natali_mis - stock.adobe.com
ICO wants to ‘empower people through information’
Information Commissioner’s Office sets out commitment to safeguard the information rights of the most vulnerable people in UK society
The Information Commissioner’s Office (ICO) has set out a three-year plan detailing its regulatory focus and priorities between now and 2025, with a commitment to safeguard the information rights of society’s most vulnerable groups at its core.
The ICO25 plan includes proposals to look at the impact of predatory marketing calls, re-examine the use of algorithms in the benefits system, consider the impact that the use of artificial intelligence (AI) in recruitment could have on certain groups, and deepen its ongoing regulatory support of children’s online privacy.
Speaking at a launch event today (14 July), information commissioner John Edwards recounted a story about the ICO’s work.
“On 31 May, we published a Commissioner’s Opinion,” he said. “It set out changes we wanted to see to the data protection approaches of police forces, in relation to victims of rape and serious sexual assaults. It was, in many parts, a technical report, explaining the requirements of the law. This is the work my office does.
“Also on 31 May, I received an email from someone who had been a victim of insensitive and intrusive police practices in the aftermath of a traumatic assault. She described her experience of those practices as an ordeal. Another survivor spoke about being constantly on edge. Both spoke of how powerful our work was, in prompting change and in seeing their experiences. This is why we do this work.”
Edwards said he wanted the ICO to: empower people to confidently share their information to use the online products and services that now underpin the UK’s digital economy and society; to empower organisations to use this information responsibly and confidently in the service of investment and innovation; and help people to hold the government to account, driving more transparency to help citizens trust the decisions taken by it.
“My office will focus our resources where we see data protection issues are disproportionately affecting already vulnerable or disadvantaged groups,” said Edwards. “The impact that we can have on people’s lives is the measure of our success. This is what modern data protection looks like, and it is what modern regulation looks like.”
In line with government proposals for the reform of the ICO – as set out in the Data Reform Bill – the ICO25 plan also emphasises business-friendliness, announcing a package of measures that the regulator says will help save businesses at least £100m between now and the middle of the decade.
These proposals include: the publication of internal data protection and freedom of information (FoI) training materials; the creation of a database of the advice and guidance the ICO provides to organisations and the public; the production of templates to help organisations develop their own approaches to data protection, where appropriate; the launch of an ICO-moderated platform for discussion, debate and information sharing; the launch of a “Data Essentials” training scheme, pitched at SMEs for which data protection can be a minefield; and the launch of an advice platform to offer support to data innovators.
Read more about the ICO’s work
- Information commissioner John Edwards sets out a revised approach to how the ICO handles data breaches in the public sector, saying fining victims risks punishing the public twice over.
- London law firm Mishcon de Reya forces disclosure of reprimands issued to organisations by the Information Commissioner’s Office for contraventions of UK data protection law.
- Information Commissioner’s Office reprimands Department of Health and Social Care after ministers and officials conducted government business on their own email accounts and messaging apps.
Edwards said: “Certainty and flexibility remain the two pillars of what I offer to business today, and in how we will support the successful implementation of a new data protection law. Certainty in what the law requires, coupled with a predictable approach to enforcement action, that allows businesses to invest and innovate with confidence. And the flexibility to reduce the cost of compliance.
“That support for business and public sector is important in itself, but it is ultimately a means to an end. We help business to help people.”
The plan goes on to set out support for the public sector, including an already-announced revised approach to public sector fines and the creation of a cross-Whitehall senior leadership group to drive compliance and high standards of information across government departments, as well as reaffirming the ICO’s commitment to supporting the development of a more “modern” approach to the FoI rules.
“There are few regulators who can say their work is of fundamental importance to the democracy on which society exists – but that is the value of the Freedom of Information Act,” said Edwards. “My role is to ensure the administration of that law is fit for the modern world.
“But to achieve that requires fundamental change – and that change has to start in my office. The proposals I set out today involve trying different approaches. Some may work well, some may not work, some may need tweaking. But it is absolutely clear to me that in a world of increasing demand, and shrinking resources, we simply cannot keep doing what we’ve been doing and expect the system to improve.”