The Government has launched a major consultation on the future of the Information Commissioner’s Office, as part of its overhaul of data laws first revealed last month, with plans to slash the powers of the current Commissioner role, as well as bring in tougher penalties for nuisance calls.
One year on from the publication of the National Data Strategy, the consultation is designed to bring in reforms aimed at driving “greater innovation and growth in the UK’s data sector and better protecting the public from major data threats”.
One of the key proposals will see the biggest shake-up of the ICO since Eric Howe was appointed as the UK’s first Data Protection Registrar back in 1984. The move is designed to mirror the governance structures of other regulators such as the Competition & Markets Authority, Financial Conduct Authority and Ofcom, which have a chief executive supported by an independent board.
This would suggest the role of the Information Commissioner as overlord will be axed, with many of the powers now being shared between the Commissioner, who will be chair of the organisation, the CEO and the board. John Edwards has been announced as the Government’s preferred candidate to succeed Elizabeth Denham as Commissioner; he is currently serving as the New Zealand Privacy Commissioner.
Another major change will see tougher penalties and fines for nuisance calls and text messages overseen by the ICO, pushing them up from a maximum of £500,000 under the PECR rules to up to £17.5m or 4% of annual global turnover under UK GDPR.
Ministers claim these will build on Government action in recent years that has included holding individual directors liable for nuisance calls made by their respective companies, even though not a single director has been fined for this offence and many still escape without paying the penalties.
Now that the UK has left the EU, the Government says it wants to create a pro-growth and trusted data regime that unleashes data’s power across the economy and society, for the benefit of British citizens and British businesses.
The Government’s five key tenets of the reforms aim to:
– Cement the UK’s position as a science superpower, simplifying data use by researchers and developers of AI and other cutting edge technologies.
– Build on the unprecedented and life-saving use of data to tackle the COVID-19 pandemic.
– Secure the UK’s status as a global hub for the free and responsible flow of personal data, complementing the agenda for new international trade deals and data partnerships.
– Reinforce the responsibility of businesses to keep personal information safe, while empowering them to grow and innovate.
– Ensure that the ICO remains a world-leading regulator, enabling people to use data responsibly to achieve economic and social goals.
Reforms will broaden the remit of the ICO and empower the new boss to champion sectors and businesses that are using personal data in new, innovative and responsible ways to benefit people’s lives in areas such as healthcare – building on the use of data in tackling Covid-19 – and financial services.
The Government says it wants to remove unnecessary barriers to responsible data use. This can help deliver more agile, effective and efficient public services and further strengthen the UK’s position as a science and technology superpower.
The reforms will aim to provide clarity around the rules for the use of personal data for research purposes, laying the groundwork for more scientific and medical breakthroughs, ministers claim.
Digital Secretary Oliver Dowden said: “Data is one of the most important resources in the world and we want our laws to be based on common sense, not box-ticking.
“Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society.
“These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic.”
The protection of people’s personal data will be at the heart of the planned data reform. Far from being a barrier to innovation or trade, regulatory certainty and high data protection standards allow businesses and consumers to thrive, the Government reckons.
The Government also insists it will maintain the UK’s world-leading data protection standards and proposals will be built on key elements of the current UK data protection regime, UK GDPR and Data Protection Act 2018, such as principles around data processing, people’s data rights and mechanisms for supervision and enforcement.
However, the ministers claim they recognise that the current regime places disproportionate burdens on many organisations.
They say that a small hairdressing business should not have the same data protection processes as a multimillion pound tech firm. The reforms, it maintains, will move away from the “one-size-fits-all” approach and “allow organisations to demonstrate compliance in ways more appropriate to their circumstances, while still protecting citizens’ personal data to a high standard”.
With the use of algorithmic or automated decision-making likely to increase substantially in coming years, the Government also wants organisations to be confident that their AI-powered services are a force for good and will not inadvertently harm consumers.
Reforms to the data regime can also help ensure that organisations can better understand and mitigate the risk of bias in their algorithmic systems, ministers claim. These aim to help organisations identify what is driving bias, so that they can take steps to make sure their services are not inadvertently biased or replicating societal and historic discrimination, or drawing inferences that could be deemed unfair.
TechUK director of tech and innovation Sue Daley, who is also co-chair of the NDS Forum, said: “The data reform consultation is the start of an important conversation that must include a wide range of stakeholders to explore how we could make the UK’s data protection framework work better for citizens and businesses.”
DMA chief executive Chris Combemale added: “[We] welcome the consultation on future data protection legislation. We strongly support the proposed approach of maintaining the key principles of GDPR while clarifying areas of confusion and simplifying onerous administrative burdens on businesses.
“The Government proposals appear to be sensible and pragmatic on ways to create greater clarity and certainty for businesses while maintaining a high level of consumer protection.
“By maintaining the core framework of UK GDPR, with improvements, we hope that it will be possible for UK to be the world’s most innovative economy while maintaining an equivalent or higher level of data protection. The DMA has strongly supported the National Data Strategy and will support a data protection regime that creates successful outcomes for people, business, government and society more broadly.”
The consultation will close on November 19 2021.
Critics round on overhaul of data law; Daily Mail rejoices
Govt plots major data law shake-up steered by NZ chief
NZ data chief and Facebook critic tipped to lead ICO
MPs warn new data regulator must not be Govt patsy
New ICO to ‘boldly’ lead UK into global data economy
UK firms express relief as EU data transfer deal looms
Hunt begins for the next UK Information Commissioner
Brits demand trade deals don’t water down data laws
UK industry chiefs call for ‘precious’ Brexit data deal
Japan data deal better than EU agreement, Truss insists
DMA hails EU data pact but Govt could yet scupper deal