Ofcom moves in to protect UK mobile users from loyalty punishments

The UK’s telecom regulator believes out-of-contract mobile users could have saved millions if telcos offered the best deal available, and has released new measures to protect them from being treated unfairly.

After nearly a year’s research the regulator has found that on average the out-of-contract customers, those who have taken out a handset/airtime bundle contract and stay with the operator after the contract runs out, are paying £11 more per month than if they have been offered a better alternative, e.g. a comparable SIM-only deal. This would take the total amount of over-payment made by the 1.4 million out-of-contract customers to £182 million a year.

“Our research reveals a complex mobile market, where not everyone is getting a fair deal. So we’re introducing a range of measures to increase fairness for mobile customers, while ensuring we don’t leave existing customers worse off,” said Lindsey Fussell, Ofcom’s Consumer Group Director.

The new measures introduced today, published in a release titled “Helping consumers to get better deals in communications markets: mobile handsets”, focus on three areas:

  1. Transparency of contract details: mobile operators offering bundle contracts should tell customers the cost of the handset and the cost of airtime separately. This is in line with new EU rules, but Ofcom has decided to introduce it to the UK despite  the decision to leave the EU.
  2. Time limit on “split contract”: this refers to the kind of contacts that a customer would pay for the handsets and usage separately. The new rule would cap such contracts to 24 months, to avoid customers being locked in one contract for to long and to make switching operators easier.
  3. Concretised measure to treat customers fairly, following the more vague “Fairness for Customers” commitment the operators signed up to. Specifically, it requires mobile operators to tell customers that their contract is going to end, and to explain to them the best available deals including SIM-only deals. The easy way of switching operators with a text message that was laid out in June is also coming into effect this month.

Ofcom also declared the first victories in operator endorsements. “All the major mobile companies – except Three – will also be reducing bills for millions of customers who are past their initial contract period,” Fussell said.

O2 and Virgin Mobile will charge their out-of-contract customers the equivalent 30-day SIM-only deal, while both EE and Vodafone are going to reduce the price for their customers out-of-contract for more than three months, though they will only confirm the level of discount by the end of the year. The discount will become effective next February.

“Three is the only major provider that has refused to apply any discount to its out-of-contract customers. As a result, these customers will continue to overpay and will not receive similar protections if they stay on their current deal,” the Ofcom statement said.

The regulator also announced that later this year it will publish its findings on broadband prices, and why some customers find their broadband bills higher than others.

BT faces another Ofcom probe

Ofcom has kicked-off an investigation to determine whether BT has complied with regulations concerning Excess Construction Charges (ECCs).

The ECCs are effectively charges for extra work BT-owned Openreach has to do to meet customer-specific network construction requirements. After the first £2,800 in excess cost, BT has been allowed to balance the spreadsheets with a standard connection charge for all relevant business connectivity services. BT has admitted it may not have applied the charge correctly and could be in-line for some wrist-slapping from the regulator.

“BT has provided Ofcom with information indicating that it may not have correctly applied the ECC exemption to a number of relevant business connectivity orders since the beginning of the ECC exemption regime,” an Ofcom statement reads.

“Having considered the information provided by BT, we have decided to open an investigation to examine whether there are reasonable grounds to believe that BT has failed to comply with its obligations under the following SMP conditions from 16 May 2014.”

Although some might suggest that a wholesaler such as Openreach should wear the cost of constructing its own assets, there are some exceptions. Occasionally, when delivering a new high-capacity leased line, for example, additional costs need to recouped by Openreach. This would be considered reasonable business practice, assuming Openreach plays fairly and by the rules.

Thanks to a prior Business Connectivity Market Review conducted by Ofcom, pricing controls have been placed on Openreach. Since 16 May 2014, the firm has been under these pricing restrictions in the pursuit of fairness.

As with most of these statements from Ofcom, there is little information for the moment. However, as BT informed the regulator of the potential over-charging, it would appear this is a case where judgment has already been reached. All Ofcom has to do now is understand the severity of the non-compliance and dish out a suitable penalty.

Switzerland surprised to hear it will be regulating Facebook’s cryptocurrency

In a testimony before the US Senate Facebook indicated its Libra cryptocurrency will run from Switzerland, but it forgot to ask the Swiss if that was OK.

