@jonbainesdata.bsky.social
📤 168
đź“Ą 50
đź“ť 69
The ICO has declined to suggest in its guidance how long controllers should normally take to respond to data subject complaints. I think this is a missed opportunity. On my personal blog:
informationrightsandwrongs.com/2026/02/13/d...
loading . . .
Data protection complaints – a missed opportunity
Has the Information Commissioner’s Office ducked an opportunity to improve data subjects’ rights and provide regulatory clarity to data controllers? Section 103 of the Data (Use and Access) A…
https://informationrightsandwrongs.com/2026/02/13/data-protection-complaints-a-missed-opportunity/
6 days ago
0
1
0
The ICO no longer has to establish that cookie contraventions are likely to cause significant damage or distress before issuing a fine. Will it lead to flurry of fines? (Hint: not under the current regime). Still a noteworthy change though
@mishcondereya.bsky.social
www.mishcon.com/news/unlawfu...
loading . . .
Unlawful cookies: a new avenue for the ICO to issue fines?
The ICO can now fine for any unlawful cookie use under PECR. Discover how DUAA reforms and rising penalties could affect compliance strategies.
https://www.mishcon.com/news/unlawful-cookies-a-new-avenue-for-the-ico-to-issue-fines
7 days ago
0
2
1
I've written for the
@mishcondereya.bsky.social
website on some of the more significant changes wrought by the Data (Use and Access) Act 2025 which commence today (5 February)
www.mishcon.com/news/data-pr...
loading . . .
Data protection and electronic privacy reform: what’s hot and what’s not?
Various aspects of data protection and eprivacy reforms take effect in the UK on 5 February 2026.
https://www.mishcon.com/news/data-protection-and-electronic-privacy-reform-whats-hot-and-whats-not
14 days ago
0
2
2
On my personal blog: FTT rather dismantles @ICOnews on both the facts and the law in this remarkable FOI judgment. Will the ICO have to rewrite their section 40 NCND guidance?
informationrightsandwrongs.com/2025/11/29/n...
loading . . .
NCND for personal data – a qualified exemption?
[reposted from my LinkedIn Account] I’ve been known to criticise First-tier Tribunal (FTT) judgments in the freedom of information jurisdiction. By contrast, this one is superb. In it, the FTT dism…
https://informationrightsandwrongs.com/2025/11/29/ncnd-for-personal-data-a-qualified-exemption/
3 months ago
1
7
3
After all these years, I see that a social media post by
@davidallengreen.bsky.social
can have a remarkable booster effect on the visits to one’s blog
3 months ago
1
7
0
reposted by
Alistair Sloan
3 months ago
Incredible story. The ICO should absolutely now be paying the force some real attention given the potential wider implications for FOI requests and subject access requests.
1
6
2
I’ve written on my personal blog about an extraordinary CoA judgment in which the Chief Constable of Northants Police has been found in contempt over egregious BWV disclosure failings
informationrightsandwrongs.com/2025/11/13/c...
loading . . .
Chief Constable in contempt over BWV footage disclosure failures
The Court of Appeal has handed down an extraordinary judgment (Buzzard-Quashie v Chief Constable of Northamptonshire Police [2025] EWCA Civ 1397) in which the Chief Constable of Northamptonshire wa…
https://informationrightsandwrongs.com/2025/11/13/chief-constable-in-contempt-over-bwv-footage-disclosure-failures/
3 months ago
2
28
18
The MoD has said it cannot say whether it has had any spreadsheet-based data breaches following the catastrophic Afghan citizen one, because it would take >237 hours to find out. On my personal blog
informationrightsandwrongs.com/2025/11/07/m...
loading . . .
MoD: “too costly” to find out if there have been further spreadsheet data breaches
Response to FOI request says it would take 237 hours to find out. How can ICO have confidence lessons have been learnt? Anyone who’s ever had been responsible for compiling or overseeing a data bre…
https://informationrightsandwrongs.com/2025/11/07/mod-too-costly-to-find-out-if-there-have-been-further-spreadsheet-data-breaches/
3 months ago
0
1
2
I’ve written on my personal blog on the still-unclear question of why one very large charity received “public sector” lenience from the ICO - and a 97.5% reduction in proposed fine - while a few months later a tiny charity didn’t
informationrightsandwrongs.com/2025/07/29/i...
loading . . .
