The U.K. Information Commissioner’s Office’s (ICO) fines against British Airways, Marriott, and Ticketmaster are among the largest under the General Data Protection Regulation (GDPR) this year. Yet in each case—and in their representations to the data regulator—the companies held accountable said it was their third-party service providers that were at fault.
