Mishcon de Reya page structure
Site header
Main menu
Main content section
Mishcon de Reya client lounge

ICO agrees delay over GDPR fines with both BA and Marriott

Posted on 3 January 2020

In July last year the Information Commissioner's Office (ICO) confirmed, after the issuing of market notifications by the proposed recipients, that it intended to fine BA £183m and Marriott Inc. £99m for (separate) infringements of the General Data Protection Regulation (GDPR). These were "notices of intent" and not concluded fines. UK legislation gives the ICO just six months to convert a notice of intent to a fine, and those six months were, by approximate calculation, due to expire in early January. As we recently noted – the midnight hour was approaching. However, the law does allow the period to be extended if the ICO and the proposed recipient of the fine agree to an extension.

The ICO has now informed Mishcon de Reya that such an extension has indeed been agreed, saying "Under Schedule 16 of the Data Protection Act 2018, [both BA and Marriott] and the ICO have agreed to an extension of the regulatory process until 31 March 2020. As the regulatory process is ongoing we will not be commenting any further at this time.”

It is difficult to speculate just now on the reasons for the extension, but query whether settlements – similar to that agreed recently between ICO and Facebook – are being proposed.

How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

I'm a client

I'm looking for advice

Something else