UK ICO

On 6 March 2024, the ICO issued a call for views on so-called “Consent or pay” models, where a user of a service has the option to consent to processing of their data for one or more purposes (typically targeted advertising), or pay a (higher) fee to access the service without their data being processed for those purposes. This is sometimes referred to as “pay or okay”.

The ICO has provided an “initial view” of these models, stating that UK data protection law does not outright prohibit them. It also sets out factors to consider when implementing these models and welcomes the views of publishers, advertisers, intermediaries, civil society, academia and other interested stakeholders. The consultation is open until 17 April 2024.Continue Reading UK ICO Launches a Consultation on “Consent or Pay” Business Models

On 3 October 2023, the UK Information Commissioner’s Office (“ICO”) finalized its Employment practices and data protection − Monitoring workers guidance (“Guidance”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring. In November 2022, we published a detailed blog post on the ICO’s public consultation.

The finalized Guidance is aimed at employers. It does not prevent employers from engaging in monitoring; rather, it sets out how they can do so in compliance with data protection law.  The Guidance defines “monitoring workers” as “any form of monitoring of people who carry out work on [an employer’s] behalf” and can include “monitoring workers on particular work premises or elsewhere” both during and outside working hours. The Guidance is clear that it applies to homeworking.  It also applies to a range of monitoring technologies and purposes, including (but not limited to) technologies for monitoring timekeeping or access control; keystroke monitoring to track, capture and log keyboard activity; and productivity tools which log how workers spend their time.Continue Reading UK Information Commissioner’s Office Releases New Guidance for Monitoring at Work

On October 12, 2022, the UK Information Commissioner’s Office (“ICO”) opened a public consultation seeking feedback on the draft guidance document on employment practices, specifically relating to monitoring at work (the “Monitoring at Work Guidance”). The guidance aims to provide practical guidance and good practices relating to monitoring workers in accordance with data protection legislation.Continue Reading UK Information Commissioner’s Office released a New Draft Employment Guidance for Monitoring at Work

The UK Government recently published its AI Governance and Regulation: Policy Statement (the “AI Statement”) setting out its proposed approach to regulating Artificial Intelligence (“AI”) in the UK. The AI Statement was published alongside the draft Data Protection and Digital Information Bill (see our blog post here for further details on the Bill) and is

On August 11, 2021, the UK Information Commissioner’s Office (“ICO”) opened a public consultation to solicit stakeholder input regarding the UK’s approach to regulating international transfers of personal data under the UK General Data Protection Regulation (“UK GDPR”) (see here).  To kick off this initiative, the ICO published a consultation paper setting out various policy options that the UK is considering, as well as:

  • a draft set of contractual templates to facilitate transfers of personal data outside the UK, including: (1) a draft international data transfer agreement (“IDTA”); and (2) a draft international transfer addendum to be appended to the recently approved EU standard contractual clauses (“EU Addendum”); and
  • a draft transfer impact assessment tool designed to help controllers and processors transferring personal data under the UK GDPR satisfy the requirements articulated by the Court of Justice of the European Union (“CJEU”) in the Schrems II decision (see here).

The ICO has requested that interested stakeholders submit their feedback by no later than October 7, 2021.  In this blog post, we summarize these documents and tools, and identify topics that interested stakeholders may want to address when preparing their submission to the public consultation.Continue Reading UK Information Commissioner’s Office Opens Public Consultation on Policy Proposals and Documentation for International Transfers

On July 30, 2020, the UK Information Commissioner’s Office (“ICO”) published its final guidance on Artificial Intelligence (the “Guidance”).  The Guidance sets out a framework for auditing AI systems for compliance with data protection obligations under the GDPR and the UK Data Protection Act 2018.  The Guidance builds on the ICO’s earlier commitment to enable good data protection practice in AI, and on previous guidance and blogs issued on specific issues relating to AI (for example, on explaining decisions on AI, trade-offs, and bias and discrimination, all covered in Covington blogs).
Continue Reading UK ICO publishes guidance on Artificial Intelligence

On May 11, 2020, the UK Information Commissioner’s Office (“ICO”) published guidance on how employers should handle data in the event they choose to test their employees for COVID-19.

The guidance provides a clear reminder that employers must comply with both the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”), and that health data, in particular, attracts additional protections.
Continue Reading ICO Issues COVID-19 Guidance for Employers

 On March 12, 2020, the UK Supervisory Authority (“ICO”) issued a statement on data protection and coronavirus (“COVID-19”).  The statement makes clear that the ICO will take a “reasonable and pragmatic” approach regarding compliance with the GDPR in light of the current health emergency.

Similar to the Irish Supervisory Authority (see our previous blog here