Duff info
Duff info in the article - the FTT is nothing to do with the ICO, it is part of HMCTS as it is a first tier court
Posts by Cynical Pie
268 publicly visible posts • joined 25 Jan 2018
UK mobilizes lawyers to keep report on Gatwick 'drone' chaos under wraps
Attackers have 16-digit card numbers, expiry dates, but not names. Now org gets £500k fine
Supermarket sorry after facial recognition alert flags right criminal, wrong customer
England keeping pen and paper exams despite limited digital expansion
UK watchdog urged to probe GDPR failures in Home Office eVisa rollout
EU's reforms of GDPR, AI slated by privacy activists for 'playing into Big Tech’s hands'
Wednesday 12th November 2025 08:07 GMT
Re: Wrong priorities of GDPR
Yes the ICO isn't fit for purpose (or at least the current Commissioner isn't) but they fined BA the maximum they could under the law so I am not sure what else they could have done.
Last time I checked the ICO wasn't responsible for the pandemic and the financial crash of the aviation industry. Had there been no pandemic then the penalty would have been higher as it is based on the company profits st the time the MPN is issued
UK data regulator defends decision not to investigate MoD Afghan data breach
Capita fined £14M after 58-hour delay exposed 6.6M records
Sacramento cops scoured energy records to target suspected weed growers, and the EFF has sued
Wednesday 23rd July 2025 06:55 GMT
Re: Thermometer
Actually it wouldn't require a warrant, it would however require a RIPA Authorisation to conduct covert surveillance.
Walking down the street and observing something in plain sight, like one roof free of snow in a whole street would require neither. You would however need a warrant to enter the premises.
23andMe hit with £2.3M fine after exposing genetic data of millions
Wednesday 18th June 2025 07:57 GMT
Re: Cost of doing business
Tell me you don't understand how ICO calculates fines without telling me...
The maximum MPN that can be imposed is based on company turnover and given the company was filing for bankruptcy by definition their turnover was low therefore the fine legally could not be high.
See also BA where a notice of intent for around £180m was issued but the MPN was actually far lower as due to the pandemic their profits cratered and so did the max MPN that could be imposed.
I am all for attacking the Chocolate Teapot that is John Edwards and his tendency towards inactivity, but you can't really criticise when he is constrained in what he can do by the law.
Florida man expands crypto empire with new wireless service and phone
Trump can bluster and bluff all he wants, but iPhone manufacturing isn't coming to the US
Scottish council admits ransomware crooks stole school data
Friday 23rd May 2025 07:35 GMT
Re: Get personal data off the internet!
Newsflash...no schools or hospitals have been fined under GDPR in the UK and the only public sector bodies fined were the MoD and the Cabinet office for a combined total of about £1m.
Given the max fine for the public sector is £17m ish I would say neither fine is 'enormous', particularly when you look at the budgets of these departments
Millions at risk after attackers steal UK legal aid data dating back 15 years
Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a £60K fine
UK data watchdog seeks fresh blood as more complaints lie unanswered for up to a year
Wednesday 9th April 2025 07:08 GMT
Re: Response, or meaningful response?
Perhaps if you knew the law you would realise they couldn't fine BA £190m in the end.
MPNs (they aren't fines and this is an important distinction to make) are based on turnover at the point the MPN is issued.
As the arse had fallen out of the Aviation industry due to the pandemic by the time the MPN was issued the fine was reduced as BA's turnover was significantly reduced.
By all means criticise the ICO as the current incumbent is a charlatan who is more interested in soundbites than actual meaningful action, but at least criticise them for something they have done wrong rather than doing what the law allows them to do.
Trump fires NSA boss, deputy
Privacy warriors whip out GDPR after ChatGPT wrongly accuses dad of child murder
UK watchdog investigates TikTok and Reddit over child data privacy concerns
Google Maps to roll out Trump-approved Denali and Gulf of Mexico rebrands
Tired techie botched preventative maintenance he soon learned wasn't needed
Brits must prove their age on adult sites by July, says watchdog
Employee sues Apple over 'spying' claims tied to mandatory devices
Tuesday 3rd December 2024 08:26 GMT
I am struggling to see what the issue is in relation to Apple requiring employees use their tech when working... I would assume Dell Staff use Dell PCs/Laptops and HP Staff would use HP devices and it seems a fairly obvious thing to do/expect (with certain caveats i.e. iDevice cannot do a certain thing so another device is required to fulfil that task)
The access to personal devices is an overstretch mind unless they suspect said employee is doing something shonky using their own device
Hardware barn denies that .004 seconds of facial recognition violated privacy
Wednesday 20th November 2024 08:19 GMT
Re: Alexa, please explain...
Au contraire. In the UK there may be the expectation that you will be caught on CCTV but the use of FRT without notification is a clear case of unauthorised processing, particularly by a private entity, and so whether it takes 0.004 of a second or 4000 seconds to process the image its still unlawful.
Also for the purposes of DP law the data is still 'collected' even if the whole lifecycle of the process from collection to disposal is a fraction of a second.
Of course the easiest solution is proper signage but why would a multi million/billion AUS$ business bother with that as it will cost them to put the signs up and eat into their profit.
Watchdog finds AI tools can be used unlawfully to filter candidates by race, gender
Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info
Floppy discs still run a U.S. metro? Japan steps in with 'project kill floppy'
Ryanair faces GDPR turbulence over customer ID checks
Wednesday 9th October 2024 07:47 GMT
Re: "losing entire holidays"
Actually under GDPR as the 'home' authority for Ryanair the Irish DPA is the one responsible for all regulatory issues across the EU so the other national authorities will defer to them.
It would operate the same with an Irish customer of Air France making a DP complaint - any regulatory action would be dealt with by the CNIL, the French DPA.
The Great Pacific Garbage Patch could be gone in ten years – for chump change
The fingerpointing starts as cyber incident at London transport body continues
Tuesday 10th September 2024 07:12 GMT
Re: Questionable position
I call bull poo on this if it is UK based as any FOI officer worth their salt knows that's likely to be a breach of s46 of FOI and the Records Management expectations. The ICO has issued penalties for poor records management.
IF this is true then its obvious why they are an ex-FOI Officer
Friday 6th September 2024 07:20 GMT
Re: Pick one
Or as someone who has made breach notifications to the ICO more likely they have a suspicion personal data has been compromised but there is nothing to confirm one way or the other and so they are erring on the side of caution and made their notification to the ICO on the basis it was with further details to follow in order to ensure they met the statutory 72 hr reporting requirement.
I have done that but then we have subsequently been able to go back to the ICO with further information etc demonstrating that personal data wasn't compromised and so that was the end of it.
Biting the hand that feeds IT
