Pressure is mounting on the Information Commissioner’s Office for its lack of action over the botched handling of the Covid-19 test and trace programme, with a cross-party group of MPs accusing the regulator of “sitting on its hands”.
The move follows a Government admission that the Department of Health & Social Care failed to complete a data protection impact assessment (DPIA) for the programme in England.
The issue was exposed by the Open Rights Group, which had threatened to go to court to force the Government to conduct a DPIA – a requirement under GDPR for projects that process personal data.
A letter from the Department of Health to the group confirmed that a DPIA was a legal requirement but had not been obtained. At the time, the ICO said it was keeping a close eye on the situation as “a critical friend”. However, the regulator has been quiet as a mouse ever since.
Now, in a letter signed by 22 MPs from Labour, the LibDems, Greens and Scottish Nationals – and organised by ORG – the regulator is being urged to even consider fining the Government “if it fails to adhere to the standards which the ICO is responsible for upholding”.
St Albans Liberal Democrat MP Daisy Cooper said: “The Government has seemingly played fast and loose with data protection measures that keep people safe. The public needs a data regulator with teeth: the ICO must stop sitting on its hands and start using its powers – to assess what needs to change and enforce those changes – to ensure that the government is using people’s data safely and legally.”
ORG executive director Jim Killock added “There is something rotten at the heart of the ICO that makes them tolerate government’s unlawful behaviour. The ICO is a public body, funded by the taxpayers, and accountable to Parliament. They must now sit up, listen and act. As a regulator ICO must ensure that the Government upholds the law.”
Earlier this week, the regulator was branded “pathetic” and “weak” for failing to intervene in the row over the algorithm marking system used to award A-level grades, while questions have been raised about Information Commissioner Elizabeth Denham’s commitment to the job after it emerged she has been living in Canada since June.
Meanwhile, the GDPR cases against British Airways and Marriott International – hailed by the ICO last year – continue to rumble on and privacy groups have slated the ICO after it paused its investigation into adtech.
Then came its annual report, which revealed a huge rise in expenses, including trips abroad, travel and entertainment; a lack of action against nuisance calls; and the fact that fewer than 1% of its investigations led to a monetary penalty.
Related stories
Denham works from home; 4,500 miles away in Canada
ICO whacked for ‘pathetic’ response to A-level outrage
BA allots £20m for GDPR fine but may not pay a penny
Fresh delay to Marriott and BA fines fuels ICO criticism
Will it ever end? Now Marriott wins further GDPR delay
DMA recoils at plan to hand out Covid data to councils
Privacy groups hit out at fresh delay to adtech probe
ICO strikes back at claims it has shut down all cases
ICO reveals fewer than 1% of investigations led to a fine
‘Chicken’ ICO kicks adtech investigation into long grass