ICO fines: are you certain?
In his inaugural speech as Information Commissioner, in 2022, John Edwards said my focus is on bringing certainty in what the law requires of you and your organisations, and in how the regulator ac…
https://informationrightsandwrongs.com/2025/07/29/ico-fines-are-you-certain/
7 months ago
0
2
0
I’ve written up my thoughts for the
@mishcondereya.bsky.social
website, on the baffling decision by the ICO to take no action in response to the most catastrophic data breach in UK history, which exposed many thousands of people to immediate risk to their lives.
www.mishcon.com/news/data-pr...
loading . . .
Data Protection risks to life: Should more be done?
The Secretary of State for Defence announced on 16 July, a significant data protection breach relating to the Afghan Relocations and Assistance Policy
https://www.mishcon.com/news/data-protection-risks-to-life-should-more-be-done
7 months ago
1
11
11
Today we heard about the most catastrophic data breach in UK history. And the ICO’s response? No need for any action. Not. Good. Enough.
www.linkedin.com/posts/jon-ba...
loading . . .
Today, after the High Court discharged a super-injunction preventing anyone from knowing about it, or even knowing about the existence of the injunction, we’ve learnt about possibly the most… | Jon Ba...
Today, after the High Court discharged a super-injunction preventing anyone from knowing about it, or even knowing about the existence of the injunction, we’ve learnt about possibly the most catastrop...
https://www.linkedin.com/posts/jon-baines-374659277_ico-statement-in-response-to-2022-mod-data-activity-7350914902191996928-2HxI?utm_source=share&utm_medium=member_ios&rcm=ACoAAEOMy8gBNJhq0TGiltLe3CA_O4CBsrP9gEs
7 months ago
1
9
4
A largely overlooked but significant change wrought by the Data (Use and Access) Act 2025 means that, in principle, it will be *much* easier for the ICO to issue fines for cookies contravention I've written about this for the @Mishcon_de_Reya website
www.mishcon.com/news/fines-f...
loading . . .
Fines for cookie contraventions more likely as a result of law change
The Data (Use and Access) Act 2025 (DUAA) will make some significant changes to the enforcement regime for cookies and direct electronic marketing.
https://www.mishcon.com/news/fines-for-cookie-contraventions-more-likely-as-a-result-of-law-change
8 months ago
0
2
1
I’ve written for the Mishcon de Reya website on the Data (Use and Access) Act 2025 and the changes it will make to the UK’s data protection laws
www.mishcon.com/news/how-wil...
loading . . .
How will the Data (Use and Access) Act reshape data protection?
On 19 June, the Data (Use and Access) Act (DUAA) received Royal Assent. We consider what changes it will bring in terms of data protection law.
https://www.mishcon.com/news/how-will-the-data-use-and-access-act-reshape-data-protection
8 months ago
0
0
0
A man on remand for assaulting his ex-partner duped former employer, JD Wetherspoon, into orally disclosing her mother’s mobile phone number, which he then used to continue his abuse. I’ve written on my personal blog about the case which has resulted
informationrightsandwrongs.com/2025/06/29/o...
loading . . .
Oral disclosure of personal data: a new domestic case
“Pretexting” and “blagging” are forms of social engineering whereby someone attempts to extract information from a source by deception. One (unethical) example is when a journalist purports to be s…
https://informationrightsandwrongs.com/2025/06/29/oral-disclosure-of-personal-data-a-new-domestic-case/
8 months ago
0
0
1
The Data (Use and Access) Act 2025 has now been published. NB that most of the operative data protection provisions still need secondary legislation to commence them
www.linkedin.com/posts/jon-ba...
loading . . .
From what I can see, the only major operative "data protection" provision that comes immediately into effect is the section 78 "reasonable and proportionate searches" one (and that...
