Reflection of surrounding buildings on RPC's building.
  1. Home >
  2. Snapshots >
  3. Data protection >
  4. >
  5. How is the ICO responding to the UK Government’s data strategy?

SHARE:

How is the ICO responding to the UK Government’s data strategy?

Published on 17 January 2022

The question

What does the UK data regulator think of proposals for data protection reform set out by the Department for Digital, Culture, Media and Sport (DCMS)?

The key takeaway

The ICO is broadly in favour of the Government’s proposals for data protection reform following Brexit, but has expressed some concerns, particularly about plans to reform the rules for legitimate interest justifications for data processing.

The background

DCMS published a consultation document earlier this year which outlined how it plans to reform data protection regulations now that the UK has left the European Union. The consultation, entitled “Data: a new direction”, included plans to improve innovation in the UK and reduce the administrative burdens placed on UK companies who need to transfer data overseas. The consultation, which closed on 19 November 2021, sought views from industry stakeholders on the Government’s plans to reformulate its approach to the accountability of organisations involved in data processing and collection. DCMS has proposed an approach underpinned by “risk-based privacy management programmes”, which would require organisations to take a more holistic approach to evidencing compliance with data protection legislation. 

As part of its plans to create a data strategy that will foster innovation in UK technology, the Government is also considering a reform of the situations in which data processing is permitted by creating an exhaustive list of legitimate interests that can be relied on by organisations. Further to this, it seeks to clarify what responsibilities organisations have regarding fair data use, particularly when it comes to the use of personal data for developing and deploying AI systems. The Government is also considering amendments to the way cookies are managed and introducing fines for nuisance calls. DCMS is also looking to reform the ICO’s own governance, including additional powers and a clearer strategic direction for the regulator.

The development

The ICO has now released a paper setting out its response to the Government’s proposals for its new data strategy. The ICO is broadly supportive of DCMS’s ideas, including its attitude towards encouraging innovation in the UK by reducing administrative burdens for UK businesses, and proposals clamping down on nuisance callers. The ICO also welcomes the potential socio-economic benefits that might be brought about by a more user-friendly data protection system. 

However, the data regulator expressed concern that the balance between reducing administrative burdens for companies and protecting the rights of individuals might be tipping in what it considers to be the wrong direction. An area of particular concern relates to potential reforms to cookies, and the introduction of a list of activities that might constitute a legitimate interest for data controllers to process data. The ICO has asked to see more details on the nature of processing activities that might be captured by this to ensure that the rights of individuals are upheld when it comes to how their data is processed. This includes:

  •  legitimate interests for processing and the proposal of a list of legitimate interests for which organisations can process data. The ICO highlights that the Government will need to ensure that such a list does not have an impact on people’s rights
  • the concept of fair processing particularly in the context of AI because of the greater volume and complexity of data processing and the risks of bias. While the ICO welcomes the intention to explore the area, it claims to be “deeply concerned” about any clarification or changes that may remove the centrality of fairness in how personal data is used, and 
  • some subject access requests and the burden they place on some organisations. However, before any changes are made, including the Government’s proposal to introduce a fee regime, the ICO would like to see more evidence from relevant sectors to assess the potential impact of any changes on people, particularly the most vulnerable.

Finally, the ICO favours the Government’s plans to strengthen its powers as a regulator. However, it is concerned that any Government mandated strategic direction may jeopardise its independence and therefore its status as an effective regulator. 

Why is this important?

As an independent regulator, the ICO has an obligation to balance the interests of both individuals and business in providing feedback to DCMS. Anything that it is strongly opposed to may be reconsidered by DCMS when it produces its final proposals for the future of UK data regulation. 

Any practical tips?

The data landscape in the UK is changing and it is important to keep up to speed with announcements on regulatory reform in this area. This is particularly the case for those involved in tech and systems development, noting for example the ICO’s feedback on fairness in AI and machine learning. The DCMS is currently considering the information it received during its consultation. Keeping an eye on the results of its analysis would be a prudent move.