Privacy and Electronic Communications Regulation


The Information Commissioner’s Office (ICO) has published an update confirming its plans to cease enforcement of certain breaches of regulation 5A of the Privacy and Electronic Communications Regulations 2003 (PECR) against public electronic communications service providers (CSPs). Regulation 5A PECR requires CSPs to notify the ICO within 24 hours of becoming aware of a personal data breach. The ICO initially published a statement on 20 January 2023 which stated that it had decided to stop…