Mishcon de Reya page structure
Site header
Main menu
Main content section
Mishcon office interiror

Further delay in proposed ICO GDPR fine for Marriott

Posted on 2 October 2020

It is understood that, once more, the Information Commissioner's Office (ICO) and Marriott Inc. have mutually agreed an extension in the protracted process relating to a proposed fine under data protection law. In July 2019 the ICO announced an intention to fine Marriott £99m for infringements of the General Data Protection Regulation (GDPR), at the same time as it also said it intended to fine British Airways £183m. Although the law only normally allows the ICO six months to confirm an intended fine, both matters have instead been subject to repeated extensions (as we have discussed previously).

This latest extension (no doubt as a result of robust defence of its position by Marriott, just as BA is no doubt defending its position) will be likely to add to concerns about the ICO's ability, under the current regulatory scheme, to issue serious fines. Although GDPR allows for fines of up to 4% of global annual turnover, the only fine so far actually issued by the ICO under GDPR was one of £275,000.

It is also important to consider whether this all might impact on any pending decision by the EU as to the 'adequacy' of the UK's data protection regulatory regime post-Brexit.

How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

I'm a client

I'm looking for advice

Something else