The Information Commissioner

The European Directive (95/46/EC dated 24 October 1995) is the primary legislation. The UK Parliament is obliged to implement the Directive completely though it can implement it in its own way. The Directive required an independent body to be created to ‘police’ and promote The Data Protection Act. In the UK, we have the Information Commissioner (ICO) who is responsible for:

  • The Data Protection Act 1998 and 2018
  • The Freedom of Information Act 2000
  • The Environmental Information Regulations 2004 in England, Wales and Northern Ireland (note, not in Scotland)
  • Privacy and Electronic Communications Regulations 2003

The ICO says that it is set up “to promote public access to official information and protect personal information”. It claims to do this by promoting good practice, ruling on eligible complaints, giving information to individuals and organisations and taking action when the law is broken.

This is not completely the same purpose as required by the Data Protection Directive.

To contact the Information Commissioner:

Telephone: 01625 545 700
Telephone (enquiries): 01625 545 745
Fax: 01625 524 510

Information Commissioner’s Office
Wycliffe House
Water Lane


Elizabeth Denham has been confirmed as the Government's preferred candidate to be the UK’s next Information Commissioner.

Elizabeth Denham

Culture Secretary John Whittingdale has confirmed Elizabeth Denham as the Government’s preferred candidate to become the UK’s next Information Commissioner.

Subject to a pre-scrutiny hearing by the Culture, Media and Sports Select Committee and final approval from Her Majesty The Queen, Ms Denham will take over from current incumbent Christopher Graham in summer 2016.

Ms Denham is currently the Information and Privacy Commissioner in British Columbia, Canada, and was selected for the role following an open and transparent recruitment process, overseen by the Office of the Commissioner for Public Appointments. She will serve a term of five years.

The Information Commissioner’s Office (ICO) is the UK’s independent body set up to uphold information rights. The Department for Media, Culture and Sport is the ICO’s sponsoring department within Government. Further information about the ICO and its work can be found online at

Information Commissioner and Enforcement Notice

We have just received this e-mail from a Member who received it from the Information Commissioner:

Further to your request that you have sent us on 22 April 2014 regarding the number of enforcement notices that the ICO has issued on data controllers on behalf of individual data subjects for each of the past three years, we wish to advise that the ICO does not hold this type of information. This is because the ICO does not issue Enforcement Notices on behalf of data subjects.
Yours sincerely
Zoheb Anarwala

Case Officer”

Finally, the Information Commissioner has admitted that he does not offer any practical help to individual data subjects. He has the power but chooses not to use it.

If a data subject has an issue with a data controller about his personal data – either refusing to disclose them or refusing to correct them, all the Information Commissioner will do is issue an ‘assessment’ which will simply say that the data controller is likely or unlikely to be in breach of the Data Protection Act. The assessment will be based on what the data controller has told the Information Commissioner and so is very likely to result in an assessment saying that the data controller is unlikely to be in breach of the Act. Sometimes the evidence provided by the data subject is so overwhelming that the Information Commissioner may actually favour the data subject. However, this really makes no difference.

The data subject can send this assessment to the data controller who can ignore it. The data subject may then seek further assistance from the Information Commissioner who will merely suggest seeking legal advice – more money for his chums. Taking a case to court as a litigant-in-person can be very daunting and there is always the risk of losing (maybe on a technicality) and having to pay the costs of the other side which doubtless will be substantial to deter anyone else from following the same path. The data subject can employ a lawyer if he can find one who knows anything about data protection but unless the breach is serious, very few will take this path.

So, the net result is that a data controller can breach the law with impunity. The Information Commissioner will do nothing and the possibility of being saddled with many thousands of pounds in costs, the data subject won’t take action which means that the Law and Information Commissioner are useless in protecting the individual data subject.

Information Commissioner’s Systemic Failure

The Information Commissioner has confirmed that they routinely accept the view of the data controller where there is a dispute between a data subject and a data controller, as exposed by the BBC.  It works like this:

1. The data subject contacts the data controller and asks for something.

2. The data controller refuses to provide it.

3. The data subject contacts the Information Commissioner and places a complaint.

4. The Information Commissioner contacts the data controller and asks for their view.

5. Not surprisingly, the data controller repeats what he has already told the data subject.

6. The Information Commissioner passes on this view to the data subject as also being the view of the Information Commissioner.

7. This keeps the workload of the Information Commissioner to a minimum and lets them spend more time drinking tea and eating biscuits.

In other words, the Information Commissioner acts purely as a post box and doesn’t consider the matter at all. They simply accept whatever the data controller tells them. Perhaps we should implement this process in our criminal justice system. The judge could ask the accused if they had robbed a bank. If the accused said that they hadn’t, then the judge could find them not guilty and move on to the next case. Think of the money it would save!