This article is more than 1 year old
Outgoing UK Information Commissioner issues warning about the independence of her office
Blasts proposals for Secretary of State to approve ICO guidance
The UK’s outgoing Information Commissioner has issued a strongly worded statement warning of the future independence of the office in the face of government plans to reform data protection law.
Elizabeth Denham, Information Commissioner since 2016, said there were reasons to be concerned about proposed changes to data regulations in the UK.
"Despite …broad support for the proposals to reform the ICO's constitution, there are some important specific proposals where I have strong concerns because of their risk to regulatory independence.
"For the future ICO to be able to hold government to account, it is vital its governance model preserves its independence and is workable, within the context of the framework set by Parliament and with effective accountability.
"The current proposals for the Secretary of State to approve ICO guidance and to appoint the CEO do not sufficiently safeguard this independence. I urge Government to reconsider these proposals to ensure the independence of the regulator is preserved,” she said in a statement.
- British data watchdog brings cookies to G7 meeting – pop-up consent requests, not the delicious baked treats
- You can 'go your own way' over GDPR, says UK's new Information Commissioner
- British data watchdog brings cookies to G7 meeting – pop-up consent requests, not the delicious baked treats
- UK promises big data law shake-up... while also keeping the EU happy, of course. What could go wrong?
The UK is set to make changes to its data laws. It must somehow strike a balance between two priorities. On the one hand, an apparent desire to "seize the opportunity" offered by the UK's departure from the EU "by developing a world-leading data policy that will deliver a Brexit dividend for individuals and businesses across the UK," according to former Digital Secretary Oliver Dowden.
On the other, any changes to UK law would have to maintain the EU adequacy ruling which allows data to be shared with non-member states. Otherwise, data transfers between the UK and EU would be hit with red tape. Dowden said the UK would continue to align with the EU's General Data Protection Regulations (GDPR) and that Britain would set a "gold standard" in data regulation, "but do so in a way that is as light touch as possible."
Proposed changes to the law might water down individuals' rights to challenge decisions made about them by artificial intelligence, for example.
The launch of the consultation coincides with plans for a new governance model for the Information Commissioner's Office – the UK's data watchdog – including an independent board and chief executive to mirror the governance structure.
Meanwhile, the consultation also proposes changes to the Information Commissioner's Office's remit.
"Reforms will broaden the remit of the ICO and empower the Information Commissioner to champion sectors and businesses that are using personal data in new, innovative and responsible ways to benefit people’s lives in areas such as healthcare - building on the use of data in tackling Covid-19 - and financial services," an ICO release said earlier this year.
The move follows the selection of John Edwards as the government's preferred candidate as the new Information Commissioner. He is set to replace Elizabeth Denham.
It's difficult to say what might make ministers uncomfortable at the independence of the Information Commissioner. Observers might point to an official inquiry into the misuse of private email accounts at the Department of Health and Social Care (DHSC). Launched during the summer, the investigation came amid allegations that senior officials within the department – including former health secretary Matt Hancock who resigned recently over his inability to follow lockdown rules – used private emails to discuss sensitive government business.
The ICO’s statement coincides with a change in ministerial responsibilities.
Nadine Dorries is now the government minister charged with steering the data protection law to unleash "data's power across the economy and society for the benefit of British citizens and British businesses."
In September, the Conservative politician who was once suspended from the party whip for appearing on a television programme in which she ate ostrich anus was announced as a replacement for Oliver Dowden as minister in charge of the Department for Digital, Culture, Media and Sport.
The Information Commissioner could have chosen other words, at least in the mind of one industry commentator.
"Dear Ollie. Sod off. I'm independent. Lots of love. Lizzie," data protection training ace Chris Pounder hypothesized she might say in a recent blog, before adding, "Of course such a letter won't be sent, but it should be [because] there have been three attempts (at least) where the independence of the current or future information commissioner is under attack by ministers." ®