Does the ICO have the powers to push 'deleting evidence' towards plod for a criminal investigation?
Yes, I have a less than sympathetic view towards spammers. (& profiteers)
A company that fired out more than 9,000 spam emails promoting face masks has been fined £40,000 by the UK Information Commissioner's Office and ordered to stop doing it. "The ICO investigation found that the company was not involved in the business of supplying PPE, but that the director had decided to buy face masks to sell …
Similarly, the ICO seached Cambridge Analytica in March 2018 within an hour of getting a warrant. But that was on a Friday evening, after ICO had announced on the Monday that they'd seek a warrant and after the case had been adjourned on the Thursday.
https://www.independent.co.uk/news/uk/home-news/cambridge-analytica-facebook-high-court-grants-search-warrant-london-offices-data-a8271236.html
On the other hand, do we want the ICO to have the power to kick the doors down and seize everything whenever it wants?
"On the other hand, do we want the ICO to have the power to kick the doors down and seize everything whenever it wants?"
No, we don't. How about we give them the power to kick the doors down and seize everything whenever they've identified a likely criminal and obtained a warrant from a judge. Since they're an organization empowered to investigate crimes, maybe they should have similar powers to other law enforcement, including the power to keep a warrant application quiet so they can get evidence before someone destroys it.
Long may this continue.
I don't know if it will start to deal with some of the evil ones who track us from web site to web site when we have explicitly set Do Not Track in our web browser. It would be nice, but I don't know what legal basis it could use.
Unfortunately this action is primarily under PECR that the ICO does very well (probably because it's pretty simple). The DPA component of the action appears to be solely supportive and explanatory.
The ICO still seems not to be so hot on pure DPA 2018 cases, which are much more complicated but that would be the applicable legislation to "do not track". However you'd be unlikely to get a hearing as a single complainant on that count (I've tried).
Fining companies is a weak weapon as they seldom have any assets that can be accessed. Phoenix operations should have been prevented by banning directors but they just rotate the directors at each "rising". The only penalty that will work is prison sentences for these nuisances. Until then expect to see the same players taking the pi$$ out of us and the ICO.
"Fining companies is a weak weapon as they seldom have any assets that can be accessed."
'Limited liability' only shields SHAREHOLDER financial exposure
Directors can be (and sometimes ARE) held personally responsible for unlawful decisions - but not frequently enough. Other countries routinely nail directors to the wall for this kind of activity
The ICO and others need to use those teeth
As for rotating directors: If you suspect that's happening or other fronting is going on, then notify companies house. It's an ever more serious crime than simply directing whilst disqualified
... fined £40,000 by the UK Information Commissioner's Office and ordered to stop doing it.
Only £40,000?
If a database was deleted but they found evidence of 9,000 spam emails, be sure that the amount actually sent was at least 10x that.
A £40,000 fine is a joke, a bad one.
And what about the scumbag that set up the scheme?
No prosecution?
O.
It does work!
I read the law that said to stop copying bought CD's onto my computer, because at that time it was illegal, so I stopped doing that!
So I moved to torrent websites for my music/tv/movies. I read that was illegal, so I stopped using and contributing to a prolific public tracker many many years ago.
Now I am totally legal and use "private" trackers and a VPN for that content!
/Anon because.. well...