The Information Commissioner’s Office is marking its 40th anniversary by detailing the most important moments in data protection and information rights over the past four decades.
The move comes amid a major overhaul of the ICO, which will be biggest shake-up of the regulator since Eric Howe was appointed as the UK’s first Data Protection Registrar back in 1984.
Under the proposals included in the Data (Use & Access) Bill, currently making its way through the House of Lords, the ICO will be replaced by the Information Commission, with a chair, chief executive and a board in line with other UK regulators.
The exhibition, dubbed: Our Lives, Our Privacy, includes 40 items that have shaped 40 years of data protection rights. From lawn aerator shoes to mobile phones to the Tesco Clubcard each is designed to represent how consumers’ relationship with privacy has evolved since 1984 through cultural, societal, political and technological changes, and how the regulator has evolved with it.
Bizarrely, GDPR, arguably the biggest overhaul in data protection for generations, does not get a single mention.
Recognising that privacy is personal and reflects people’s lived experiences, the ICO has left the “final plinth” empty and is encouraging people to put forward an object representing what privacy means to them.
The exhibition, which launches on the ICO’s website and will open in physical form at Manchester Central Library next April, covers four main themes: data sharing; freedom of information; action the ICO has taken to enforce and protect the public’s rights and how technology has affected privacy.
Among the events, is first Freedom of Information Act, passed in November 2002, giving everyone the legal right to question public authorities.
Perhaps the most famous use came in 2009, after the ICO ordered Parliament to disclose information it had been asked for about MPs’ expenses. The disclosure and subsequent public outcry over what was being claimed had huge repercussions, including prison sentences for some, and led to the creation of the Independent Parliamentary Standards Authority. This ended the self-regulation of MPs’ pay and expenses.
Meanwhile, it also details the 2007 HMRC data breach, which saw the Government department lose the personal information of all UK families claiming child benefit, when it posted two CDs to another Government department. The discs were never found and the data loss affected 25 million people. It was a stark reminder of the duty on all organisations to keep information safe and secure. The incident led to the ICO being given stronger powers.
The exhibition also includes the Cambridge Analytica case, one of the most expensive and controversial investigations ever carried out by any data protection authority anywhere in the world. Ultimately, Cambridge Analytica went bust so did not face any charges. Even so, the ICO failed to uncover any significant wrongdoing. Facebook eventually agreed to pay a £500,000 fine, but only after a settlement in which it made no admission of liability.
However, the issue did spark an increased public interest in privacy and how the information that we give away may reveal more than we intend.
Commissioner John Edwards said: “Information rights are fundamental human rights. They give us control over our lives and the information we wish to share and empower us to question and hold our public authorities to account.
“The explosion of technology over the past four decades has changed and challenged our relationship with what is private and what isn’t in ways we could never have imagined – but as tech has evolved, so too have the protections put in place by the law. The ICO has been on the frontline of upholding those rights for the last 40 years.”
Related stories
Privacy group warns Govt over revamp of data laws
Govt lines up new Bills for cyber security and smart data
Govt keeps ‘best of GDPR’ as data reforms are revised
Government performs U-turn on plans to ditch GDPR
Why plans for new UK data protection laws are quackers