EDPB/EDPS Joint Opinion on Digital Omnibus Regulation Proposal

The EDPB and EDPS have issued a joint opinion on the Digital Omnibus Regulation proposal, supporting simplification efforts while raising concerns about proposed changes to the GDPR's definition of personal data. They also welcome increased data breach notification thresholds and deadlines.

ICO Decision Notice: Cabinet Office FOI Request Breach

The UK's Information Commissioner's Office (ICO) has issued a decision notice regarding a Freedom of Information (FOI) request made to the Cabinet Office. The ICO upheld a complaint that the Cabinet Office breached FOI rules by failing to respond to a request within the statutory 20-working day period.

ICO Decision Notice: UWE must disclose construction expenditure

The UK's Information Commissioner's Office (ICO) issued a decision notice against the University of the West of England (UWE). UWE is required to disclose construction expenditure information within 30 days, as the ICO found their refusal to be unlawful under the Environmental Information Regulations (EIR).

Frimley Health NHS Trust FOI Request Upheld

The ICO has upheld a Freedom of Information (FOI) request against Frimley Health NHS Foundation Trust for failing to respond within the statutory 20 working days. The Trust is now required to respond to the complainant within 30 calendar days.

ICO Upholds Lambeth Council's Refusal on Information Request

The ICO has upheld Lambeth Council's refusal of one information request under the Environmental Information Regulations (EIR) 11(2) and 5(2). However, the Council breached EIR 5(2) by failing to respond within 20 working days and EIR 11(2) by not completing an internal review.

ICO Upholds Complaint Against Birmingham City Council for Delayed Planning Information

The UK's Information Commissioner's Office (ICO) has upheld a complaint against Birmingham City Council for failing to provide planning information within the statutory 20-working-day timeframe. The ICO found the council in breach of the Environmental Information Regulations (EIR).

ICO Updates UK GDPR International Transfer Guidance

The UK's Information Commissioner's Office (ICO) has updated its guidance on international personal data transfers under UK GDPR. The revised guidance aims to simplify compliance for businesses by introducing a 'three step test' and clarifying complex areas.

ICO Fines Two Companies £225,000 for Nuisance Marketing

The UK's Information Commissioner's Office (ICO) has fined Allay Claims Ltd and ZMLUK Limited a total of £225,000 for sending millions of unsolicited marketing messages. Allay Claims was fined £120,000 for unlawful text messages, and ZMLUK Limited received a £105,000 fine for unlawful marketing emails.

ICO Investigates Grok AI for Non-Consensual Imagery

The UK's Information Commissioner's Office (ICO) has opened a formal investigation into X Internet Unlimited Company and X.AI LLC regarding their Grok AI system. The investigation will assess compliance with data protection laws concerning the potential generation of non-consensual sexual imagery, including of children.

ICO Reprimands GP Surgery for Excessive Medical Data Disclosure

The UK's Information Commissioner's Office (ICO) has reprimanded Staines Health Group for sending 23 years of a terminally ill patient's medical records directly to an insurer, instead of the requested five years to the patient. The ICO cited a lack of written processes and inadequate training as contributing factors.