Canada: UK Information Commissioner’s Office issued provisional findings and proposed fine to 23andMe following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations

UK Information Commissioner’s Office issued provisional findings and proposed fine to 23andMe following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations

On 24 March 2025, the UK Information Commissioner’s Office (ICO) issued provisional findings, a notice of intent to impose a fine of £4.59 million, and a preliminary enforcement notice to 23andMe. This action followed a joint investigation with the …

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

other service provider

Implementation Level

bi- or plurilateral agreement

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2024-06-10

under deliberation

On 10 June 2024, the Office of the Privacy Commissioner of Canada (OPC) announced that they had lau…

2025-03-24

under investigation

On 24 March 2025, the UK Information Commissioner’s Office (ICO) issued provisional findings, a not…

2025-06-17

in force

On 17 June 2025, the UK Information Commissioner’s Office (ICO) and the Office of the Privacy Commi…

Description

UK Information Commissioner’s Office issued provisional findings and proposed fine to 23andMe following joint investigation with Office of the Privacy Commissioner of Canada regarding compliance with cybersecurity regulations

Scope

Complete timeline of this policy change