Almost 9,000 people contacted the Information Commissioner's Office in February last year to complain about the barrage of nuisance texts and phone calls they were receiving from rogues, spammers and dodgy salesmen.
There was nothing special about the month – and if anything complaints were slightly down as the pandemic began to get a grip – except that anybody trying to reach Elizabeth Denham, the Information Commissioner, might have struggled.
On Feb 4, 2020, she was on a publicly funded tour of Canada and the US, starting with a "fireside chat" on privacy in Vancouver. It is presumably only a coincidence that the 10-day trip, costing at least £35,000 and which included members of her senior leadership team and personal assistant, should have commenced in British Columbia, where Ms Denham's family happen to reside.
Critics of the Information Commissioner hold up her sojourn as a symbol of all that has gone wrong with her five-year stint as protector of the nation's privacy and personal data.
Ms Denham, they argue, has loved the grandstanding that bit too much, diverting resources to investigate Cambridge Analytica over allegations it somehow fixed the EU referendum result, and more recently authorising raids on the homes of security guards after a video tape of Matt Hancock kissing his aide was leaked to The Sun, forcing the Health Secretary to resign for breaching his own social distancing rules.
Ms Denham, given up to £50,000 to relocate to the UK when she took the £180,000-a-year job as head of the privacy and data watchdog, spent three months of last year's lockdown in Canada, running it from British Columbia, eight hours behind BST, and only returning in September. (Incidentally her pension makes her remuneration package worth a little over £240,000 a year.)
When she has been in the UK, she has preferred the ICO's satellite office in central London to its headquarters in the rather less fashionable Wilmslow in Cheshire, where most of her team work. Her predecessor, Christopher Graham, lived a 15-minute drive from the Wilmslow HQ, which has not gone unnoticed among staff.
An analysis of the ICO's official data shows that since Ms Denham took up the post, its staff size has almost doubled from 409 full-time staff equivalents in 2015/16 to 772 as of March 31. Its expenditure has risen from £23.2 million in 2015/16 to £56.4 million. The budget is funded through fees collected from charities and businesses and other "data controllers" that must register under the 2018 Data Protection Act, and from tax-payer-funded government grants. The ICO has said staff doubled because of its greater regulatory obligations.
In 2015/16, the ICO issued civil monetary penalties – or fines – totalling £1.985 million to 18 organisations for bombarding the public with nuisance calls. A year later, the figure had risen to 24 with fines totalling £1.923 million. From April 1 2020 to March 31 this year, the number of firms fined for nuisance calls and texts totalled 21. The previous year only eight firms were pursued and fined for nuisance calls and texts.
In other words, the ICO's budget has doubled in five years but the number of firms fined for badgering, bullying and pestering the public has been static. Complaints about nuisance callers continue to flood into the ICO, with 83,558 reported in the first six months of the year, so that despite the pandemic, 2021 may well become the worst year on record. The highest total was 167,018 complaints in 2016/17.
The pursuit of companies for misusing data also appears to have hit the buffers. One of the ICO's functions is to enforce data laws but since the introduction of general data protection regulation (GDPR) , a big piece of legislation incorporated into UK law in the Data Protection Act 2018, the ICO has fined only five companies for GDPR breaches.
They include British Airways , fined £20 million for failing to protect the data of 400,000 customers from a cyber attack in 2018, and Marriott International , fined £18.4 million after the details of 339 million guest records were hacked in 2014 in an attack that went undetected until 2018.
Once again, the ICO has gone for big-ticket items, threatening to fine BA £183 million and Marriott £99 million for infringements of GDPR before settling on the much lower sums that will be paid back over time. Travel companies incidentally are well known to executives at the ICO. The travel and subsistence bill for staff rose from £456,000 in 2015/16 to more than £1 million within two years.
The investigation into Cambridge Analytica and its parent company SCL Group that prompted raids of offices, and led to fines for Facebook (£500,000), Vote Leave (£40,000) and Leave.EU (£15,000), was possibly the largest by a data protection authority anywhere in the world. Ms Denham has admitted delays in another case had arisen because "her resources were diverted elsewhere (on the Cambridge Analytica matter, in particular)".
The ICO investigation into Cambridge Analytica fuelled conspiracy theories that the UK had voted Brexit due to Russian interference and a campaign of lies channelled by Vote Leave through Facebook. But after more than three years, Ms Denham closed her inquiry finding Facebook had wrongly shared data but no evidence of the wider conspiracy that its misuse influenced the EU referendum result.
In fact, in a letter to Julian Knight, the chairman of the Digital, Culture and Media and Sport Select Committee, sent in October 2020 and headed "ICO investigation into use of personal information and political influence," Ms Denham concluded: "From my review of the materials recovered by the investigation, I have found no further evidence to change my earlier view that SCL/CA were not involved in the EU referendum campaign in the UK – beyond some initial enquiries made by SCL/CA in relation to Ukip data in the early stages of the referendum process. This strand of work does not appear to have then been taken forward by SCL/CA."
Mr Knight, a Conservative MP, said: "I was always fairly sceptical about the Cambridge Analytica investigation. I felt it was a means to fight the referendum by proxy all over again. I felt it was to give the unlikely grist to the mill to get a second referendum. I always thought Cambridge Analytica was just a collection of clowns. The whole thing [ICO investigation] was very, very over the top.