David Marcus, who is heading up Libra on Facebook’s behalf, testified before the US Senate Banking Committee in response to profound alarm from US lawmakers at the prospect of the social media giant developing its own currency. According to CNBC he said the data and privacy regulation of the currency will be overseen by a Swiss agency, as that’s where Libra will be based, but they say that’s the first they’ve heard of it.

In his testimony, which you can watch in full here if that’s your thing, Marcus said the Swiss Federal Data Protection and Information Commissioner (FDPIC) will keep an eye on the data protection side of things, which must have only offered partial reassurance to US senators worried their citizens were vulnerable to having their data exploited yet again.

Imagine their horror, then, when they read the CNBC report and learned that Facebook and its Libra pals haven’t even made contact with the FDPIC yet. This failing, later confirmed by Facebook itself, it just the latest slip-up in what has been a frankly shambolic launch. You’d think Facebook would have dotted every ‘i’ and crossed every ‘t’ before unveiling a grand plan to revolutionise the global banking system and its failure to even check in with one of the proposed regulators it just embarrassing.

As TechCrunch notes, the data privacy side of all this is arguably the greatest concern as there will apparently be little control over developers that use the platform. Given the negative consequences of a fairly minor misuse of Facebook user data by Cambridge Analytica it’s baffling to see Facebook be so cavalier about this. The likelihood of Libra ever being set free is, on balance, increasingly small.

Amazon becomes the latest giant to face Europe’s antitrust wrath

The European Commission has formally opened an antitrust investigation into Amazon’s dual role as a retailer and marketplace and how it uses data derived from independent retailers.

Europe has a track-record of taking on the industry’s biggest players on the grounds of antitrust and Amazon is next in-line. The case which the European Commission will attempt to prove is that Amazon abused its position of power as a leading eCommerce platform, using this position to aid it in selling its own products.

“European consumers are increasingly shopping online,” said Margrethe Vestager, Commissioner for competition policy. “eCommerce has boosted retail competition and brought more choice and better prices.

“We need to ensure that large online platforms don’t eliminate these benefits through anti-competitive behaviour. I have therefore decided to take a very close look at Amazon’s business practices and its dual role as marketplace and retailer, to assess its compliance with EU competition rules.”

This investigation is based around two points which the European Commission hopes to prove are anticompetitive. Firstly, Amazon collects marketplace data from its third-party partners to inform its own sales strategies. Secondly, with a ‘buy box’ only available to certain partners, and the Commission wants to understand what impact this differentiation has on competition.

On the first point, as the overarching platform owner, Amazon is privy to sensitive marketplace information from independent retailers who sell products through the platform. Using this insight to create more effective sales strategies is very likely to fall foul of Europe’s competition rules, should Vestager be able to prove a competitive advantage.

On the subject of Vestager, perhaps this is not the last we will hear from the bureaucrat. Vestager has worked up a reputation over the last few years for taking on some of the US’ most influential, and sometimes slippery, technology companies. With Vestager’s tenure at the European Commission ending in October, perhaps she will be aiming to make a bigger splash.

This is also not the first time Amazon has found itself on the bad-side of Vestager either. In 2017, Amazon was forced to pay €250 million in back taxes to Luxembourg, after the relief which was offered to the internet giant between 2003 and 2016 was deemed illegal.

The second point focuses on the ‘buy box’. This feature allows customers to add items from some retailers directly to their shopping carts. As not all retailers are able to access the feature, the European Commission would like to understand how this impacts competition. It is also not entirely clear why some retailers are able to access this feature and others are not.

Unfortunately for Amazon, this difficult situation is not one which will be resolved quickly. In such cases, due to the complexity of digital businesses and the vast amount of information involved, the European Commission has not set itself a deadline to conduct the investigation.

Another element to consider is the criticism faced by Amazon in the US. Not only has the eCommerce platform found itself as an enemy of the White House, the other aisle is poking. Senator Elizabeth Warren, a Democrat candidate for the 2020 Presidential campaign, wants to ban companies from operating and selling on a platform simultaneously.

With an antitrust case in Europe, potential enemies on both sides of the Presidential campaign, various Congressional committees investigating big tech, Germany’s anti-trust authority sniffing at the front door and its fulfilment centres never too far away from controversy, Amazon is not in the most comfortable of positions.

DT gets slap on wrist for net neutrality naughtiness

Deutsche Telekom has found itself on the wrong side of right after its ‘Stream On’ offering was found to break European net neutrality rules.

