Reset the ICO

The Information Commissioner's Office's (ICO) is failing us. It's time to reset the ICO.

Your data is precious. It reveals who you are, what you like, where you live and much more. Lots of people and organisations want to get their hands on it. Governments who want to track us, companies that want to profit from us and criminals who want to steal from us. This is why we need strong data protection laws and a strong regulator who will make sure they are followed.

In the UK, this regulator is the Information Commissioner's Office's (ICO) and they are consistently failing to protect our data privacy and uphold our rights.

Sign the petition calling to reset the ICO.

We need 500 signatures.

121 of 500 have signed the petition. Will you help us get 379 more?

Sign the petition!

The ICO is failing us. It's time for a reset.

Time and time again, the ICO has failed to protect our data rights.

They failed to formally investigate the Ministry of Defence over the leak of a spreadsheet detailing 19,000 people who were fleeing the Talibans – the worst data breach in UK history.

They ignored thousands of complaints from the public and allowed Meta to press ahead with plans to scrape its users data.

They ignored ORG and 70 other organisations who raised concerns about serious data breaches arising from the Home Office’s e-visa scheme.

In fact in 2024, the ICO took “regulatory action” in just one case out of the 25,582 complaints lodged with them.

Parliamentarians are starting to ask questions but they need to step up and demand a fundamental reset of the ICO.

Open Rights Group is calling on the Government to make the following changes so that the ICO protects the public not the powerful.

Sign the petition now.

Five steps to an effective ICO

1. Be accountable

The ICO should protect the public and defend our rights. Yet when people complain about infringements, the ICO often refuses to act. Currently, there is no effective way to challenge an ICO decision to close a complaint, no matter how serious the issue.

We want to give people the right to appeal ICO decisions to the Information Tribunal. The tribunal is free to use and would give the public a way to hold the ICO accountable when it fails to protect our rights.

2. Put the public first

The ICO should protect the public not the powerful. Instead, it too often bends to government pressure and big tech influence.  

Their primary responsibility should be to enforce the law, investigate complaints, and remedy infringements of information rights. We want to amend the ICO statutory framework to make this clear.

3. Be independent

A watchdog that answers to government is a lapdog. The ICO should be independent from the government so that it can hold it to account. Instead, it has a long history of appeasing government. Worse, the ICO recently signed a Memorandum of Understanding to work in partnership with government — making it even less likely to stand up to the government when they get it wrong.

Parliament — not ministers — should appoint the Information Commissioner and should enshrine legal protections against government interference in the ICO's work.

4. End corruption

The ICO has a history of senior staff leaving to go and work for big tech companies. We want to put a stop to the ‘revolving-door’ and ban the senior leadership of the ICO to seek or accept employment into regulated industries for a period of five years after they stop working for the data regulator. Staff should focus on protecting the public not placating big tech so they can get a job later.

5. Let public interest organisations represent the public

Public interest organisations like ORG should be able to act on behalf of the public. This would provide an alternative avenue for challenging unjust uses of data, give vulnerable individuals an accessible means to uphold their rights without exposing themselves. And it would benefit the ICO too by reducing their workload.

Take action!