From what I can see, the only major operative "data protection" provision that comes immediately into effect is the section 78 "reasonable and proportionate searches" one (and that...
https://www.linkedin.com/posts/jon-baines-374659277_data-use-and-access-act-2025-activity-7341870513314574337-4Pvv?utm_source=share&utm_medium=member_ios&rcm=ACoAAEOMy8gBNJhq0TGiltLe3CA_O4CBsrP9gEs
8 months ago
0
1
3
A blogpost on what the Data (Use and Access) Act 2025 will do. It’s essentially an amending statute: practitioners should look mostly to how it changes UK GDPR, DPA 2018 and PECR
informationrightsandwrongs.com/2025/06/20/w...
loading . . .
What the DUAA 2025 will do
Section 1(2) of the Data Protection Act 2018 tells us that Most processing of personal data is subject to the UK GDPR Despite the attention given to the progress of the Data (Use and Access) Act 20…
https://informationrightsandwrongs.com/2025/06/20/what-the-duaa-2025-will-do/
8 months ago
0
3
0
The Data (Use and Access) Bill is due to receive Royal Assent on 19 June:
bills.parliament.uk/bills/3825/s...
loading . . .
Data (Use and Access) Bill [HL] Royal Assent - Parliamentary Bills - UK Parliament
Data (Use and Access) Bill [HL] Royal Assent sittings
https://bills.parliament.uk/bills/3825/stages/19996
8 months ago
0
0
0
For the want of a nail the shoe was lost. For the want of a signature the €4.3m GDPR fine against VW was lost.
themunicheye.com/volkswagen-e...
8 months ago
0
1
1
Next week the Court of Appeal will hear the claimants’ appeal in the case of Farley and Others v. Paymaster (1836) Limited (trading as Equiniti) [2024] EWHC 383 (KB). See my short primer on the issues
www.linkedin.com/posts/jon-ba...
loading . . .
Next week the Court of Appeal will hear the claimants’ appeal in the case of Farley and Others v. | Jon Baines
Next week the Court of Appeal will hear the claimants’ appeal in the case of Farley and Others v. Paymaster (1836) Limited (trading as Equiniti) [2024] EWHC 383 (KB). This is an important case when i...
https://www.linkedin.com/posts/jon-baines-374659277_the-court-of-appeal-civil-division-live-activity-7339549640540803072-7roH?utm_source=share&utm_medium=member_ios&rcm=ACoAAEOMy8gBNJhq0TGiltLe3CA_O4CBsrP9gEs
8 months ago
0
0
0
To what extent do rules in defamation carry over to data protection claims about publication of personal data? There’s some interesting analysis in a recent judgment, striking out a claim by Dale Vince against Associated Newspapers. On my personal blog:
informationrightsandwrongs.com/2025/06/09/d...
loading . . .
Defamation rules are applied to UK GDPR claim
An interesting recent judgment in the High Court considers the extent to which rules in defamation law might also apply to data protection claims. In July 2024 His Honour Judge Lewis struck out a c…
https://informationrightsandwrongs.com/2025/06/09/defamation-rules-are-applied-to-uk-gdpr-claim/
9 months ago
0
2
1
The
@goodlawproject.bsky.social
is suing Reform, as a representative body (the first such case brought under Article 80(1) of the UK GDPR. GLP have published both its particulars of claim and Reform’s defence. I’ve written about it on my personal blog
informationrightsandwrongs.com/2025/06/06/g...
loading . . .
Good Law Project v Reform
In the run-up to last year’s General Election, the campaigning group The Good Law Project (GLP) actively encouraged people to make subject access requests (under Article 15 of the UK GDPR) to polit…
https://informationrightsandwrongs.com/2025/06/06/good-law-project-v-reform/
9 months ago
0
3
0
The Information Tribunal has ruled that the Hinkley Point C construction company is a public authority for the purposes of the Environmental Information Regulations (a parallel access regime to the FOI Act). On my personal blog:
informationrightsandwrongs.com/2025/06/06/h...
loading . . .
