United Kingdom: Information Commissioner's Office closes consultation on guidance concerning sharing personal data to prevent, detect, and investigate scams and fraud

On 31 December 2025, the Information Commissioner’s Office (ICO) closes the consultation on its guidance originally published in November 2024 on sharing personal information when preventing, detecting, and investigating scams and frauds. The guidance describes how organisations can share personal information in compliance with the UK General Data Protection Regulation and the Data Protection Act 2018 to support scam and fraud mitigation. It outlines ICO’s regulatory approach, promoting responsible data sharing while protecting information rights. It sets expectations for carrying out data protection impact assessments, clarifying controller roles, formalising data sharing agreements, identifying lawful bases including legitimate interests, safeguarding criminal offence data, complying with data protection principles, and ensuring processes that uphold people’s rights. It emphasises the role of telecommunications, financial services, and digital platforms in collaborative data sharing to reduce harm to people.