regulatory action. As we have long advocated for, the UK could draw from the California Privacy Agency and introduce a stay-period during which senior ICO figures are prevented from accepting jobs from the organisations and sectors they regulated.

Finally, the ICO need an overhaul of its regulatory and enforcement posture. ORG and others have previously called on the SIT committee to open an inquiry to explore what these changes could be. In the meanwhile, there are some obvious, low-hanging fruits the new government can reach to. As we argue in our petition, the government needs to clarify that effective monitoring and enforcement of regulatory requirements are the main objective of the ICO, and should take precedence over other considerations. This should include a clear duty to investigate complaints, and to remedy non-compliant behaviour. Individuals should also be given a clear and functioning avenue to appeal against ICO decisions when they fall short of upholding their information rights.

The government have an opportunity ahead. By restoring effective oversight of data protection rule, they can set the stage for trustworthy public sector delivery, innovation that benefits workers, and a digital economy that works for the British public, not a bunch of US tech companies. It is now up to them to seize it.

Reset the ICO

Related Blogs

Digital Privacy

15 Jun 2026 By Jim Killock

The social media policy ratchet

For more than a decade, UK governments have introduced successive child safety measures, responding to public concern about the availability of content that is either unsuitable or harmful to children, or due to harmful interactions ranging from bullying.

Find Out More

Digital Privacy

11 Feb 2026 By Open Rights Group

To consent or pay?

If you live in the UK and have a Facebook or Instagram account, you have probably received a message when you’ve logged in asking you if you “Want to subscribe or continue to use our Products for free with ads?

Find Out More

Digital Privacy

14 Jan 2026 By Jim Killock

Techno-Permacrisis

Musk’s latest venture, image generation in Grok that until Wednesday lacked sufficient guardrails to prevent the easy production of non-consensual sexual images and even child abuse images, provoked an Ofcom investigation and further EU Commission action as well as the promise of UK emergency legislation against apps that provide such images in less than a week.

Find Out More

Digital Privacy

18 Sep 2024 By Jim Killock

e-Visas: The Next Digital Windrush Scandal

Our report, “Hostile and Broken” released today, explains why e-Visas risk creating tens or hundreds of thousands of errors, with people potentially turned down for jobs, or unable to enter the country, as the result of electronic failures of the new online, real time re-checking inherent in the UK e-Visa scheme.

Find Out More

Digital Privacy

16 Jul 2024 By Mariano delli Santi

Meta Wants to Make Us its AI Guinea Pigs

Meta, the company that runs Facebook and Instagram, has announced plans to repurpose most of the personal data that they ever collected about you, to train their “artificial intelligence (AI) technologies” — without, of course, asking your permission to do so.

Find Out More

Digital Privacy

20 Mar 2024 By Mariano delli Santi

The ICO Must Toughen Up

As the House of Lords finally begins scrutiny of the UK data protection reform, Open Rights Group urges peers to support amendments that would strengthen the independence and effectiveness of the UK data protection authority, and bolster the public’s right of seeking a remedy against an infringement of their rights.

Find Out More

Digital Privacy

01 Aug 2013 By Jim Killock

Diane Abbott responds on web forum blocking

On a cycling forum, members who are rightly worried that their forum may be blocked by default filters, Skydancer posted a response he was given by Diane Abbott: I do not believe that the arrangements to protect children from hard core porn online will affect a forum to discuss cycling!

Find Out More

Digital Privacy

13 Jun 2013 By Jim Killock

Website filtering problems are a ‘load of cock’

The motion laid down by Labour says: That this House deplores the growth in child abuse images online; deeply regrets that up to one and a half million people have seen such images; notes with alarm the lack of resources available to the police to tackle this problem; further notes the correlation between viewing such images and further child abuse; notes with concern the Government’s failure to implement the recommendations of the Bailey Review and the Independent Parliamentary Inquiry into Online Child Protection on ensuring children’s safe access to the internet; and calls on the Government to set a timetable for the introduction of safe search as a default, effective age verification and splash page warnings and to bring forward legislative proposals to ensure these changes are speedily implemented.

Find Out More

Digital Privacy

26 Apr 2013 By Claudia Mateus

Digital Surveillance video

The Digital Surveillance report – to be launched at a public event on Monday – gives a history of surveillance policy, looks at the current state of the law, examines why technology poses a problem and offers alternative, more targeted and more accountable approaches.

Find Out More

Digital Privacy

28 May 2012 By Peter Bradwell

Reporting ‘over-blocking’ to mobile operators

Since we published our report ‘Mobile Internet censorship: what’s happening and what to do about it‘, jointly with LSE Media Policy project, a number of people have been in touch with us asking what to do if they discover their site is blocked incorrectly by mobile networks’ child protection filters.

Find Out More

Digital Privacy

23 Jan 2012 By Peter Bradwell

UK Mobile operators censor privacy tool ‘Tor’

Open Rights Group and Tor have established that UK mobile networks such as Vodafone, O2 and 3 are filtering UK users’ access to Tor’s primary website (meaning the HTTP version of the Tor Project website, rather than connections to the Tor network) on pre-paid contractless accounts.

Find Out More

Digital Privacy

01 Nov 2011 By Peter Bradwell

Joint letter to the Foreign Secretary

To coincide with the start of the London Conference on Cyberspace, eleven organisations and experts on freedom of expression and privacy online have today written to the Foreign Secretary stating that Britain’s desire to promote these ideals internationally is being hampered by domestic policy.

Find Out More

Digital Privacy

20 May 2010 By Jason Kitcat

Changing the way we vote

In the sixth of our series on the challenges facing the new government, Jason Kitcat looks at proposals for changes to the way our elections are run, including dangerous calls for e-voting.

Find Out More

Digital Privacy

17 Apr 2009 By Jim Killock

Wikipedia blocks Phorm

Wikipedia have announced that they are blocking Phorm as they consider the scanning and profiling of our visitors’ behavior by a third party to be an infringement on their privacy.

Find Out More

Digital Privacy

17 Mar 2008 By Becky Hogge

Phorm update

It’s difficult to tell which of today’s developments the UK’s major ISPs should be more worried about – the fact that Sir Tim Berners-Lee has publicly stated that he would change his ISP if it started employing systems, like Phorm, which could track his activity on the internet, or the news that UK digital rights gurus the Foundation for Information Policy Research (FIPR) have today written an open letter to the Information Commissioner, urging him to look at the legality of Phorm.

Find Out More

Digital Privacy

24 Oct 2007 By Jason Kitcat

Gould Review on Scottish Elections Published

The Electoral Commission and the separate review by Ron Gould that the Commission instituted have published their reports on the Scottish elections of May 2007 The Gould Review in particular identifies a number of important issues, many of which ORG addressed in our own report on the elections published this June.

Find Out More

Digital Privacy

03 Sep 2007 By Becky Hogge

Gordon Brown at the NCVO: e-Voting off the agenda?

In a speech to the National Council of Voluntary Organisations this morning, Gordon Brown announced he would be convening a Speaker’s conference on voting reform: Today I am proposing to the Speaker that he calls a conference to consider, against the backdrop of a decline in turnout, a number of important issues, such as electoral registration, weekend voting, and the representation of women and ethnic minorities in the House of Commons.

Find Out More

Digital Privacy

16 Jan 2007 By Michael Holloway

Taking the lid off e-voting

While the Department for Constitutional Affairs have left us in the dark with no news at all about the e-voting pilots due for May 2007, The Open Rights Group and FIPR have been hard at work.

Find Out More