Information Commissioner's Office Opiniões 510

Ineffectual and useless. They appear to only act on a fraction of complaints and practise heavy deflection and redirection, advising people to pursue their own legal action via the courts, making them pretty pointless as an entity.

Weaponised incompetence in action.
They take up to 2 years to respond to complaints then send you a template letter saying it's been so long since you complained you probably dont want to pursue it so they won't bother investigating.

Shut down this useless, pointless waste of space.

I contacted the Information Commissioner’s Office (ICO) regarding the Council’s handling of a Subject Access Request and subsequent internal review concerning safeguarding and ASB Case Review records relating to me.

Following the Council’s response, I submitted a detailed internal review request identifying specific categories of personal data that appeared to be missing, including safeguarding governance records, screening decisions, and records associated with a statutory ASB Case Review process. The internal review was acknowledged by the Council but, to my knowledge, no substantive review outcome was ever provided.

I complained to the ICO on the basis that important questions remained unresolved, including whether relevant records existed, whether further disclosure would be made, or whether any lawful basis was being relied upon to withhold information.

The ICO decided not to undertake an investigation and recorded the complaint for information purposes only.

My concern is not simply that the ICO reached a different conclusion to my own. Rather, it is that the process concluded without resolving the underlying issues or obtaining a clear answer regarding the status of the records requested. As a result, significant uncertainty remains regarding the handling of personal data connected to safeguarding and Community Safety processes affecting me.

I appreciate that the ICO must prioritise its resources and cannot investigate every complaint. However, from my perspective, the outcome illustrates the difficulty individuals face when seeking independent scrutiny of unresolved data access concerns involving public authorities.

This review reflects my personal experience of the ICO complaints process.

Live chat and phone calls not helpful! Not very professional and rude

CYNICAL GANG WHO ARE PAID BY FINANCIAL SERVICES etc.NOT TO INVESTIGATE CUSTOMERS COMPLAINTS.The annual data protection fee paid by the banks protects them from any serious investigation by the dysfunctional ICO.The ICO advises complainants to "take proceedings in court"- having done nothing to enforce data protection legislation themselves.As though I'm going to litigate against Lloyds Banking Group with its resources of £944 billion! As Rachel Reeves backs the totalitarian financial services industry,to the hilt,the likelihood of the ICO being disbanded and some effective regulators established in their place is .....nil.

They are not able to deal with traumatic brain injury with cognitive impairments or serverly mentally impaired ..abuse of authority and harassment

The ICO appears more interested in protecting organisations than helping the public. I tried to obtain my own NHS medical records relating to two operations, but the process has been exhausting and pointless. The ICO took an unreasonably long time to respond, only to send a generic template letter full of hyperlinks and excuses saying there was nothing they could do. If they are largely funded by the organisations they regulate, it certainly raises questions about whose interests they actually serve.

Unfortunately myself found them absolutely useless.
I put complaint against another government body for multiple violations of Gdpr, hiding evidences for future legal actions, and reply was just a standard copy paste, that they decided not to move forward with investigation.
I guess if it was private company and they could slap some fine on it they would be more interested.

The ICO were given ample evidence of an organisation making inaccurate records of meetings and medical history. My doctor even raised it. The ICO clearly didn't read through the evidence presented, gave the organisation 14 days to respond which they did two months later and the response was full of inaccuracies including claims that I had made a "right to erasure request" dated from before I had even submitted a SAR. The communication was blatantly wrong and inaccurate. The ICO responded by saying that the case was closed because they responded. The data was unfairly processed and used to make a false narrative which the ICO had the evidence of, and which also showed it was clearly in breach of their accuracy principle. Absolutely useless if they have to do more than read the first few lines of an email.

Senseless pro-forma response from ICO after 308 days where they failed to address the personal data violations by a clinical regulator who shared my medical records to third parties without redactions.

The clinical regulator for an alternative practice failed in its duty of care to redact my medical records or anything outside the scope of my complaint. They also committed procedural data law improprieties by demanding my Neurology medical records without caveat of 'no obligation'. Interestingly, the organisation in question redacted the respondents’ submissions thereby indicating an open bias towards its practitioners.

