The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has announced that it is to keep a portion of the money raised from civil monetary penalties that it issues. Previously, all of this money was channelled into the Consolidated Fund, the government’s central bank account, and then distributed from there as part of wider government spending. However, the government has now agreed that the ICO should keep some funds from the penalties that it levies.
Note that we’re talking about some, not all, of the money: the ICO has stated that it will only be able to retain funds that cover “pre-agreed, specific and externally audited litigation costs”. In recent years, the ICO has had to contend with a growing number of controllers appealing fines or enforcement notices. The ICO’s new funding arrangement will help to offset these expensive litigation costs and bolster its ability both to bring cases and defend itself in court. It is, however, subject to a cap of £7.5 million on the amount that it can recover from its fines in one financial year.
There is, of course, the danger of self-interest: will the ICO start upping the number and value of its fines due to its new financial arrangement with the government? However, the involvement of the National Audit Office in auditing the ICO’s use of these funds should help to allay concerns.
In response to the new arrangements, James Dipple-Johnstone, the ICO’s Chief Regulatory Officer, said, “Being able to recover some of our litigation costs will form an important part of ensuring that the ICO has the right tools to do our job. We are on the side of the public and responsible businesses and being well resourced to take action can give everyone the confidence that, where appropriate, we will act effectively to uphold rights.”
Here at Pritchetts, we offer a range of services in the area of data protection and privacy law. If you’d like help with reviewing or enhancing any of your data protection compliance measures, please get in touch.