"There were some very serious issues about Facebook and the sharing of data and its lack of command of its data. But at the same time I don't think it [the investigation] reflected that well on those who were involved in it."
Ms Denham's replacement, due to be announced imminently, needed "to turn things around", suggested Mr Knight. He said: "It does seem wrong that they have doubled staff but we still don't see an awful lot of prosecutions. I wonder that the ICO should concentrate on the day job rather than chase the headlines."
The frontrunner for the next Information Commissioner, incidentally, is John Edwards, New Zealand's privacy commissioner, who once said of Facebook: "They are morally bankrupt, pathological liars."
James Tumbridge, a leading data protection lawyer who has advised the Government, is critical of the ICO under Ms Denham's tenure, concerned she has chased high-profile political stories like Cambridge Analytica mainly for publicity, and also gone after others based on media reports, not complaints.
"The ICO is supposed to be the sword and shield to protect the British public from spammers, boiler room salesmen and nuisance callers. There should be more focus on protecting the public and on what is achieved." said Mr Tumbridge.
"I think Elizabeth Denham seems much more interested in big stories than the day-to-day problems the public experience. It's a bit whack-a-mole going after nuisance callers and they are never going to be stopped, but there is a lot more she could be doing to make it harder for them to operate."
Tim Turner, a consultant on data protection and a former ICO employee, who has blogged about the watchdog, believes Ms Denham has created a "super-structure of management" – he points to the creation of such posts as a data ethics adviser – and reiterates fears that the Information Commissioner is seemingly more "interested in big international news".
Mr Turner adds: "The ICO has become remarkably tame. There is very little action to show for what they do. On GDPR, you are looking at just five fines in more than three years."
There are seemingly other examples of the ICO chasing headlines. An independent television production company, which has won a series of Baftas for sensitive documentaries, was threatened by the ICO with a £380,000 fine that would have destroyed the business over its attempts to make a programme for Channel 4 about the tragedy of stillbirth.
Consultants at Addenbrooke's Hospital in Cambridge had invited True Vision Productions to make the documentary because they wanted to highlight the issue and encourage mothers to come to their clinic as soon as they noticed their babies moving less.
"The doctors were very supportive," said Brian Woods, founder of True Vision. Working with lawyers, they set up remote cameras in the clinic, which would automatically delete anything filmed after 72 hours. Notices were placed in the hospital warning mothers-to-be they were being filmed.
Footage would only have been shown on TV if mothers had consented. But the project was derailed after six months when the local BBC radio station and then national newspapers ran stories along the lines of pregnant mothers being secretly filmed. The ICO began an investigation, found True Vision guilty of breaching data protection laws and fined it £120,000. A tribunal cut the fine to £18,000.
Mr Woods said: "There was no evidence anybody had been caused distress because none of the mothers-to-be had ever complained.
"The ICO never received a complaint but just read about it in the newspapers in the most torrid terms. I can understand them taking an interest but once they looked at the facts, in my opinion, they should never have pursued it."
An ICO spokesperson said: "The commissioner travels internationally when required, as the ICO's work is both domestic and global.
"Our approach of working with organisations and taking proportionate action is making a real impact in protecting people's rights, from how charities use donors' information, to changing how police use data from victims' mobile phones, to supporting innovation through the Covid-19 pandemic.
"This approach helps to build the public trust in data-driven innovation that benefits people, businesses and economic growth."
- China lashes out at G7 after Beijing’s actions shamed - UK accused of gross interference
- The Chase's Mark Labbett takes aim at ITV over Euro coverage as he fears England ‘curse’
- Merkel and Dutch PM accused of secret plot to offer Turkey more cash behind EU's back
- Calls for Brits to ditch fast fashion to protect the environment
- Scrap VAT for electric cars to boost sales, call car chiefs
- Fresh calls to investigate Matt Hancock for using private e-mail account
- 'Rude' Barnier accused of 'digging up old wounds' as furious EU chief attacks UK on Brexit
- Meghan Markle & Prince Harry accused of royal protocol baby blunder - brutal backlash
- Charles future as king called into question after Queen feared he would 'tarnish monarchy'
- New Jersey waitress abducted, assaulted after chasing 5 people who ran out on $70 bill
- Travelers Companies Inc (TRV) Q1 2021 Earnings Call Transcript
- French police accused of hushing up key witness from night of Princess Diana’s death by top investigative reporter
- VIETNAM NEWS HEADLINES JUNE 20
- LSU claims ag department's accusations over marijuana law-breaking are 'reckless,' 'untrue'
- Cosby Accusers Find Their Voice in New Podcast that Follows Path to His Conviction for Sex Assault
- Baby loss: Mothers call to be heard to avoid more preventable deaths
- VIETNAM NEWS HEADLINES JUNE 23
- Italian police accused of racism over viral video of arrests in Milan
- The schools that had cemeteries instead of playgrounds
- VIETNAM NEWS HEADLINES JUNE 28
Information Commissioner accused of chasing headlines instead of tackling nuisance calls have 1997 words, post on www.telegraph.co.uk at July 30, 2021. This is cached page on Europe Breaking News. If you want remove this page, please contact us.