Despite incontrovertible material screenshots that verified the foregoing, the ICO sided with the clinical regulator. There was no substance to the ICO’s decision.

Unlike the historic ICO assessors who were honourable, the recent teams are not assessing data complaints logically or fairly, let alone in a timely manner, perhaps the standards are drastically slipping.

On balance, the regulatory systems are just mechanisms of deflection that are designed to frustrate the victim and shield corporations and industries from accountability.

The hassle of legal action remains unaffordable and counterproductive for victim health, especially with the vexatious nature of insurance firms that may not fulfil cost liabilities if the legal outcome goes south.

Accordingly, the public deserves a cost effective data regulatory guardian to avoid such eventualities, but the ICO are nothing of the kind and its routinely denying justice to victims of data breaches. For this reason, I have launched a citizens investigation to ascertain the wider levels of maladministration by regulators.

Awful organisation. Do not waste your time. EVEN if you manage to get your complaint by the ICO upheld, you are going to be disappointed.

In my experience, the ICO did not act as an effective protector of individual data‑rights. Their responses felt generic and appeared to favour the organisations under investigation rather than carrying out an independent assessment of the evidence I provided. As a result, I did not feel that my rights were meaningfully upheld. Anyone facing serious data‑protection issues may need to pursue legal action directly, as the ICO’s involvement offered little practical support.

I made a booking with Best Western Sysonby Knoll Hotel and a couple of days later a scammer contacted me via WhatsApp pretending to be Best Western. I reached out to Best Western directly via their website, and they confirmed this was a scammer and they admitted my private data from my booking had been illegally obtained. However, they wouldn't tell me how it had been illegally obtained, and months later, they still refuse to tell me.

I reported them to the ICO, because this is a clear privacy violation and mismanagement of my private data. But the ICO have decided not to investigate.

They have no interest in how my private data got in the hands of criminals or making sure Best Western implements changes to make sure it doesn't happen again.

Because they won't investigate, I have no idea how much of my private data was stolen

They really do just collect your money. Their practices are modelled on TV Licencing. If the ICO were to disappear today, it would make no difference to anyone.

The ICO publishes clear guidance based on GDPR for Data Controllers but when an individual produces evidence of a breach, the ICO position is to reject the complaint stating that the rejection is in line with their “published framework” without giving any details about which part of the framework the complaint fails on. It is therefore impossible to know how the complaint may be reframed in order to merit proper consideration.

The background: A utility bill is frequently used as a means of identification. It does not seem unreasonable to expect the utility company to keep the details of a bill secure, lest a bad actor were to use said details to produce a bogus but convincing utility bill. When I discovered that certain details from my bill were easily available on the internet I complained to the utility company, asking them to either cease to use my data in this way or to justify the use by reference to the relevant guidance on the ICO website. Their response was blunt to the point of rudeness (basically “it’s legitimate interest and we’re under no obligation to tell you why”), so the ICO seemed to be the appropriate arbiter. Wrong!

Footnote: I suspect that, in the same way that the Environment Agency is mostly funded by fees derived from Water Companies, the ICO is mostly funded by fees derived from registrations. C4 did an excellent exposé of the EA in ‘Dirty Business’, maybe there are sufficient complaints on here to warrant their attention.

Spoke to "Lydia" on live chat, who might as well not even have bothered working there. She was extremely unhelpful regarding my issues with the Telephone Preference Service and advised me to contact "their regulator." When I pointed out that the ICO is, in fact, their regulator, she simply stopped responding to live chat messages. I made a complaint, but doubt I'll ever hear back. How do these people get jobs?!

Rang today to register, expecting to have problems. Got a fantastic lady (Lisa?) who was super helpful, got the job done efficiently and with great communication. Honestly the best customer service I've ever had from a public body!

Useless.

I contacted the ICO to request assistance in getting a company to delete my private data after multiple attempts. After three months, the ICO responded stating that my case was not a priority for further investigation or action.

Useless and uninterested. Reported a serious data breach of confidential information, took them 6 months to reply, and then said they weren’t even interested. Biggest waste of time. Don’t bother reporting as they don’t care.

Beyond dreadful - I am not sure they even really exist. if so they have a fraction of the capacity needed - broken, not fit for purpose.