Skip to main content
SpringerLink
Log in
Book cover

Enforcing Privacy pp 287–305Cite as

How Effective Are Fines in Enforcing Privacy?

  • Chapter
  • First Online:

Part of the book series: Law, Governance and Technology Series ((ISDP,volume 25))

Abstract

Little, if any, research has been carried out on the effectiveness of fines, despite their being increasingly used by regulators. This chapter will look at monetary penalties, how regulatory authorities decide on the size of a fine, what factors influence that decision and how much information about this is provided to data controllers. Particular attention will be paid to the practice of the UK regulator, the Information Commissioner’s Office, which has considerable, albeit recent, experience in levying fines, mainly but not exclusively for security breaches. The chapter will consider available information on the impact of fines in the data controller community, for example, the practices of the UK health and local government authorities. The chapter will consider whether regulators should pay more attention to uniformity and consistency in the severity of fines and when to levy them, and in doing so will consider pan-EU co-operation in fining international data controllers. Apart from the deterrent effect, what other purposes could fines fulfil? For example, to what extent should fines be used to fund data protection regulation? Where data subjects have suffered damage or loss, should the fine ensure those individuals are recompensed for the damage they have suffered? The chapter also considers alternatives to fines, and in what circumstances these may be more effective in enforcing privacy rights.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    European Commission, Proposal for a Regulation of the European Parliament and of the Council on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation ), COM(2012) 11 final, Brussels, 25 January 2012.

  2. 2.

    By way of an example, between April and December 2013, 1,152 data breach incidents were reported to the ICO whilst only 15 monetary penalty notices were issued during the same period (a ratio of approximately 1 in 77 reported breaches resulting in a monetary penalty notice). We can also assume that a large number of breaches go unreported. See ICO Enforcement trends report: http://ico.org.uk/enforcement/trends

  3. 3.

    Section 55A-E, UK Data Protection Act 1998 and the Data Protection (Monetary Penalties ) (Maximum Penalties and Notices) Regulation s 2010. The complete text can be found here: http://www.legislation.gov.uk/ukpga/1998/29/contents

  4. 4.

    Brighton and Sussex University Hospitals NHS Trust on 28 May 2012.

  5. 5.

    Scottish Borders Council v ICO (EA/2012/0212). The First-Tier Information Tribunal hears appeals from notices issued by the ICO regarding breaches of the law regarding Freedom of Information, Data Protection and the Privacy and El ectronic Communications Regulations.

  6. 6.

    The Data Protection Act 1998 (Commencement No. 4) Order 2015.

    http://www.legislation.gov.uk/uksi/2015/312/pdfs/uksi_20150312_en.pdf

  7. 7.

    Information Commissioner’s Office, Communicating enforcement activities, ICO Corporate Affairs policy, Version 5 final, Wilmslow, 11 November 2010.

    https://stewartroom.co.uk/wp-content/uploads/2014/08/UK-ICO-Communicating-Enf-Activities-Nov-2010.pdf

  8. 8.

    See, for example, the MPN issued against Gary McNeish on 26 November 2012 (the ‘Tetrus Telecoms’ case).

  9. 9.

    In October 2013, Christopher Niebel successfully had his MPN of £300,000, issued for sending unsolicited spam text messages, overturned by the First-Tier Information Tribunal on this basis.

  10. 10.

    UK Department for Culture, Media and Sport, Privacy and Electronic Communications (EC Directive) (Amendment) Regulation s 2015, 24 February 2015.

    http://www.legislation.gov.uk/uksi/2015/355/pdfs/uksi_20150355_en.pdf

  11. 11.

    We are not suggesting this would always be the case, as there are instances where the PECR could be breach ed by an omission or a negligent act, for example, by failing to adequately maintain opt-outs .

  12. 12.

    For the Information Commissioner’s guidance about the issue of monetary penalties prepared and issued under section 55C (1) of the Data Protection Act 1998, issued 2012, see Information Commissioner’s Office, Guide to data protection, 2.2.20, Wilmslow, 31 March 2015.

    http://ico.org.uk/enforcement/~/media/documents/library/Data_Protection/Detailed_specialist_guides/ico_guidance_on_monetary_penalties.pdf

  13. 13.

    Scottish Borders Council v ICO (EA/2012/0212).

  14. 14.

    MPN issued against Andrew Crossley trading as ACS Law, 9 May 2011.

  15. 15.

    MPN issued against Sony Computer Entertainment Europe Limited, 14 January 2013.

  16. 16.

    Brighton and Sussex University Hospitals NHS Trust in June 2012.

  17. 17.

    The “Tetrus Telecoms” case, in November 2012.

  18. 18.

    MPNs issued against A4e Limited and Hertfordshire County Council, respectively, on 22 Nov 2010.

  19. 19.

    MPN issued against North East Lincolnshire Council, 15 October 2013.

  20. 20.

    Enforcement Notice served on Chief Constable of Derbyshire Police, 18 June 2013.

  21. 21.

    Enforcement Notice served on Glasgow City Council, 4 June 2013.

  22. 22.

    Information Commissioner’s Office, Communicating enforcement activities, ICO Corporate Affairs policy, Version 5 final, Wilmslow, 11 November 2010.

    https://stewartroom.co.uk/wp-content/uploads/2014/08/UK-ICO-Communicating-Enf-Activities-Nov-2010.pdf

  23. 23.

    www.cnil.fr/english/

  24. 24.

    Information Commissioner’s Office, “Police use of ‘Ring of Steel’ is disproportionate and must be reviewed”, news release, 24 July 2013. http://ico.org.uk/news/latest_news/2013/Police-use-of-Ring-of-Steel-is-disproportionate-and-must-be-reviewed-24072013

  25. 25.

    http://www.ftc.gov/news-events/press-releases/2014/01/apple -inc-will-provide-full-consumer-refunds-least-325-million

  26. 26.

    http://www.ftc.gov/news-events/press-releases/2012/08/google-will-pay-225-million-settle-ftc-charges-it-misrepresented

  27. 27.

    Reding, Viviane, “The EU Data protection reform: helping businesses thrive in a digital economy”, SPEECH/14/37, European Commission, 19 Jan 2014. http://europa.eu/rapid/press-release_SPEECH-14-37_en.htm

  28. 28.

    http://www.eerstekamer.nl/behandeling/20150210/gewijzigd_voorstel_van_wet

  29. 29.

    Financial Conduction Authority, 2014 fines.

    http://www.fca.org.uk/firms/being-regulated/enforcement/fines/2014

References

Download references

Author information

Authors and Affiliations

  1. Privacy and Information Law, Fieldfisher LLP, Riverbank House, 2 Swan Lane, EC4R 3TT, London, UK

    Hazel Grant

  2. Associate Bristows LLP, 100 Victoria Embankment, EC4Y 0DH, London, UK

    Hannah Crowther

Authors
  1. Hazel Grant
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hannah Crowther
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hazel Grant .

Editor information

Editors and Affiliations

  1. Trilateral Research, London, United Kingdom

    David Wright

  2. Vrije Universiteit Brussel Law, Science, Technology & Society (LSTS), Brussels, Belgium

    Paul De Hert

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Grant, H., Crowther, H. (2016). How Effective Are Fines in Enforcing Privacy?. In: Wright, D., De Hert, P. (eds) Enforcing Privacy. Law, Governance and Technology Series(), vol 25. Springer, Cham. https://doi.org/10.1007/978-3-319-25047-2_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25047-2_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25045-8

  • Online ISBN: 978-3-319-25047-2

  • eBook Packages: Law and CriminologyLaw and Criminology (R0)

Publish with us

Policies and ethics

Search

Navigation