Hinkley Point C construction company is a public authority under the EIR
The Information Tribunal has ruled that the Nuclear New Build Generation Company, a subsidiary of EDF Energy, created to construct s new nuclear power plant at Hinkley Point C (HPC), is a public au…
https://informationrightsandwrongs.com/2025/06/06/hinkley-point-c-construction-company-is-a-public-authority-under-the-eir/
9 months ago
0
2
3
For some reason
@familoo.pinktape.co.uk
@juliedoughty.bsky.social
I can’t reply to this post, so having to repost it: these are my initial thoughts on the data protection aspects of the guidance
informationrightsandwrongs.com/2025/06/04/c...
add a skeleton here at some point
9 months ago
2
1
2
The Family Justice Council has produced guidance on covert recordings in family law proceedings - some of its references to data protection law are misguided. On my personal blog:
informationrightsandwrongs.com/2025/06/04/c...
loading . . .
https://informationrightsandwrongs.com/2025/06/04/covert-recordings-in-family-law-proceedings-some-slightly-flawed-guidance/
9 months ago
0
1
0
When Liz Truss was elected leader of the Tory Party (and thus recommended to and appointed by the Queen as her PM) was it an exercise of a public function amenable to JR? Unsurprisingly, the Court of Appeal says “no”. On my personal blog
informationrightsandwrongs.com/2025/05/27/l...
loading . . .
Liz Truss leadership election not amenable to JR
Was the leadership election in which Liz Truss was elected as leader of the Conservative Party (and as a result of which she was recommended to the Queen by the outgoing Boris Johnson, and appointe…
https://informationrightsandwrongs.com/2025/05/27/liz-truss-leadership-election-not-amenable-to-jr/
9 months ago
0
1
0
This looks very nasty - a cyber attack has apparently compromised the Legal Aid Agency’s online digital services, involving a "significant" amount of personal data from those who applied online for legal aid since 2010
www.gov.uk/government/n...
loading . . .
Legal Aid Agency data breach
An update following a cyber-attack on the Legal Aid Agency’s online digital services.
https://www.gov.uk/government/news/legal-aid-agency-data-breach
9 months ago
0
3
6
For data subjects considering complaints to the ICO, or for controllers faced with such complaints, you might want to know there is a current 16-week wait just to get allocated to a caseworker. A tub-thumping post by me on LinkedIn
www.linkedin.com/posts/jon-ba...
loading . . .
The Information Commissioner's Office’s backlog in handling data… | Jon Baines
The Information Commissioner's Office’s backlog in handling data protection complaints means that in effectively every case it is exceeding the time envisaged by Parliament for doing so. Section ...
https://www.linkedin.com/posts/jon-baines-374659277_the-information-commissioners-offices-backlog-activity-7328359670526451712-4BVK?utm_source=share&utm_medium=member_ios&rcm=ACoAAEOMy8gBNJhq0TGiltLe3CA_O4CBsrP9gEs
9 months ago
1
6
3
The Data (Use and Access) Bill was returned to the Lords yesterday, and once again, on three key votes - on sex data and DVS, the definition of “scientific research”, and AI & copyright, the Government lost. My LinkedIn post:
www.linkedin.com/posts/jon-ba...
loading . . .
Data (Use and Access) Bill [HL] - Hansard - UK Parliament | Jon Baines
For a bill in Parliament to proceed to royal assent, it must be agreed by both the House of Commons and the House of Lords. When the Houses cannot agree the bill, it enters a stage referred to as “pin...
https://www.linkedin.com/posts/jon-baines-374659277_data-use-and-access-bill-hl-hansard-activity-7327910819139100673-vFGV?utm_source=share&utm_medium=member_ios&rcm=ACoAAEOMy8gBNJhq0TGiltLe3CA_O4CBsrP9gEs
9 months ago
0
3
1
The First-tier Tribunal has certified to the Upper Tribunal an offence of contempt by the University of Exeter, in respect of “wilful” and “flagrant” failure to comply with an order by the FTT under FOIA to disclose information. On my personal blog
informationrightsandwrongs.com/2025/05/07/f...
loading . . .
FOIA contempt proceedings against University of Exeter
Non-compliance by a public authority with the provisions of the Freedom of Information Act 2000 is rarely a particularly serious matter for the public authority: a delay in responding, or a failure…
https://informationrightsandwrongs.com/2025/05/07/foia-contempt-proceedings-against-university-of-exeter/
10 months ago
1
6
6
The Information Commissioner has ruled, in two important recent decisions, that BT and Openreach are public authorities for the purposes of the Environmental Information Regulations 2004
www.mishcon.com/news/bt-is-s...
loading . . .