After the Federal Network Agency (BNetzA) imposed restrictions on the telco on the grounds of net neutrality, DT took to the courts to fight the decision. Unfortunately, the lower courts and today in the Higher Administrative Court in Muenster, it was confirmed the telco would no-longer be able to offer the ‘Stream On’ value add feature in its current form.

The issue which the telco is facing boils down to the small print. DT customers have found themselves to have traffic throttled and are unable to make use of the ‘Stream On’ feature outside the German borders, violating European rules on roaming.

‘Stream On’ was first introduced to customers in the US, with the German business following suit after witnessing the success. Offering zero-rating benefits on video streaming, the proposition proved to be as successful in Europe, with two million German customers signed up.

It is of course a strategy which will sound attractive to the data-intensive consumers of today. With entertainment and gaming content from selected partners not bleeding the monthly data allotments, it sounds very interesting, however it seems DT is a victim of its own sluggishness.

One of the issues which BNetzA found was on the data throttling side of the offer. For cheaper data tariffs, download speeds were throttled with the critics arguing this violated one of the key principles of net neutrality, irrelevant as to whether the user consented to the downgraded speeds.

For the tariffs at the bottom end of the scale, download speeds had been throttled to 1.7 Mbps. This might have been sufficient at some point, but at this is not fast enough to deliver a HD quality resolution, the courts decided it was undermining the rules.

Secondly, in limiting the zero-rating offering of ‘Stream On’ to its own borders, DT has also been found to have broken European roaming rules. As the free data stream ended at the border, the courts agreed with regulators that the user was effectively being ‘charged’ for using video and gaming services when in another country. Charging more for services while abroad is a no-no when it comes to the European Union’s rules on roaming.

Although the telco will not be happy with the outcome of this case, it is not the end for the ‘Stream On’ proposition. With two million users signed up, it is clearly at attractive value add for DT, but the telco will have to tweak the small print and update some permissions to ensure it is compliant with current regulations.

‘No technical grounds’ to ban Huawei says UK Parliament committee

Chair of the Science and Technology Committee in the UK, Norman Lamb, has stated there is not enough technical evidence to ban Huawei and is demanding a final decision by the end of August.

In a letter written to Jeremy Hunt, Secretary of State for Digital, Culture, Media and Sport (DCMS), Lamb has demanded a conclusion to the Supply Chain Review which has staggered the progress of 5G networks in the UK. Many in the industry have become increasingly frustrated with the state of purgatory which has loomed over the UK telecoms industry, and now the influential Science and Technology Committee has had enough.

“Following my Committee’s recent evidence session, we have concluded that there are no technical grounds for excluding Huawei entirely from the UK’s 5G or other telecommunications networks,” said Lamb.

“The benefits of 5G are clear and the removal of Huawei from the current or future networks could cause significant delays. However, as outlined in the letter to the Secretary of State for Digital, Culture, Media and Sport, we feel there may well be geopolitical or ethical considerations that the Government need to take into account when deciding whether they should use Huawei’s equipment.”

This is the interesting aspect of the letter to Wright. Lamb is effectively telling DCMS and the National Cyber Security Centre (NCSC) to hurry up and make a decision, but not to come to a conclusion too quickly as there are ethical and political considerations to account for. It’s a bit of a mixed message, but a deadline is perhaps overdue for this saga.

The message from Lamb is relatively simple; there are no technical grounds to ban Huawei. Quoting the NSCS’ assumption that 100% secure is impossible, suggesting a lack of concrete evidence against Huawei espionage, reasserting legal obligations placed on telcos to maintain security and pointing towards the international nature of supply chains nowadays are all points made by Lamb to suggest Huawei should be allowed to contribute to network infrastructure.

There are of course concessions make in the letter. Lamb is suggesting Huawei should be excluded from contributing to the network core, while there should also be a mechanism introduced to limit Huawei should it fail on-going competency tests and security assessments, but the message seems to be focused on the idea that Huawei is no more of a security threat than any other organization.

“Supply chains for telecommunications networks have been global and complex,” the letter states. “Many vendors use equipment that has been manufactured in China, so a ban on Huawei equipment would not remove potential Chinese influence from the supply chain.”

Another interesting point raised by Lamb is the legal obligation which has been placed on the telcos to ensure security. Communications infrastructure is a key component to today’s society, but the telcos are the ones who will suffer some of the greatest consequences for poor risk mitigation and due diligence. None of the telcos have raised concerns of an increased security risk from Huawei, and this should be taken as some of the most important evidence when considering the fate of the Chinese vendor.

