ICO Decision on Ministry of Defence FOI Complaint

The UK's Information Commissioner's Office (ICO) issued a decision regarding a Freedom of Information (FOI) complaint against the Ministry of Defence (MOD). The ICO found that the MOD was justified in withholding information related to Porton Down range usage under FOIA section 26(1)(b) (defence), as the public interest favoured maintaining the exemption.

ICO Decision: Core Education Trust request vexatious

The UK's Information Commissioner's Office (ICO) has ruled that a request made to Core Education Trust was vexatious and therefore not subject to compliance. The decision means the Trust is not obliged to provide the requested information.

ICO Decision Notice: UKHSA FOI Breach

The Information Commissioner's Office (ICO) has issued a decision notice finding that the UK Health Security Agency (UKHSA) breached Section 10 of the Freedom of Information Act (FOIA) by failing to respond to a request within the statutory 20 working days. UKHSA is required to provide a substantive response.

ICO Orders Nottingham University Hospitals NHS Trust to Disclose Data

The UK's Information Commissioner's Office (ICO) has ordered Nottingham University Hospitals NHS Trust to disclose nurse and midwife referral data to the Nursing and Midwifery Council. The trust must comply within 30 days, or face potential contempt of court proceedings.

ICO Upholds FOI Complaint Against Chapel St Leonards Council

The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against Chapel St Leonards Parish Council. The ICO ruled that the council wrongly cited section 14 of the FOIA (vexatious requests) and must now issue a fresh response to the complainant's request regarding a gardening contract.

ICO Decision Notice: Lambeth Council FOI Data Handling

The UK's Information Commissioner's Office (ICO) has upheld Freedom of Information (FOI) complaints against Lambeth Council for its handling of data requests. The Council is required to provide specific requested information in the format specified within 30 days.

Tools for Humanity GDPR Operations Update

The Spanish Data Protection Agency (AEPD) received an update from Tools for Humanity regarding their GDPR operations. The company is relaunching operations in Spain in February 2026 with a new rewards model and has consolidated its data controller role within the EU.

EDPB Reply to Civil Society on EU Spyware Abuse

The European Data Protection Board (EDPB) has issued a reply to a civil society open letter concerning recent spyware abuse cases within the EU. This notice addresses concerns raised by civil society regarding the implications of spyware on data protection and fundamental rights.

EIOPA Assesses EFRAG's Advice on Amended Sustainability Reporting Standards

EIOPA has published an opinion assessing the European Financial Reporting Advisory Group's (EFRAG) technical advice on amended European Sustainability Reporting Standards (ESRS). The opinion focuses on impacts to the (re)insurance and occupational pensions sectors, assessing data availability, consistency with EU legislation like Solvency II, and interoperability with international standards.

EIOPA Guidelines on Identifying Critical Insurance Functions

EIOPA has published final guidelines on identifying critical insurance functions, which if disrupted, could severely impact policyholders and financial stability. These guidelines are required under the IRRD and will inform resolution authorities in drafting resolution plans for identified insurers.