Information Commissioner's Office Opiniões 510

Worse than ever. Their enabling of companies who repeatedly and flagrantly abuse customer data and breach GDPR law is truly at a shocking level. They will confirm that the company you’re complaining about has BROKEN THE LAW but they openly state they will be doing absolutely nothing about it.

It’s a joke. Once again the corporations are protected as they continually abuse us and our information, while we have zero protection from it. If I broke the law - I’d be charged and punished appropriately. If these companies do it? They get rewarded and protected by the very governing body that is supposed to govern them - the ICO.

An absolute joke at this point but what else do you expect? Keep sending them the complaints, the ICO obviously want to put people off complaining by doing nothing about the breaches of law, but it has to be noted.

Let’s work together to stop companies abusing us (because the ICO will only protect them and allow them to continue doing it) and also work to prove the ICO as a useless, weak, enabling and pointless entity. Keep sending the complaints. Send them EVERY TIME IT HAPPENS. Nothing is too small.

I used to find this organisation helpful. I would present a case, be assigned a caseworker, and as long as I was correct and my personal data had been wrongly used, there'd be an outcome. (This situation - sharing or mis managing personal information - can arise surprisingly often when you understand your rights in all sorts of communications.) They would write and alert the data controller of a company where there was wrongdoing, and help me. Now, I start with the live chat service, and often get a really sensible response. I keep a transcript and then I present the case to the ICO. But now, it's rare for a caseworker to help. I'll get a message eventually, although it can take months. But they like to say a case "isn't in the public interest" and thus get off the hook and I suppose, save themselves time. Recently, this was profoundly untrue when a local county council had deliberately let data handlers interest themselves in my history, and affect the response to a SAR in a very harmful way indeed. I'd guess that council will carry on treating customers so badly. Even more recently, I simply got blanked. Someone from the ICO wrote and asked for more information (after a long delay of months). I sent it ... waited ... sent again. Nothing. It's a deteriorating service, and often the result is downright insulting.
We should expect the following statements to be adhered to: "ICO acts ... as a strong defender of individuals’ information rights ..." (Regulatory Action policy) "We can make recommendations ..."
They aren't 'strong'. I think there were probably calls between the ICO case worker and the county council in question, and my case may have been dismissed to protect the council. That's my suspicion.
It looks obvious that individual caseworkers differ. This may be normal in terms of human outcomes, but it isn't correct when one follows due process and another simply won't engage. Oddly, a relatively small concern about a local town council was carefully looked at and I received a helpful, detailed reply, and was able to send part of it to the town council's clerk for her information. For that reason only, the one star you have to put up to get the post published, is valid.

A member of staff left their venue and assaulted me on a public road while I was minding my own business. The police couldn't be bothered to collect the footage using the PACE act, or even review it at the time. I submitted a Subject Access Request to get the ball rolling. I was on public land, it was a member of staff in the video, and they committed a crime. There's no reasonable expectation of privacy in this instance - they have to share the footage.

The bar refused to hand over the footage. The ICO sent them an email saying they should reconsider and closed the case. Useless.

The footage will go over the 30 day limit, the ICO know the only evidence is going to be destroyed. They do not care.

They take millions in taxpayer money each year so it is my opinion that this is essentially another parasite institution. Some sort of tool for people in power to lean on when they need to persecute a business or person. The term 'adult-daycare' also springs to mind, frankly. It does not serve the public as far as I can see. Reading the other reviews is depressing.

Waiting 40 weeks for the ICO is like queuing for a takeaway that never arrives. Meanwhile, companies with a history of mishandling your personal data are happily taking the mickey, knowing the regulator operates at the speed of a tortoise on a tea break. A joke organisation for a serious job

They took 4 months to reply only to say that they wouldn’t be investigating my case, even when it’s crystal clear the company I complained about broke the law. I fail to see the point of this body - it’s a waste of taxpayers money and should be disbanded. They could actually fine companies who don’t comply and use that money to improve their services but they’d rather do nothing, it seems.

Waste of time....
Reported a spammer to the ICO but still getting spammed daily by the company.

What's the point of they don't do anything to resolve.

Extremely slow & outcome so idiotic that there should be a case for scrapping this outfit. Absolute waste of public money. What happened? The ICO officer took more than six months to explore my complaint against Booking.com and finally agreed that Booking.com had failed to meet its statutory obligations. It ignored my original request and about six reminders. This wasn't an oversight; it is clearly deliberate policy. That makes its actions unlawful.
Th e ICO officer did nothing about it. No sanction against Booking.com, nothing. So companies with sharp & unlawful practices will continue with their sharp & unlawful practices with absolutely no comeback from the body that should protect us. I would have liked to appeal against the ICO officer's process and perverse decision, but there doesn't seem to be any option to do so.

One has to ask what is the point of having legislation if the enforcement body don't do anything about breaches.

