The UK’s independent data protection policy



It is well known that the UK must forge its own data protection policies after Brexit, as the government does not wish to rely on policy positions drafted by, and negotiations conducted with, the European Commission.

The consequence is that the UK government must decide on a strategy (p.1) and then recruit and deploy many people with expertise to develop its policies. It has to work out what should be the UK’s detailed positions on a wide range of issues both in the domestic sphere and also involving international data transfers, such as:

negotiating with the EU on their view of the UK’s law and vice versa; negotiating adequacy of EEA Members States’ laws from the UK’s perspective; bilateral discussions with currently EU “adequate” non-EU countries, such as Switzerland, Canada, the Channel Islands and the Isle of Man; new countries for a UK adequacy review, for example, South Africa, Brazil and India; sectors in other countries; specific jurisdictions, for example, California, Hong Kong and Macao; a future permanent role for the ICO on the European Data Protection Board, as part of “regulatory cooperation” rather than, as starting in February this year, the ICO attends only when invited; Binding Corporate Rules, codes of conduct (p.25) and certification; international organisations, such as the WTO and the G20; APEC and its Cross-Border Privacy Rules.

Impact of the coronavirus

Last week, responding to public concern about the coronavirus outbreak, the ICO published a statement which emphasised that it is “a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern [so] we will take into account the compelling public interest in the current health emergency.” 

We at PL&B have many years of experience of remote working and have developed a Plan B for our 33rd Annual International Conference.

Sandbox progress report

It is now six months since the launch of the ICO’s sandbox, where tech companies are testing out their 

concepts and prototypes in a legal safe place. We covered the experience of Onfido and their work on a facial recognition identification system last September (PL&B UK Report September 2019 p.1). On 9 March, the ICO published an update on this project in which Ian Hulme, Director of Regulatory Assurance, explained the benefits to the ICO in terms of engaging with real world examples of various types of tech ensuring that “ innovative products with considerable public benefits do not come at the cost of privacy rights.”

We at PL&B are making our own contribution on privacy aspects of biometric identification by:

• publishing Confronting the challenges of vendor management in biometrics (pp.19-21),
• reporting on our survey Considerations when introducing a biometric identification system (pp.22-24), and
• sending our Recommendations and questions to the ICO (p.24) following our 29 January Roundtable on biometric identification techniques in a commercial context

Nowhere to Hide, PL&B’s 33rd Annual International Conference

We will continue to cover biometric issues. Neal Cohen, Director of Privacy for Onfido will give his company’s positive perspective and chair a panel on Privacy: A data scientist’s perspective at Nowhere to Hide, PL&B’s 33rd Annual International Conference 29 June to 1 July 2020 at St. John’s College, Cambridge. He will be joining some 50 speakers from many countries in around 30 sessions. The 20% discount registration period has now been extended until the end of March.

The conference programme: We expect to publish the full daily programme before the end of March. Meanwhile, you may register now and amend the names of the participants later. In addition, different members of your team may attend on different days. 

The PL&B Team works in several locations so we are as well prepared as we can be to continue our services during the current health crisis. We trust that we will all find a way to flourish into the future.

Regards,

Stewart Dresner, Publisher

 

UK Report 108

Lead story:

UK seeks an independent data protection policy

Full alignment with the GDPR cannot be taken for granted any longer as Boris Johnson, the Prime Minister, steers away from commitments
made in the Withdrawal Agreement. By Laura Linkomies.

Contents also include:

  • Comment: Negotiations on EU-UK future relationship start in Brussels
  • UK seeks an independent data protection policy
  • ICO publishes final online Age Appropriate Design Code
  • Defining data ethics
  • DMA works towards a code of conduct for the marketing sector
  • What has been the ICO’s attitude to GDPR enforcement?
  • ICO looks at bad direct marketing
  • Data protection and anti-money laundering: Irreconcilable?
  • Governance and data protection – a charity’s perspective
  • Confronting the challenges of vendor management in biometrics
  • Introducing biometric identification
  • Biometrics: Recommendations and questions to the ICO
  • GDPR data protection icons
  • Regulating online harms
  • Monitoring live facial recognition
  • 193 million phone calls lead to maximum fine
  • Group action against Dixons Carphone Warehouse
  • ICO warns FCA-authorised firms and insolvency practitioners
  • ICO fines Cathay Pacific
  • CDEI publishes review on online targeting