United Kingdom: Information Commissioner's Office opened consultation on guidance concerning sharing personal data to prevent, detect, and investigate scams and fraud

On 6 October 2025, the Information Commissioner’s Office (ICO) opened a consultation on its guidance originally published in November 2024 on sharing personal information when preventing, detecting, and investigating scams and frauds. The guidance outlines how organisations can lawfully share personal information to mitigate data-enabled scams and fraud in compliance with the UK General Data Protection Regulation and the Data Protection Act 2018. It explains ICO’s regulatory approach supporting responsible data sharing that protects people while enabling organisations to operate efficiently. It provides expectations for conducting data protection impact assessments, determining responsibilities when acting as separate or joint controllers, using data sharing agreements, implementing appropriate safeguards for criminal offence data, identifying lawful bases such as legitimate interests, applying data protection principles, and enabling people to exercise their information rights. It highlights the importance of cross-sector data sharing across telecommunications, financial services, and digital platforms to prevent harm.