Ultimately, this is action from the Government. It might kick-off some bickering between the parties (Lamb is a Liberal Democrat) and between departments, but finally someone is forcing DCMS and NSCS into a decision. It seems Lamb is not concerned about the distraction of a party leadership contest or Brexit, he simply wants an answer by the end of August.

Interestingly enough, this letter also forces DCMS into basing the outcome of the Supply Chain Review on politics. By stating there are no technical grounds for a ban, should Wright and his team want to exclude Huawei it will have to be done for another reason. Lamb has asked DCMS to consider the ethical and political weight of a decision, as well as the impact it might have on relationships with allies.

This is now a very difficult decision for DCMS. Lamb has seemingly taken technical considerations off the table; any ban would have to be political.

US refarms 2.5 GHz band from education to 5G

The US telecoms regulator has decided to redirect the 2.5 GHz band away from its current educational use to create more 5G spectrum.

The Federal Communications Commission is positioning this as a move to modernize the outdated regulatory framework for the 2.5 GHz band, which is apparently the single largest band of contiguous spectrum below 3 GHz. The band had been set aside for educational TV use and the FCC move removes any restrictions on who can use it and how. It had previously been made available for free but now the government gets to cash in on yet another auction.

At long last, we remove the burdensome restrictions on this band, allowing incumbents greater flexibility in their use of the spectrum, and introduce a spectrum auction that will ensure that this public resource is finally devoted to its highest-valued use,” said FCC Chairman Ajit Pai. “These groundbreaking reforms will result in more efficient and effective use of these airwaves and represent the latest step in advancing U.S. leadership in 5G.”

According to Pai, most educational users of this spectrum ended up leasing it out for commercial use anyway, which he seems to consider justification enough alone to take it off them. His full statement makes several oblique references to dissent among the FCC commissioners. The motion was opposed by two Commissioners and Pai infers that their obstruction could result in the US falling behind in the 5G race.

One of those dissenters was Jessica Rosenworcel, who often disagrees with Pai. Here’s her tweet on the matter.

“This order turns its back on the schools and educational institutions that have made the 2.5 GHz band their home since 1962,” said Rosenworcel in her statement.  “Today the FCC takes the innovative effort to infuse this band with learning opportunities—an initiative that dates back to the Kennedy Administration—and reverts to uninspired and stale commercial spectrum policy.

“This is a shame. Instead of using these airwaves in creative ways, we take the 2.5 GHz band, cut education from its mission and collapse this spectrum into an overlay auction system that structurally advantages a single nationwide carrier.” She then went on at considerable length about how important education is.

Commissioner Starks was the other dissenter and wrote an essay on the importance of the education sector having access to this spectrum that it made Rosenworcel’s efforts look like a memo. With boring inevitability the two dissenters are both affiliated to the republican party and the three in favour are all republicans, which makes you wonder whether there is any principle involved at all.

As Light Reading informs us, this spectrum is likely to be used largely for rural coverage and especially for fixed wireless access. The US is a big country and there are still plenty of coverage gaps to fill. The education sector is apparently bemoaning the decision but if it has been largely reselling the spectrum maybe it’s the revenue that it will miss the most.

France next on the list to be teased with Trump’s tariffs

The United States Trade Representative (USTR) has opened an investigation into France’s digital sales tax, a move which could lead to the European nation facing trade tariffs.

The digital sales tax in France has been viewed as a means to force internet companies to play fair. The creative accounting practices of these companies has ensured nominal tax has been paid to various European states, and France has had enough. The proposed tax has passed through the lower parliamentary house, the National Assembly, and is expected to get the final thumbs-up today from the Senate.

As a result, US Trade Representative Robert Lighthizer has announced the launch of an investigation under Section 301 of the Trade Act of 1974 of the Digital Services Tax (DST) into the French government. This is the very same tool used by the Trump administration to justify the introduction of tariffs against China due to the alleged theft of IP.

“The United States is very concerned that the digital services tax which is expected to pass the French Senate tomorrow unfairly targets American companies,” said Lighthizer.

“The President has directed that we investigate the effects of this legislation and determine whether it is discriminatory or unreasonable and burdens or restricts United States commerce.”

What is worth noting is that while many US companies might find themselves paying more tax, this is not necessarily a move to raid the US economy. This tax has been directed towards all digital companies who abuse the international tax system to the detriment of the French government and society irrelevant as to their nationality, it just so happens the US dominates the internet industry.

