Security News > 2020 > January > UK data watchdog kicks £280m British Airways and Marriott GDPR fines into legal long grass
The UK Information Commissioner's Office has kicked £280m in data breach fines against British Airways and US hotel chain Marriott into the long grass.
As spotted by City law firm Mishcon de Reya, the ICO has extended the time before it will fine the two companies what it claimed would be a total of £282m, split between BA's £183m and Marriott's £99m. In a statement the UK's data protection regulator said: "Under Schedule 16 of the Data Protection Act 2018, BA and the ICO have agreed to an extension of the regulatory process until 31 March 2020. As the regulatory process is ongoing we will not be commenting any further at this time."
The ICO threatened British Airways with the jumbo-sized fine after the airline suffered the breach of 380,000 people's personal and financial details between August and September 2018.
Mishcon's data protection adviser, Jon Baines, told The Register that he suspected both companies had deployed similar legal arguments to Facebook when it fought back against a Cambridge Analytica-linked fine.
"Assuming," continued Baines, "That BA and Marriott decided they should not simply accept the intended fines, they will have no doubt put whatever they think is an appropriate legal budget towards making representations - when threatened with a fine in the tens of millions of pounds, such a budget might well dwarf the ICO's.".