ICO Fines Businesses Over Failure To Pay New Data Protection Fees

The Information Commissioner’s Office (ICO) has issued fines against organisations in the business services, construction and finance sectors for not paying a new data protection fee that came into force alongside new data protection laws in May.

The annual fee is, in the case of the smallest organisations, comparable to the £35 per year paid before the new regulations, but is up to £2,900 for those who employ more staff or have a larger turnover.

Organisations who process individuals’ data are required to pay the fee, which funds the ICO’s activities.  Large organisations are charged more because they are likely to process more data.


More fines on the way

The ICO didn’t name any of the organisations fined so far, but said it has issued a first tranche of 100 fine notices.

“More fines are set to follow,” the ICO said, adding that it has issued more than 900 notices of intent to fine since September.

Fines range from £400 to £4,000, or £4,350 if “aggravating factors” are present, and the funds thus recovered go not to the ICO, but to the Treasury.

“Following numerous attempts to collect the fees via our robust collection process, we are now left with no option but to issue fines to these organisations,” said ICO deputy chief executive Paul Arnold. “They must now pay these fines within 28 days or risk further legal action.”

With much broader data protection laws in place since May, the ICO now employs 670 staff.

Companies that process or hold individuals’ personal data have until now been largely self-regulating, with governments unwilling to pass oversight laws that might stall the growth of, for instance, high-tech or social media firms.

Data scandals

Facebook, for example, has since launch been notorious for its aggressive approach to collecting and making use of data on its billions of users.

But data protection issues have come to a head over the past year over Facebook’s Cambridge Analytica scandal and others exposed the use of online data in political campaigns, including, in the UK, the most recent General Election and the campaign to leave the EU.

At the same time, the EU’s General Data Protection Regulation (GDPR), which was proposed back in 2012, finally came into force in May.

The ICO issued the UK’s first GDPR notice in September.

The agency’s other recent actions include a £385,000 fine against ride-hailing app firm Uber for a data breach in which the ICO said the US company had displayed a “complete disregard” for those whose data had been stolen by hackers.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

AT&T Admits Data Breach Impacted “Nearly All” Customers

American telecommunications giant AT&T admits that “nearly all” customer accounts were compromised in 2022 breach

9 hours ago

Elon Musk’s X Breached DSA Rules, EU Finds

X's Blue checks 'used to mean trustworthy sources of information. Now our preliminary view is…

13 hours ago

Japan’s SoftBank Acquires AI Chip Start-up Graphcore

SoftBank Group has purchased another British chip firm, with the acquisition of Bristol-based Graphcore Ltd…

14 hours ago

Samsung AI-Upgraded Bixby Voice Assistant Coming This Year

Samsung reportedly confirms it will launch the upgraded voice assistant Bixby this year, that will…

1 day ago

Next Neuralink Brain Implant Coming Soon, Says Musk

Despite an issue with first Neuralink implant in a patient, Elon Musk says second brain…

1 day ago

EU Accepts Apple’s Legal Commitments To Open NFC Access

Legal commitment over Apple's NFC-based mobile payments system, which is to be opened to rival…

1 day ago