The newly appointed Information Commissioner, John Edwards, has signalled a doubling down on privacy and individual rights as the government plans to overhaul GDPR and replace it with laws that “prioritise innovation”.
The government is in the throes of a public consultation on radically redrawing the UK’s data protection landscape in light of desires to “create a pro-growth” regime that favours “common sense” over “box-ticking”. Detractors have warned, though, these proposals will erode the integrity of the layer of individual rights and protections ushered in with GDPR.
Edwards, who arrived from New Zealand in January to serve at the helm of the Information Commissioner’s Office (ICO), however, has doubled down on the need for any future regime to respect citizens’ fundamental right to privacy.
This chief concern, he said in his first public outing as Information Commissioner, trumps all other considerations.
“The deep, legal and cultural commitment to protect fundamental rights informs what comes next for us in the UK,” Edwards told delegates at the IAPP Data Protection Intensive. “I see the opportunities for the UK to shape its own laws, and see a desire in government to promote innovation.
“I understand the entirely sensible goal of enabling business and government to derive a digital dividend and extract value from data – but all of this will be built on a foundation that prioritises privacy.
“That cultural value of privacy has been reflected as I’ve met with organisations across the UK. Different sectors face different challenges, but I’ve heard a consistent message of organisations understanding the importance of getting privacy right.”
In his long-anticipated speech, Edwards also repeatedly signalled the most important aspect of his approach would be preventing harm to individuals through illicit business practices, signalling, again, he would take seriously the “British obsession with privacy”.
Edwards struck a more diplomatic tone in his first speech as Information Commissioner than previous comments may have paved expectations for. He once described Facebook, for instance, as “morally bankrupt pathological liars who enable genocide (Myanmar), facilitate foreign undermining of democratic institutions”.
His championing of privacy rights first and foremost, however, directly clashes with messaging from both ministers, and Department for Digital, Culture, Media and Sport (DCMS) officials, in recent months, who have branded the current regime unfit for purpose.
In March last year, the then deputy director for data strategy implementation and evidence, Phil Earl, said the next Information Commissioner would need to correct the “imbalance” favouring privacy rights.
Ministers, too, have long seen GDPR as cumbersome for businesses and anti-innovation. A task force comprising hardline Conservative MPs last June presented a report to Boris Johnson urging him to ditch the need for consent to process data, as well as the need for human oversight on AI decision-making, for instance.
Much of this work has informed the initial proposals DCMS has put out for consultation. Although the plans have been significantly watered down, they suggest removing the need to appoint a Data Protection Officer (DPO), and will also allow organisations to access personal data with greater ease.
Notably, the former New Zealand privacy commissioner refused to be drawn into whether he agreed with the need to overhaul GDPR in the first place, although elsewhere stressed while GDPR had its issues, he saw it as a “how-to”, not a “don’t do”.
Based on conversations with DCMS officials, Edwards, however, is confident the proposals won’t erode privacy in the way that was first feared, nor would the new regime jeopardise the UK’s adequacy agreement with the EU.
“Given DCMS has committed to maintaining high standards of protection, I struggle to see how legal protections will be less in Cardiff than is afforded to those in Copenhagen,” Edwards said.
“We are expert advisers and DCMS listens closely to what we have to say, and calibrates advice to ministers as a result,” he continued. “There are aspects of the consultation paper that we’re continuing to engage with DCMS on, continuing to try to understand the policy issue that ministers are trying to address, and providing advice about the implications and alternatives to suggested approaches.”
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
“Limited resources” scupper ICO probe into EasyJet breachNews The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
Surge in workplace monitoring prompts new ICO guidelines on employee privacyNews Detailed guidance on how to implement workplace monitoring could prevent data protection blunders
-
TikTok could be hit with £27m fine for failing to protect children's privacyNews Social media firm issued with a notice from the ICO for potential violations of UK data protection laws
-
What is AdTech and why is it at the heart of a regulation storm?In-depth The UK data regulator has come under heavy fire for consistently delaying much-needed action, privacy groups say
-
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 millionNews ICO25 outlines a fresh approach that involves releasing learning materials, advice, and a new ICO-moderated discussion forum for businesses
-
Clearview AI fined £7.5m over improper use of UK dataNews Australian facial recognition firm collected 20 billion images from the internet without consent in order to build its database
-
UK data watchdog cut IT spending by £1.2 million during pandemicNews The ICO’s IT budget has been slashed by around 23% since 2019
