Data protection supports industrial strategy
From the start of the GDPR fully applying in May last year, the ICO has been able to play an influential role at the European Data Protection Board leading many of the working groups. If Brexit happens, this leadership role will have to be vacated because after that point, the UK will be represented only where an issue is discussed which relates specifically to the UK. How flexibly this rule will be interpreted by this independent body remains to be seen.
The ICO continues to expand both in terms of its scope and staff, now 700+. It is seeking to attract not only permanent staff but also people on secondment from a few months to one or two years. The objective is to bring to the organisation fresh perspectives and experience from people who would not necessarily want a long-term career there. The secondees learn of the ICO’s culture and ways of working to bring back to their organisations.
Data protection and industrial strategy
I have never before seen data protection and industrial strategy in the same policy statement. However, the outgoing UK government wants to be seen to be living up to its ambition to make the UK the safest place in the world to live and work online and for the UK to be at the heart of a global, and safe, digital economy. To help achieve this goal, the Business Secretary, Greg Clark, announced on 5 October a £10 million fund to establish a Regulators’ Pioneer Fund to support the government’s industrial strategy. Its number one objective is putting the UK at the forefront of the Artificial Intelligence (AI) and data revolutions.
Regulators’ Business Privacy Innovation Hub
As a result, the ICO has benefitted from this government ambition as one of the 15 fund recipients.
Greg Clark’s official announcement stated: “The new hub will work in partnership with other regulators to provide expert support to businesses on ensuring information privacy and data protection – helping them build the confidence to create innovative products and services. A pool of ICO experts will work with other regulators to enable innovation in sectors and develop approaches based on privacy by design.”
Of course, Privacy by Design is familiar to the data protection law community, established in the 1990s in Canada, and more recently as Data Protection by Design in the GDPR. However, I expect that it was something of a surprise for the wider business community that this concept is part of the government’s industrial strategy.
The ICO explained “The £537,000 grant to the ICO will establish a Regulators’ Business and Privacy Innovation Hub this month, which will work in partnership with other regulators to provide expert support to businesses in information privacy and data protection – helping them build-in data protection by design and have the confidence to create innovative products and services.”
Chris Taylor, an ICO Head of Assurance, who is leading the hub project said: “Privacy and innovation go hand in hand. The hub will reflect the ICO's own enhanced focus on innovation and desire to support business innovation and ultimately help us achieve our fundamental strategic goal which is to increase the public's trust and confidence in how their personal data is used.” The announcement continued “The Hub will work alongside the ICO’s Regulatory Sandbox a place where organisations and businesses will be supported to develop innovative products and services using personal data in different ways.”
The ICO’s increase in resources enables it to both continue its traditional legal/enforcement work while at the same time embrace its forward-looking privacy and innovation themes across the field of AI and facial recognition (p.8). Privacy Laws & Business is doing likewise as shown by our Roundtable on 29 January, just after European Data Protection Day, when we are organising a Roundtable Balancing privacy with biometric techniques in a commercial context, to be hosted by the Macquarie Group in London.
Facial recognition is just one example of biometric identification which we will cover with the help of at least one company, Onfido, currently working in the ICO’s sandbox (PL&B UK Report September 2019 p.1). We welcome your active participation in this event so contact us if you would like to discuss with your peers your experience in this new field.
Laura Linkomies, Editor, and the rest of our PL&B editorial team look forward to keeping you actively informed of this ever-developing area in the years ahead.
Stewart Dresner, Publisher
UK Report 106
Collective actions build against Google, BA, Ticketmaster, Equifax
A Group Litigation Order has been issued on British Airways with an extension to claim time, and Equifax faces representative action. By Laura Linkomies.
Take care before you share: The ICO’s draft code of practice
Private sector organisations need to pay attention too as the code recommends data sharing agreements to support accountability. By Rebecca Cousin and Cindy Knott of Slaughter and May.