
FOI and communication
The Upper Tribunal recently considered the meaning of ‘reasonably practicable’ in s11 of the Freedom of Information Act. Jonathan Dixey analyses the ruling.
July 03, 2025
FOI and communication
News
Must read

Families refusing access to support
Is home a suitable option for residence and care for a vulnerable adult if their family refuses access to support? Sophie Holmes analyses a recent ruling.
Features


The scope and purpose of s166 DPA: a procedural and not a merits route of challenge
The Upper Tribunal has provided important clarification on s166 of the Data Protection Act and orders requiring the Information Commissioner to progress complaints, writes Francesca Whitelaw KC.
June 25, 2025
The scope and purpose of s166 DPA: a procedural and not a merits route of challenge

AI solutions: the contractual issues
What are the key contractual issues that public sector organisations should prepare for when implementing an AI solution? Justin Harrington explains.
June 25, 2025
AI solutions: the contractual issues

Generative AI and data protection
Justin Harrington sets out what UK public sector organisations need to know when it comes to generative AI and data protection.
Jun 20, 2025
Generative AI and data protection

AI in the UK public sector
In the first in a series of articles on the adoption of AI by the public sector, Justin Harrington sets out some use cases and provides a regulatory overview.
Jun 12, 2025
AI in the UK public sector

Information governance and AI
What is the role of IG professionals in AI governance? Ibrahim Hasan explains.
May 29, 2025
Information governance and AI
Webinars
Data Protection Essentials
The Hugh James team provide a guide of need-to-know information about the field of Data Protection law.
More features

