“Privacy is a right not a privilege. In a world where our personal data can drive everything from the healthcare we receive to the job opportunities we see, we all deserve to have our data treated with respect. My role is to work with those to whom we entrust our data so they are able to respect our privacy with ease whilst still reaping the benefits of data-driven innovation. I also want to empower people to understand and influence how they want their data to be used, and to make it easy for people to access remedies if things go wrong.”
Quote by: Mr Edwards, the new UK Information Commissioner
Mr John Edwards began his role as the new UK Information Commissioner in January 2022. He was previously New Zealand’s Privacy Commissioner for eight years and worked as a solicitor and barrister specialising in information law prior to that.
This summer, Mr Edwards launched “ICO25,” his vision of the UK Information Commissioner’s Office and its role as the UK data protection regulator by 2025. Principles of empowerment will underpin the ICO’s work for the next three years in becoming the regulator it wants to be. The plan is to:
- Empower people to confidently share their information when using products and services that drive the UK economy and society;
- Empower organisations to use information responsibly and confidently to invest and innovate; and
- Empower people to hold government to account, driving transparency that helps everyone better trust in the decisions taken by public bodies.
Specifically, the ICO wishes to tackle the impact of predatory calls; artificial intelligence tools for screening job applicants such as neuro diverse people or people from ethnic minorities (who don’t develop the algorithms used); targeted ads for gambling; and children’s privacy along with other things.
The ICO aims to do this with transparency whilst providing greater certainty and flexibility to businesses in both the private and public sectors. It is thought that by creating certainty for businesses as to what data protection law requires, businesses will invest and innovate with a greater confidence. In addition, helping to reduce the cost of data protection compliance will, it is hoped, bring great savings across the economy whilst providing better flexibility to businesses.
So how exactly will the ICO achieve its vision?
- By publishing data protection training materials, and sector specific materials and advice to assist organisations to comply with law;
- By offering a new iAdvice service, which will offer a direct fast paced expert advice service to support innovators;
- By providing binding rules, so that the ICO can declare its position on a question of law or business practice in advance and not after the fact; and
- Taking punitive action against organisations that do not comply with the law.
With Mr Edwards’ words in mind, by handling data responsibly, businesses can improve their reputation, increase employee and customer confidence, and save both time and money.
So how well does your business or membership organisation comply with data protection law?
Does your business:
- keep a record of the personal data it holds?
- tell people it has their personal data, and explain how it is used?
- only collect the personal data needed?
- only keep personal data for as long as is needed?
- always keep personal data accurate and up to date?
- always keep personal data secure?
- have a way for people to exercise their rights regarding the personal data held about them?
- know its data protection responsibilities?
- know whether it’s obliged to pay a data protection fee?
If you would like to learn more about this topic or data protection law, please contact:
Minni Jokipii on minni@meadowsryan.com or tel: +44 (0) 7771922170.