New Information Commissioner, New Data Protection Minister

This week has seen two new developments on the UK information law scene:

On Monday, Elizabeth Denham started her five year term as the UK’s new Information Commissioner soon after completing her term as Information and Privacy Commissioner, British Columbia, Canada.

Her first public statement is the foreword to The Anonymisation Decision-Making Framework published by the UK Anonymisation Network (UKAN) yesterday, which had contributions from the ICO’s Steve Wood, Interim Deputy Commissioner, and Iain Bourne, Data Protection Policy Delivery Group Manager.

Denham’s foreword states “We have learnt that we have to deploy effective anonymisation techniques and assess re-identification risk in context, recognising that there is a wide spectrum of personal identifiability and that different forms of identifier pose different privacy risks. This authoritative and accessible decision-making framework will help the information professional to anonymise personal data effectively. ….

It is easy to say that anonymisation is impossible and that re-identification can always take place. It is just as easy to be complacent about the privacy risk posed by the availability of anonymised data. It is more difficult to evaluate risk realistically and in the round and to strike a publicly acceptable balance between access to information and personal privacy. The guidance in this framework will help information professionals to do that…..

It is essential that we continue to develop anonymisation and other privacy enhancing techniques as an antidote to the potential excesses of the big data era. The ICO has been one of the strongest champions of the privacy enhancement agenda, within the EU and beyond, and it will continue to be.”

The preface states “This book has been developed to address a need for a practical guide to anonymisation that gives more operational advice than the ICO’s Anonymisation Code of Practice, whilst being less technical and forbidding than the statistics and computer science literature.”

Elizabeth Denham has promised to speak at Privacy Laws & Business’s 30th Anniversary Conference, 3-5 July 2017, at St. John’s College, Cambridge.

The new Data Protection Minister

Yesterday, the full ministerial team for the Department for Culture, Media and Sport was published. Baroness Neville-Rolfe has been replaced as the UK’s Data Protection Minister by the Rt. Hon. Matt Hancock MP. The range of his responsibilities are listed here and include cyber security, digital strategy, digital markets and consumer policy, but data protection is not listed.

Baroness Neville-Rolfe DBE CMG, the UK’s Minister for Data Protection, has now published her speech on 3rd July at Great Expectations, PL&B’s 29th Annual International Conference online. Her statements indicating government policy include the following:

“ ‘Protection’ should be about respect for individuals and the personal information they share in good faith. That should shift the focus in the board room from a technical issue to a reputational and commercial one.”

“One thing we can say with reasonable confidence is that if any country wishes to share data with EU Member States, or for it to handle EU citizens’ data, they will need to be assessed as providing an adequate level of data protection. This will be a major consideration in the UK’s negotiations going forward.”

"Throughout the negotiations, the UK Government has been urging both the [European] Commission and the US to conclude negotiations on this new legally robust [EU-US Privacy Shield] adequacy decision, in order to provide clarity to the businesses that transfer data from the EU to the US, and to reassure citizens that their rights will be upheld in the new agreement. All of our discussions with the Commission and the US have recognised the need to strike the balance between commercial interests and fundamental rights.”