Practical tips for DSARs
Vicky Bowles looks at how local authorities can reduce the burden of handling data subject access requests.
Data protection prosecutions and employer liability
Ibrahim Hasan considers the prosecution of employees for data protection offences and the potential liability of their employers.
The public sector and compliance with GDPR
The Information Commissioner’s Office has announced a review of its enforcement approach when it comes to the public sector’s compliance with GDPR. Ibrahim Hasan sets out the background to the announcement.
Facial recognition in schools
The Information Commissioner’s Office recently reprimanded a school for using facial recognition technology without carrying out a data protection impact assessment. Ibrahim Hasan looks at the ICO’s decision.
The King’s Speech: What now for AI regulation and Data Protection reform?
Ibrahim Hasan assesses the Labour Government’s proposed reforms in the AI and data protection fields.
Disclosure of information and immunity from suit
A High Court judge recently allowed an appeal against the striking out of a claim against a police force and the CPS which had claimed immunity from suit. Jon Baines explains why.
Processing biometric data: key considerations for your organisation
Laura Cook and Melanie Carter consider the Information Commissioner's Office’s (ICO’s) recent enforcement notice, issued against Serco Leisure, and its newly published guidance on the use of biometric data.
AI Regulation and the EU AI Act
2024 is going to be the year of AI regulation. As the impact of AI increases in our daily lives, governments and regulatory bodies globally are grappling with the need to establish clear guidelines and standards for its responsible use. Ibrahim Hasan looks at the latest developments.
Body worn camera footage
Ibrahim Hasan looks at the issues raised police misuse of body worn camera footage.
Delo: clarity on ICO complaints
In October last year, the Court of Appeal handed down a ruling providing some helpful clarity on the Information Commissioner’s responsibilities vis-á-vis the handling of complaints lodged by data subjects, writes Lucy Jones.
ICO guidance on monitoring workers: what do employers need to know?
The Information Commissioner’s Office (ICO) has published new guidance for employers on monitoring workers. This includes some useful commentary on lawful monitoring in the context of recent developments to working practices, including the rise in homeworking and the increased use of more advanced monitoring technology in the workplace, write Rachel Barnet and Hannah Pettit.
FOIA and aggregation of exemptions
“Exemption means Exemption” doesn’t cut it for the Court of Appeal: aggregation of exemptions is permitted under the Freedom of Information Act (FOIA). Ben Mitchell analyses a significant ruling.
The Information Commissioner's discretion to determine complaints
Philip Coppel KC sets out the key findings from a Court of Appeal ruling on the UK Information Commissioner's responsibilities when a data subject lodges a complaint that a data controller has infringed data protection law.
FOI backlogs at the forefront
FOI enforcement is a priority for the Information Commissioners Office. Ben Pumphrey and Alastair Turnbull examine the core duties of public bodies and the exemptions that exist.
Another day, another police data breach
Ibrahim Hasan looks at the lessons to be learned from the latest data breach involving a police force.
Beware misusing personal data
A claimant recently won a High Court damages claim against a London borough for misuse of personal data, with the council ordered to pay £6,000 in damages. Ibrahim Hasan explains why.
Operating CCTV lawfully
A county court judge has ruled that Islington Council’s operated its CCTV system lawfully. Sam Fowles explains why.
International data transfers
An international transfers breach has resulted in a record GDPR fine for Meta. Ibrahim Hasan explains why.
GDPR compensation claims: no threshold of seriousness
Robin Hopkins looks at an Austrian case that considered whether there was a threshold of seriousness for entitlement to compensation for data protection infringements.
Experian’s GDPR appeal: lawfulness, fairness, and transparency
Ibrahim Hasan looks at the lessons to be learned from Experian’s successful appeal against an enforcement notice issued by the Information Commissioner’s Office.
The new DP Reform Bill: what’s changed?
Ibraham Hasan looks at the Government’s latest version of proposed legislation in relation to data protection.
Rogue employees and personal data
Ibrahim Hasan looks at the Information Commissioner’s Office (ICO) approach to individuals who seek to access/steal data from their employers for personal gain, and the implications for those employers.
GDPR and AI: The Rise of the Machines
Ibrahim Hasan looks at the practical steps public sector organisations can take to ensure they are using AI lawfully from a data protection perspective.
ICO reprimand for misuse of children’s data: a proportionate response or a let off?
Last week, the Department for Education received a formal reprimand from the Information Commissioner’s Office (ICO) over a “serious breach” of the GDPR involving the unauthorised sharing of up to 28 million children’s personal data. But the Department has avoided a fine, despite a finding of “woeful” data protection practices. Ibrahim Hasan reports.
Subject access requests, delays and claims
Sarah Temperley explains how two ‘SAR claims’ were recently dealt with on behalf of different local authorities.
Subject access requests and delays
The Information Commissioner’s Officer recently took action against a range of public bodies over subject access delays. Ibrahim Hasan looks at the watchdog’s approach.
Damages for Data Protection Act breaches
The High Court has recently awarded £250 for a DPA breach at the “lowest end of spectrum”. Robin Hopkins analyses the ruling.
Cybercrime in the public sector — it’s time to pay more attention
Paul Wainwright explores recent experience and seeks to navigate through the latest Government policy reviews around cybercrime and offer some insight into the way public sector organisations should be thinking when addressing these issues.
Local authority companies and FOIA
Are local authority companies subject to the Freedom of Information Act 2000? Ikra Saghir examines the position.
The Data Protection and Digital Information Bill: A new UK GDPR?
In July the Government published the Data Protection and Digital Information Bill, the next step in its much publicised plans to reform the UK Data Protection regime following Brexit. Ibrahim Hasan sets out the key changes.
Director of Legal and Governance (Monitoring Officer)
£88,185 per annum
Senior Lawyer - Advocate
£46,731 - £49,764 per annum
Poll
in association with...
Events

CCTV, Drones and Body Worn Cameras: Ensuring Data Protection Compliance, Online - Act Now
05-08-2025 10:00 am
05-08-2025 10:00 am
Understanding GDPR Accountability and Conducting Data Protection Audits - Act Now
18-08-2025 10:00 am
18-08-2025 10:00 am