BT is subject to Environmental Information law, says Information Commissioner
The Information Commissioner (ICO) has issued decision notices ruling that British Telecommunications plc and Openreach Limited are public authorities for the purposes of the Environmental Information...
https://www.mishcon.com/news/bt-is-subject-to-environmental-information-law-says-information-commissioner
10 months ago
0
6
5
A duty to provide context when responding to data subject access requests - a new data protection duty in domestic law? By me, on my personal blog
informationrightsandwrongs.com/2025/03/27/a...
loading . . .
A new data protection duty?
I’ve been looking in more detail at the recent subject access judgment in Ashley v HMRC. One key point of general application stands out for me, and that is that it states that in some cases (i.e. …
https://informationrightsandwrongs.com/2025/03/27/a-new-data-protection-duty/
11 months ago
1
11
8
In what world would FOI disclosure of the blank forms ministers must use to declare interests be prejudicial to the conduct of public affairs? Well, it’s a world that the Cabinet Office inhabits. Post on my personal blog
informationrightsandwrongs.com/2025/02/19/t...
loading . . .
The state of central government transparency
[reposted from my LinkedIn account] This is one of the most extraordinary FOIA judgments I’ve ever seen, and it says an awful lot about the approach to transparency at the centre of the civil servi…
https://informationrightsandwrongs.com/2025/02/19/the-state-of-central-government-transparency/
about 1 year ago
1
2
0
NHS England will not publish the full report into the health services’ role in the treatment of Valdo Calocane in part because of data protection concerns. I’ve written on my personal blog about this
informationrightsandwrongs.com/2025/02/04/n...
loading . . .
NHS England and publication of the Calocane report
[reposted from my LinkedIn account] NHS England is reported to be refusing, partly on data protection grounds, to publish the full independent review report into the care and treatment of Valdo Cal…
https://informationrightsandwrongs.com/2025/02/04/nhs-england-and-publication-of-the-calocane-report/
about 1 year ago
0
2
0
Judicial review of a regulator (especially one entrusted to bring prosecutions) is exceptionally hard. I’ve written on my personal blog about a recent unsuccessful application for JR of the Information Commissioner
informationrightsandwrongs.com/2025/01/30/e...
loading . . .
Exceptionally unlikely: ICO and judicial review
[reposted from my LinkedIn account] Where Parliament has entrusted a specialist body with bringing prosecutions, such as the Serious Fraud Office, or the Information Commissioner’s Office (IC…
https://informationrightsandwrongs.com/2025/01/30/exceptionally-unlikely-ico-and-judicial-review/
about 1 year ago
0
3
1
Quote tweet with a bridge from your gallery
add a skeleton here at some point
about 1 year ago
0
1
0
I’ve written on my personal blog about the judgment in RTM v Bonne Terre, on cookies, consent and targeted advertising. I suspect there will be a lot of misunderstanding and misrepresentation of its significance
informationrightsandwrongs.com/2025/01/24/c...
loading . . .
Cookies, compliance and individuated consent
[reposted from my LinkedIn account] Much will be written about the recent High Court judgment on cookies, direct marketing and consent, in RTM v Bonne Terre & Anor, but treat it all (including,…
https://informationrightsandwrongs.com/2025/01/24/cookies-compliance-and-individuated-consent/
about 1 year ago
0
1
1
I’ve written for the
@mishcondereya.bsky.social
website on the news that a government amendment to the Data (Use and Access) Bill will allow charities to use the PECR “soft opt in” to send direct marketing and text messages to individuals
www.mishcon.com/news/data-us...
loading . . .
Data (Use and Access) Bill amendment – good news for charities
We questioned why the Data (Use and Access) Bill had not revived proposals to allow charities to send marketing emails and text messages to supporters.
https://www.mishcon.com/news/data-use-and-access-bill-amendment-good-news-for-charities
about 1 year ago
0
1
2
Data protection claim against persons unknown gets (very) short shrift from Mr Justice Nicklin On my personal blog
informationrightsandwrongs.com/2024/12/12/d...
loading . . .
