ICO Fines Businesses Over Failure To Pay New Data Protection Fees

The Information Commissioner’s Office (ICO) has issued fines against organisations in the business services, construction and finance sectors for not paying a new data protection fee that came into force alongside new data protection laws in May.

The annual fee is, in the case of the smallest organisations, comparable to the £35 per year paid before the new regulations, but is up to £2,900 for those who employ more staff or have a larger turnover.

Organisations who process individuals’ data are required to pay the fee, which funds the ICO’s activities.  Large organisations are charged more because they are likely to process more data.


More fines on the way

The ICO didn’t name any of the organisations fined so far, but said it has issued a first tranche of 100 fine notices.

“More fines are set to follow,” the ICO said, adding that it has issued more than 900 notices of intent to fine since September.

Fines range from £400 to £4,000, or £4,350 if “aggravating factors” are present, and the funds thus recovered go not to the ICO, but to the Treasury.

“Following numerous attempts to collect the fees via our robust collection process, we are now left with no option but to issue fines to these organisations,” said ICO deputy chief executive Paul Arnold. “They must now pay these fines within 28 days or risk further legal action.”

With much broader data protection laws in place since May, the ICO now employs 670 staff.

Companies that process or hold individuals’ personal data have until now been largely self-regulating, with governments unwilling to pass oversight laws that might stall the growth of, for instance, high-tech or social media firms.

Data scandals

Facebook, for example, has since launch been notorious for its aggressive approach to collecting and making use of data on its billions of users.

But data protection issues have come to a head over the past year over Facebook’s Cambridge Analytica scandal and others exposed the use of online data in political campaigns, including, in the UK, the most recent General Election and the campaign to leave the EU.

At the same time, the EU’s General Data Protection Regulation (GDPR), which was proposed back in 2012, finally came into force in May.

The ICO issued the UK’s first GDPR notice in September.

The agency’s other recent actions include a £385,000 fine against ride-hailing app firm Uber for a data breach in which the ICO said the US company had displayed a “complete disregard” for those whose data had been stolen by hackers.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago