EDPB Conference on GDPR, DMA, DSA Cooperation
The European Data Protection Board (EDPB) held a conference on March 17, 2026, discussing cross-regulatory cooperation between data protection authorities and those overseeing competition, the Digital Markets Act (DMA), and the Digital Services Act (DSA). Key takeaways included the need for aligned approaches between data protection and competition regulators, and the importance of coherent interpretation of the DMA and GDPR, as well as the DSA and GDPR.
UCA FOI Request Decision Notice
The Information Commissioner's Office (ICO) issued a decision notice regarding a Freedom of Information (FOI) request made to the University for the Creative Arts (UCA). The ICO found that UCA breached FOI laws by failing to respond within the statutory timeframe and by not issuing a proper refusal notice. No further steps were required by the ICO.
Bridgend Council FOI Complaint Upheld by ICO
The UK's Information Commissioner's Office (ICO) has upheld a complaint against Bridgend County Borough Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20 working days. The council has been directed to provide a substantive response to the request.
ICO Upholds FOI Complaint Against London Borough of Enfield for Delayed Response
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against the London Borough of Enfield. The ICO found that the council failed to respond to a complainant's information request within the statutory 20-working-day limit, breaching Section 10 of the Freedom of Information Act.
ICO Decision Notice: Home Office FOI migrant stats upheld
The UK's Information Commissioner's Office (ICO) has upheld a complainant's appeal against the Home Office regarding a Freedom of Information (FOI) request for migrant arrival statistics. The ICO ruled that the Home Office improperly withheld information under the personal data exemption.
DAERA Decision on Freedom of Information and Data Protection Complaints
The ICO has issued a decision regarding complaints against the Department of Agriculture, Environment and Rural Affairs (DAERA) concerning freedom of information and data protection. DAERA was found to have breached EIR regulation 11(4) by failing to provide an internal review outcome within 40 working days, but was entitled to withhold certain commercial information.
ICO Decision Notice: DHSC FOI request on NHS data platform exempt
The UK's Information Commissioner's Office (ICO) issued a decision notice regarding a Freedom of Information (FOI) request concerning the NHS Federated Data Platform contract with Palantir Technologies Ltd. The ICO determined that information related to the formulation or development of government policy is exempt from disclosure under FOIA.
MoJ FOI Decision Notice - Information Not Held
The UK Information Commissioner's Office (ICO) issued a decision notice regarding a Freedom of Information (FOI) request made to the Ministry of Justice (MoJ). The ICO determined that the MoJ was entitled to refuse the request on the grounds that the information was not held in recorded form and would require the creation of new information.
ICO Decision on Islington FOI and Data Protection Complaint
The UK Information Commissioner's Office (ICO) issued a decision regarding a complaint against the London Borough of Islington concerning FOI and EIR requests. While the council was found to have committed a procedural breach of EIR regulation 14, no further action is required.
ICO Upholds FOI Complaint Against NHS Trust
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against Guy's and St Thomas' NHS Foundation Trust. The Trust failed to respond to a request within the statutory 20 working days. The ICO has ordered the Trust to respond within 30 calendar days.
ICO Overturns Bristol Council's Freedom of Information Refusal
The UK's Information Commissioner's Office (ICO) has overturned Bristol City Council's refusal to provide information regarding road blocks for the East Bristol Liveable Neighbourhood project. The ICO found the council incorrectly categorised the request as manifestly unreasonable.
ICO Upholds FOI Complaint Against DHSC
The UK Information Commissioner's Office (ICO) has upheld a complaint against the Department of Health & Social Care (DHSC) for failing to complete public interest test considerations within a reasonable time. The DHSC is now required to provide a substantive response to the FOI request within 30 calendar days.
ICO Decision: Lewisham Council FOI 17 Upheld, 40(2) Not Upheld
The UK's Information Commissioner's Office (ICO) issued a decision regarding a Freedom of Information (FOI) request made to Lewisham Council. The ICO upheld the council's decision to withhold information under FOI section 40(2) but found the council breached section 17 by failing to issue a timely refusal notice.
ICO Decision Notice: NHS Trust Failed to Respond to FOI Request
The Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) request against North East London NHS Foundation Trust. The Trust failed to respond to the request within the statutory 20 working days. The ICO has ordered the Trust to provide a response within 30 calendar days.
ICO Upholds HM Treasury FOI Refusal on Policy Grounds
The UK's Information Commissioner's Office (ICO) has upheld HM Treasury's refusal to disclose meeting notes and minutes to the Finance and Leasing Association, citing Section 35 of the Freedom of Information Act concerning government policy formulation. The ICO found that HM Treasury was entitled to withhold the information on these grounds.
DfE FOIA Breach Decision
The UK's Information Commissioner's Office (ICO) has upheld a complaint against the Department for Education (DfE) for breaching the Freedom of Information Act (FOIA). The DfE failed to provide a substantive response to a request made on 29 January 2026 within the statutory 20 working days.
Cleveland Police FOI Data Protection Complaints Decision
The ICO has issued a decision notice regarding Cleveland Police's handling of Freedom of Information (FOI) requests related to historic child sexual abuse investigations. The ICO found that while the police were correct to withhold some information under FOIA exemptions, they must now disclose the parts of the report that are not exempt.
ICO Decision on Kingston Upon Thames FOI Data Protection Complaints
The ICO issued a decision regarding data protection complaints against the Royal Borough of Kingston Upon Thames. While the council was found not to hold the requested information under EIR regulation 12(4)(a), its internal review process did not comply with regulation 11(4). No further steps are required by the Commissioner.
ICO Decision: Oxford City Council correctly withheld expense report data
The UK's Information Commissioner's Office (ICO) issued a decision finding that Oxford City Council correctly withheld expense report data under section 40(2) of the Freedom of Information Act (FOIA). The decision upholds the council's reliance on the third-party personal information exemption.
ICO Decision Notice: Halton Council Mersey Gateway Bridges Information Request
The UK's Information Commissioner's Office (ICO) has upheld a complaint against Halton Council regarding a request for information about the Mersey Gateway bridges. The ICO found the Council failed to conduct a reasonable search for the requested information, violating the Environmental Information Regulations (EIR). The Council must now conduct further searches and issue a new response.
ICO Decision Notice: Waste Management Information Request
The UK's Information Commissioner's Office (ICO) issued a decision notice regarding a waste management information request. The ICO upheld the London Borough of Richmond Upon Thames' decision to withhold certain commercial and personal information under the Environmental Information Regulations (EIR). No further action is required by the council.
ICO Decision: HMRC FOI Request - Statutory Prohibition Upheld
The UK's Information Commissioner's Office (ICO) has issued a decision regarding a Freedom of Information (FOI) request made to HM Revenue and Customs (HMRC). The ICO upheld HMRC's decision to withhold certain information based on section 44(1) of the FOIA, which concerns statutory prohibitions on disclosure.
AEPD Resolution: Closure of Employee Biometric Data Tracking Investigation
The Spanish Data Protection Agency (AEPD) has closed an investigation into the Ayuntamiento de Valladolid regarding its use of fingerprint-based employee time tracking. The agency closed the case after the municipality confirmed it had ceased using biometric data for employee time registration on September 2, 2024, following AEPD guidance.
GDPR Resolution on Data Access Rights for VIMCORSA
The Spanish Data Protection Agency (AEPD) issued a resolution regarding a data access rights complaint against VIMCORSA. The complainant alleged VIMCORSA obstructed their right to access personal data and related repair documentation for a property. The AEPD found that VIMCORSA's response was inadequate and potentially obstructed the complainant's rights under GDPR.
GDPR Rights Resolution: Access and Suppression Claims
The Spanish Data Protection Agency (AEPD) issued a resolution regarding a complaint about access and suppression rights under GDPR. The resolution addresses a claimant's assertion that the Directorate General of Police failed to fully respond to a request for information on biometric data processing and access.
GDPR Resolution on Right of Access and Sanction
The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a complaint about the right of access under GDPR. The agency found that the respondent failed to provide a legally established response to the data subject's request, leading to the admission of the claim and the initiation of a procedure for infringement.
EDPB Opinion on Dutch Authority's BCD Travel BCR
The European Data Protection Board (EDPB) has issued Opinion 7/2026 regarding a draft decision by the Dutch Supervisory Authority concerning the Binding Corporate Rules (BCRs) of BCD Travel Group. This opinion addresses the international transfer of personal data under GDPR.
EDPB Opinion on Dutch Authority's IBM Group BCR Draft Decision
The European Data Protection Board (EDPB) has issued an opinion on a draft decision by the Dutch Data Protection Authority concerning the Binding Corporate Rules (BCRs) of the IBM Group. This opinion addresses the international transfer of data and the adequacy of IBM's BCRs.