Written by The ICO has positioned itself as a champion of information rights in the United Kingdom. Yet, its consistent failure to enforce data protection laws and hold organisations accountable has rendered it not just ineffective but complicit in enabling criminal activity. Under the leadership of John Edwards, the ICOโs decision to prioritise โadvisoryโ roles over enforcement is a dereliction of duty with devastating real-world consequences.
Failing the Public, Enabling Harm
Behind every unresolved complaint or overlooked breach is a human story โ and often, a story of profound harm. Take, for example, the case of a woman who was raped, with CCTV footage held by police and the car park owner that showed her being dragged into a car by her attacker. Despite the gravity of this evidence, it is alleged that the footage was suppressed. When she submitted a Subject Access Request (SAR) to obtain this footage, it was rejected. The ICO, presented with this blatant disregard for data protection law, failed to issue an enforcement order or take any meaningful action, leaving the victim without recourse and justice unserved.
Or consider firms that deliberately conceal information to avoid legal accountability. These arenโt just administrative oversights; they are calculated acts that undermine justice. By failing to enforce its own regulations, the ICO is allowing organisations to circumvent the law, shielding them from scrutiny and leaving individuals powerless.
Each inaction by the ICO sets a dangerous precedent, creating an environment where organisations know they can flout the rules without fear of consequences. The ICOโs failure to act in these cases is not just negligence; it is enabling criminal behaviour.
John Edwardsโ Approach: A Catastrophic Misstep
In 2022, John Edwards presented a vision of the ICO as a regulator focused on advice rather than enforcement. โWe must ensure proportionality,โ he claimed, emphasising collaboration over punishment. Three years later, it is painfully clear this approach has failed.
Advisory letters and “slaps on the wrist” do little to deter organisations engaged in systematic violations of data protection laws. In prioritising โgentle guidanceโ over tangible enforcement, the ICO has abandoned its role as a watchdog. It has become a lapdog โ one that barks but never bites. And the consequences of this failure are severe. Lives are being ruined, crimes are being facilitated, and trust in the regulator has all but evaporated.
Ruining Lives Through Inertia
The ICOโs inaction doesnโt exist in a vacuum; it directly affects lives. When organisations refuse to disclose critical data or fail to protect sensitive information, the repercussions are devastating. Victims of crime, whistleblowers, and vulnerable individuals are left stranded, unable to access the information they need to seek justice or protect themselves.
Even more troubling is the ICOโs apparent lack of urgency in addressing systemic abuses. From public sector bodies mishandling sensitive data to private companies evading accountability, the ICOโs inertia is a green light for bad actors. In many cases, itโs not just about incompetence โ itโs about enabling harm.
A Regulator Beyond Repair?
โThe ICO isnโt just failing to protect the public; itโs actively enabling wrongdoing by refusing to act,โ I said in a recent statement. This is not hyperbole. The ICOโs failure to enforce its powers is emboldening criminals and undermining the very laws it is meant to uphold. If John Edwards genuinely believes his โadvisoryโ approach is working, he is either dangerously naive or wilfully blind to the evidence.
But the problem goes deeper than Edwardsโ leadership. The ICO as an institution is no longer fit for purpose. It has become a bureaucratic behemoth incapable of fulfilling its mandate. Incremental reform will not suffice. The ICO must be dismantled and rebuilt from the ground up with a renewed focus on enforcement and accountability. And that process should begin with John Edwardsโ resignation.
A Call for Action
The ICOโs failure to act is not just a professional failing; it is a moral one. By ignoring legitimate complaints, it is enabling crimes that devastate lives and destroy trust in the justice system. It is time to stop giving the ICO the benefit of the doubt. It is time to demand better.
The ICO must become a regulator with teeth, capable of delivering justice and protecting the public. Until that happens, every moment of inaction becomes another betrayal of trust, another opportunity for harm, another life left in jeopardy. We cannot stand idly by. Lives hang in the balance.
Disclaimer: This article reflects publicly known cases and systemic issues associated with the ICOโs performance under John Edwards. The opinions expressed are based on personal observations and publicly available data.