Many will view the French move as a gallant effort to hold the internet economy accountable, though it seems the US does not feel the same way; its own economy and society does of course benefit from the tax skulduggery.

The suggestion of the US imposing tariffs on the US comes two days after President Trump declared Indian tariffs on US goods should be a thing of the past.

The tax itself has been in the pipeline for some time, as European nations have become increasingly frustrated by the taxation strategies of the digital economy. Companies such as Google, Facebook and Amazon have been shifting profits freely throughout the world to ensure lower taxation rates are paid. This move from France, to impose a 3% sales tax on revenues realised within its borders, seems like an effective counter-punch.

What is worth noting is it is not just the US firms who are abusing this taxation system. Sweden’s Spotify is another which has played the system well. In the UK, as an example, the company reported revenues of £444 million over the course of 2017 but paid £891,425 in tax as it only reported advertising revenues in the country. Revenues associated with the ‘Premium’ subscription product were moved to Sweden where it could pay less tax.

France is not alone with its frustrations either. The UK is another nation which is considering its own digital tax reforms, while the European Commission attempted to pass bloc-wide rules recently. These rules were blocked by the likes of Ireland and Luxembourg, two countries who benefit significantly from the fleecing of other nations.

Now onto the US response. Section 301 and related provisions of the Trade Act offer the USTR the opportunity to investigate what it or the White House deem as a foreign country’s unfair trade practices. There will be a public consultation and lobby efforts from Silicon Valley and should the USTR conclude France is unfairly persecuting US business, tariffs could be directed towards imported cheese and garlic.

Tariffs are a popular weapon for Trump and the White House hacketmen on the international trade scene, as it is becoming increasingly common for US diplomats to huff and puff, while banging their chest and showing off their biceps when things don’t go their way.

Unfortunately, the US doesn’t really have a leg to stand on here, though the presence of logic will not persuade the hawks from their flightpath. Internet companies, all over the world for that matter, are taking advantage of a dated taxation system which allows them to grow bank accounts without recontributing to the country which has fuelled this prosperity. There is little which can be said to counter this position.

Interestingly enough, the move could spark wider tensions. The relationship between the White House and the European Union is already stressed and targeting a single member state might not be received well by the bloc. The US feels targeting a single member state is legitimate, though there might well be a bigger conversation to be had in Brussels.

With the clouds of tariffs already lurking above the European automotive industry, the US might find itself with another trade disagreement on its hands before too long.

Researchers point to 1,300 apps which circumnavigate Android’s opt-in

Research from a coalition of professors has suggested Android location permissions mean little, as more than 1,300 apps have developed ways and means around the Google protections.

A team of researchers from the International Computer Science Institute (ICSI) has been working to identify short-comings of the data privacy protections offered users through Android permissions and the outcome might worry a few. Through the use of side and covert channels, 1,300 popular applications around the world extracted sensitive information on the user, including location, irrelevant of the permissions sought or given to the app.

The team has informed Google of the oversight, which will be addressed in the up-coming Android Q release, receiving a ‘bug bounty’ for their efforts.

“In the US, privacy practices are governed by the ’notice and consent’ framework: companies can give notice to consumers about their privacy practices (often in the form of a privacy policy), and consumers can consent to those practices by using the company’s services,” the research paper states.

This framework is a relatively simple one to understand. Firstly, app providers provide ‘notice’ to inform the user and provide transparency, while ‘consent’ is provided to ensure both parties have entered into the digital contract with open eyes.

“That apps can and do circumvent the notice and consent framework is further evidence of the framework’s failure. In practical terms, though, these app behaviours may directly lead to privacy violations because they are likely to defy consumers’ expectations.”

What is worth noting is while this sounds incredibly nefarious, it is no-where near the majority. Most applications and app providers act in accordance with the rules and consumer expectations, assuming they have read the detailed terms and conditions. This is a small percentage of the apps which are installed en-mass, but it is certainly an oversight worth drawing attention to.

Looking at the depth and breadth of the study, it is pretty comprehensive. Using a Google Play Store scraper, the team downloaded the most popular apps for each category; in total, more than 88,000 apps were downloaded due to the long-tail of popularity. To cover all bases however, the scraper also kept an eye on app updates, meaning 252,864 different versions of 88,113 Android apps were analysed during the study.

The behaviour of each of these apps were measured at the kernel, Android-framework, and network traffic levels, reaching scale using a tool called Android Automator Monkey. All of the OS-execution logs and network traffic was stored in a database for offline analysis.