Set up to serve the people that break the law and paid for by the people the law was set up to protect (Tax Payer) as with all these bodies they are only there for the purpose of looking good the serve neither use nor ornament and will not protect you from the law breakers as they are employed by the law makers

I am not surprised that ICO has 1 star rating and ZERO good reviews.
I know very well what a GDPR breach is, as we all have been constantly bombarded with tedious training after training, since 2018. They plant in your head that GDPR is something you must be very aware of and be vigilant what you do, otherwise... you will be sacked, punished, you could even face prison time for an accidental mistake. So, It seemed a serious organisation and it is quite nice to think our personal data is so well looked after!
Well, sadly is not the case,they instead laugh at the tax payer, they do NOTHING and less. They are absolutely useless and a waste of space.
I reported two incidents were data was kept and misused, I provided proof. However, In both occasions the outcome was "No further action", they did not find anything despite all the evidence. Of course, they did not even look, they must be using AI to answer emails (even though it took them 2 months).
They do not do anything, they just have to exist and waste our time and money as we still have to pay this usless organisation their salaries.
You should be ashamed.
Do not waste your time.

Company A, that I never had any contract with, told company B to send me bills for the service I don't receive. Company B is threatening me with a legal action. Both companies refuse to provide how they obtained my details and refuse to remove them, telling me to contact the other.

ICO's outcome is "no harm, no wider impact". There is nothing in ICO's response referring to anything I wrote in my complaint.

They looked at the category "no response to Subject Access Request" and just closed it without reading it.

Omg I knew before I looked I thought when I saw there page that they were professional but then I listened to excuses and unprofessional staff I thought another let down I contacted them about police failing to give me my data records witch I breaking law avoid this place massive let dow

Utterly useless.

My partner and I were the victim of fraud when our personal data was stolen and sold on by a sham company (who are still operating). We lost thousands and incurred damage to our property.

ICO have seen the evidence of illegal, intentional, and fraudulent data breach right before their eyes, and have come up with absolutely nothing to bring the perpetrators to account, other than to tell us they won't be taking it any further.
They have provided no reason as to why. Zero. They effectively admitted *themselves* that the company were breaking the law and that they had received similar complaints from other victims about the same business.

This is a perfect example of a complete waste of taxpayers' money. They literally have *one* job and they effectively do nothing towards delivering it.
(Hopefully the next government will close them down or drastically shake them up.)

Message to any individuals or businesses who are thinking of breaking personal data protection law:

"Go ahead, be as blatant as you like, break the law, as the ICO will do absolutely zero to hold you to account and you'll get away with it every time."

It takes 40 weeks to receive a response from the ICO for an organisation that didn't respond to a FOI request? What an absolute joke. A pointless and pathetic excuse of a service. Shut this organisation down immediately.

You’d get a lot more help out of a quick google search. Waste of time don’t bother, try and hurry you away because they can’t be bothered. Hopefully the actual process is different but given the 96% 1 star review, I’ve no faith at all. Clearly don’t care either no wonder

ICO Case IC-359278-P6V5 & IC-357745-H5X6:

GDPR – Right to Rectification: The ICO provides guidance indicating that individuals have GDPR-RTR rights to request amendments to medical records and inaccurate data held by public organisations.

However, when NHS Tayside and the SPSO declined to rectify their data, the ICO permitted these organisations to accept a respond to challenges regarding data accuracy, with the onus placed on me to provide supporting evidence.

Comprehensive medical records and clear process failures were submitted to the ICO. Nevertheless, these details were not utilised to persuade the agencies involved to align their practices with the ICO’s GDPR-RTR principles or to resolve the issue in accordance with their guidance.

On appeal, the ICO Team Leader upheld the original case officer's decision, and my complaint was not supported.
The ICO concluded that if I wished to amend my medical records or data, the appropriate course of action would be to seek resolution through the courts.
As a result, the inaccurate data remains uncorrected within my complaints about these organisations.

It is important for the ICO to either enforce its stated data principles or reconsider their presentation on the website and in practice.
My experience confirms that the current approach may not yield effective outcomes for individuals seeking rectification.

What an utter waste of time for everyone and a waste of Government spending.

I would have scored this service with a ZERO if it was an option.

Gave evidence the received and email saying 29 weeks, Then a reply two weeks later to say they will not invesitage but use for information only, A waste of time and Energy for an Organisation that is useless and should be scrapped

Contacted them after Equifax told me that they had breached DPA by telling me the answers to my security questions without doing security. Provided a screenshot of their admission.
Received a response saying that they "couldn't find a reason to uphold my complaint" even though I provided evidence that the company admitted it!
Isn't the first time that I complained about DPA issues, including a DSAR I needed for a court case taking 90 days instead of 30.
Complaints ignored.
Absolutely useless

Yet another pointless organisation designed to extract money from small businesses while offering absolutely nothing in return. There is no service, no support, no benefit, and no value, just a demand for payment backed by legal threats. This is not regulation, it’s forced funding. You pay because you’re bullied into it, not because it helps your business in any way. Small businesses are already suffocating under endless costs, and organisations like this exist purely to drain money under the excuse of “compliance”. The reality is simple: pay up or be punished, regardless of whether you gain anything. Completely detached from real-world small business struggles.
A textbook example of bureaucracy feeding itself while offering zero practical value.

Absolutely appalling service in My experience they been extremely slow and largely unresponsive. I repeatedly had to chase for basic progress. When responses did arrive, they felt overly deferential to the organisation refusing disclosure, rather than focused on enforcing statutory access rights. Overall, I found the service ineffective and not fit for purpose.

Two companies refused to provide me with my personal data as required by law. Complained to ICO.

About three, yes three months later, they simply said ‘we have noted this’. Why on earth didnt they take action such as instructing them to provide the info?

Whats the point in a law companies can simply ignore? And whats the point of a regulator who doesn’t regulate?