ICO unveils new tech strategy to tackle digital hurdles

The Information Commissioner's Office (ICO) has published its first strategy paper outlining how it will adapt its regulatory approach in light of new challenges presented by rapidly changing technology.

Among the key goals outlined in the paper, drafted to enhance the regulator's overall technical expertise and understanding, the ICO will educate staff on technological issues, and ensure businesses and the wider public are kept informed on new data protection risks.

The ICO also established, in its plans, three priority areas for 2018/19, including cyber security, AI, and web and cross device tracking. The data regulator will develop an action plan for each area which it plans to review and update annually.

The new three-year strategy is part of the ICO's wider efforts to strengthen its commitment to technology and innovation, which includes the appointment of Simon McDougall as the first executive director for technology policy and innovation.

McDougall, the former managing director of IBM-owned consultancy firm Promontory, is a "well-known international figure in the world of information rights," according to the ICO, and has also served on the board of a number of international bodies committed to upholding citizens' data and information rights.

"I am honoured to have the opportunity to join the ICO and lead their work in this critical area," McDougall said. "Technological change continues to accelerate, and it is vital that the ICO remains constructively and robustly engaged as organisations innovate in the use of personal data."

Also among the ICO's plans is the launch of a 'regulatory sandbox' in which organisations can develop innovative tools and services with assistance and guidance from the ICO. The regulator plans to consult on the implementation of this scheme later in 2018.

"Technology is driving changes to the societal, political, legal and business environment that the Information Commissioner's Office (ICO) needs to regulate," Information Commissioner Elizabeth Denham wrote in the foreword of the new strategy.

"The most significant data protection risks to individuals are now driven by the use of new technologies. The risks are broad - from cyber-attacks to the growth of artificial intelligence and machine learning."

"The GDPR contains new provisions to better regulate the risks arising from technology, including data protection by design and data protection impact assessments.

"These advances need not come at the expense of data protection and privacy rights - the ICO's approach to technology will be underpinned by the concept that privacy and innovation are not mutually exclusive."

The ICO has faced numerous challenges in the last few months in light of a massive data misuse scandal involving Facebook and the now-defunct Cambridge Analytica, which perhaps gave the regulator a taste of the issues it could expect to face in an increasingly-digitised landscape.

Its investigations into the misuse of personal data in political campaigns, which spans a vast number of organisations, led to Facebook last month being fined 500,000 - the maximum under the Data Protection Act 1998. The full results of the ICO's investigation are expected to be published by the end of the year.