Now onto how these apps developers can circumnavigate the protections put in place by Google. For ‘side channels’, the developer has discovered a path to a resource which is outside the security perimeters, perhaps due to a mistake during design stages or a flaw in applying the design. With ‘covert channels’ these are more nefarious.

“A covert channel is a more deliberate and intentional effort between two cooperating entities so that one with access to some data provides it to the other entity without access to

the data in violation of the security mechanism,” the paper states. “As an example, someone could execute an algorithm that alternates between high and low CPU load to pass a binary message to another party observing the CPU load.”

Ultimately this is further evidence the light-touch regulatory environment which has governed the technology industry over the last few years can no-longer be allowed to persist. The technology industry has protested and quietly lobbied against any material regulatory or legislative changes, though the bad apples are spoiling the harvest for everyone else.

As it stands, under Section 5 of the Federal Trade Commission (FTC) Act, such activities would be deemed as non-compliant, and we suspect the European Commission would have something to say with its GDPR stick as well. There are protections in place, though it seems there are elements of the technology industry who consider these more guidelines than rules.

Wholesale changes should be expected in the regulatory environment and it seems there is little which can be done to prevent them. These politicians might be chasing PR points as various elections loom on the horizon, but the evolution of rules in this segment should be considered a necessity nowadays.

There have simply been too many scandals, too much abuse of grey areas and too numerous examples of oversight (or negligence, whichever you choose) to continue on this path. Of course, there are negative consequences to increased regulation, but the right to privacy is too important a principle for rule-makers to ignore; the technology industry has consistently shown it does not respect these values therefore will have to be forced to do so.

This will be an incredibly difficult equation to balance however. The technology industry is leading the growth statistics for many economies around the world, but changes are needed to protect consumer rights.

ICO gets serious on British Airways over GDPR

The UK’s Information Commissioner Officer has swung the sharp stick of GDPR at British Airways and it looks like the damage might be a £183.39 million fine.

With GDPR inked into the rule book in May last year, the first investigations under the new guidelines will be coming to a conclusion in the near future. There have been several judgments passed in the last couple of months, but this is one of the most significant in the UK to date.

What is worth noting is this is not the final decision; this is an intention to fine £183.39 million. We do not imagine the final figure will differ too much, the ICO will want to show it is serious, but BA will be giving the opportunity to have its voice heard with regard to the amount.

“People’s personal data is just that – personal,” said Information Commissioner Elizabeth Denham.

“When an organisation fails to protect it from loss, damage or theft it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The EU’s GDPR, General Data Protection Regulation, offers regulators the opportunity to fine guilty parties €20 million or as much as 3% of total revenues for the year the incident occurred. In this case, BA will be fined 1.5% of its total revenues for 2018, with the fine being reduced for several reasons.

In September 2018, user traffic was directed towards a fake British Airways site, with the nefarious actors harvesting the data of more than 500,000 customers. In this instance, BA informed the authorities of the breach the defined window, co-operated during the investigation and made improvements to its security systems.

While many might have suggested the UK watchdog, or many regulators around the world for that matter, lack teeth when it comes to dealing with privacy violations, this ruling should put that preconception to rest. This is a weighty fine, which should force the BA management team to take security and privacy seriously; if there is one way to make executives listen, its hit them in the pocket.

This should also be seen as a lesson for other businesses in the UK. Not only is the ICO brave enough to hand out fines for non-compliance, it is mature enough to reduce the fine should the effected organization play nice. £183.39 million is half of what was theoretically possible and should be seen as a win for BA.

Although this is a good start, we would like to see the ICO, and other regulatory bodies, set their sight on the worst offenders when it comes to data privacy. Companies like BA should be punished when they end up on the wrong side of right, but the likes of Facebook, Google and Amazon have gotten an easy ride so far. These are the companies who have the greatest influence when it comes to personal information, and the ones which need to be shown the rod.

This is one of the first heavy fines implemented in the era of GDPR and the difference is clear. Last November, Uber was fined £385,000 for a data breach which impacted 2.7 million customers and drivers in the UK. The incident occurred prior to the introduction of GDPR, the reason the punishment looks so measly compared to the BA fine here.

The next couple of months might be a busy time in the office of the ICO as more investigations conclude. We expect some heavy fines as the watchdog bears its teeth and forces companies back onto the straight and narrow when it comes to privacy and data protection.