Data protection claims against persons unknown
[reposted from my LinkedIn account] Chirkunov v Person(s) Unknown & Ors [2024] EWHC 3177 (KB) This is an important, and quite withering, judgment from Mr Justice Nicklin, which ends with a sugg…
https://informationrightsandwrongs.com/2024/12/12/data-protection-claims-against-persons-unknown/
about 1 year ago
0
0
0
Interesting data protection case in the High Court, where a private investigator firm appears to be arguing it was a mere processor when helping prepare a report for use in family proceedings
www.linkedin.com/posts/jon-ba...
loading . . .
Jon Baines on LinkedIn: High court hears data controllership dispute
This looks like a very interesting data protection case being heard in the High Court, where the claimant is suing over a report prepared for family court…
https://www.linkedin.com/posts/jon-baines-374659277_high-court-hears-data-controllership-dispute-activity-7271389423588585472-FkSA?utm_source=share&utm_medium=member_ios
about 1 year ago
1
2
1
Could the right to be forgotten break generative AI? On my personal blog
informationrightsandwrongs.com/2024/12/07/c...
loading . . .
Could the right to erasure in data protection law break AI?
[reposted from my LinkedIn account] I ask this only partly in jest. The story of how ChatGPT refused to acknowledge the existence of “David Mayer” and some others, perhaps (probably?) because peopl…
https://informationrightsandwrongs.com/2024/12/07/could-the-right-to-erasure-in-data-protection-law-break-ai/
about 1 year ago
0
1
1
Banks to be required to snoop on customers’ accounts to check for benefit fraud, under proposed “DWP Fraud, Error and Debt Bill” On my personal blog
informationrightsandwrongs.com/2024/12/06/b...
loading . . .
Banks to be required to snoop on customers’ accounts
[reposted from my LinkedIn account] A recently announced “DWP Fraud, Error and Debt Bill” will propose obligations on banks and financial institutions to “examine their own data sets to highlight w…
https://informationrightsandwrongs.com/2024/12/06/banks-to-be-required-to-snoop-on-customers-accounts/
about 1 year ago
0
0
0
On my personal blog, an extraordinary, and - I think - unfair costs decision against a freedom of information requester
informationrightsandwrongs.com/2024/12/05/f...
loading . . .
FOIA costs decision against applicant for failing to withdraw contempt application
A freedom of information requester is facing costs in what seems to have been a bit of a shambles before the First Tier Tribunal (FTT). I think this is rather concerning, albeit slightly convoluted…
https://informationrightsandwrongs.com/2024/12/05/foia-costs-decision-against-applicant-for-failing-to-withdraw-contempt-application/
about 1 year ago
0
4
0
The former and current Information Commissioners appear to disagree on the efficacy of data protection fines, with Liz Denham reported as saying some companies are dismissive of enforcement because “there's no fines coming our way”
www.linkedin.com/posts/jon-ba...
loading . . .
Jon Baines on LinkedIn: MLex | Insight and Comment on Regulatory Risk for Law Firms, Corporations…
MLex reports (£) on a disagreement between the current Information Commissioner, John Edwards, and his predecessor, Elizabeth Denham, on the deterrent effect…
https://www.linkedin.com/posts/jon-baines-374659277_mlex-insight-and-comment-on-regulatory-activity-7269999942000070657-uoaK?utm_source=share&utm_medium=member_ios
about 1 year ago
0
2
2
A recent FOI decision of the Information Tribunal has the potential to lead govt to classify certain types of info as “always exempt”, but I believe the judgment contains a plain legal error
informationrightsandwrongs.com/2024/12/03/i...
loading . . .
I don’t think that word means what you think it means
[reposted from LinkedIn] I think there’s a plain error of law in this Information Tribunal judgment (O’Hanlon & Anor v Information Commissioner & Anor [2024] UKFTT 1061 (GRC). Section…
https://informationrightsandwrongs.com/2024/12/03/i-dont-think-that-word-means-what-you-think-it-means/
about 1 year ago
0
3
0
you reached the end!!
feeds!
log in
