(United Kingdom) The regulatory process for the BA and Marriott fines is ongoing, says the ICO. COVID-19 appears to be the blocker for now. Compliance Week reports as follows:
The ICO press office confirmed Monday that “the regulatory process is ongoing” for both cases, adding that most enforcement efforts have been put on hold in light of the pandemic. The two GDPR fines, initially announced in July 2019, were each delayed for the first time earlier this year, and British Airways and Marriott have confirmed second extensions granted in their latest, respective annual reports.
In recently issued guidance, the ICO said, in part, that it “may give organizations longer than usual to rectify any breaches that predate the [coronavirus] crisis, where the crisis impacts the organization’s ability to take steps to put things right. All formal regulatory action in connection with outstanding information request backlogs will be suspended.”
Moreover, fines may ultimately be reduced. “As set out in the Regulatory Action Policy, before issuing fines we take into account the economic impact and affordability,” the ICO stated. “In current circumstances, this is likely to mean the level of fines reduces.”[…] In both cases, the ICO initially had six months from issuing the notices of intent within which it could issue a penalty notice, which would have been by January. Since that time, both companies have announced in their annual reports that extensions have been agreed upon.
(Privacy press clipping sourced via Compliance Week)
Jurisdiction: United Kingdom