Still not clear
As a data protection consultant, it's still not clear to me what basis the ICO uses to select the cases they pursue. My general impression is that it may largely be driven by narrow interpretation of specific clauses in the legislation, rather than on the wider implications to complainants. This case is based on PECR, for which that approach may work adequately, but in the context of the GDPR and its UK replica (which are human rights law, not data law) only the GDPR data-specific rights seem to be considered, which leaves a huge range of common personal data abuses untouched.