UK Report 106 out now



Lead story:

Collective actions build against Google, BA, Ticketmaster, Equifax

A Group Litigation Order has been issued on British Airways with an extension to claim time, and Equifax faces representative action. By Laura Linkomies.

Contents also include:

  • Comment: UK, EU and Brexit – once again
  • ICO continues to invest in international cooperation
  • Significant changes to media, communications and data claims
  • ICO issues opinion on live facial recognition by law enforcement
  • Royal Free and Google DeepMind
  • The data breach forest: Identifying all the trees
  • Take care before you share: The ICO’s draft code of practice
  • The future for charity fundraising: Innovation and data protection
  • Channel 4 creates a culture of privacy in the workplace
  • Survey on cyber security breaches
  • ICO seeks powers to seize assets
  • ICO reminds political parties to stay within DP law
  • Half of organisations still not GDPR compliant, survey says
  • Brexit uncertainty continues
  • US and UK sign agreement on access to law enforcement data
  • Consent model is broken
  • Un-checking a box is not consent
  • ICO, Facebook strike agreement
  • Immigration exemption in UK Act

Publisher's Cover Note

Data protection supports industrial strategy

From the start of the GDPR fully applying in May last year, the ICO has been able to play an influential role at the European Data Protection Board leading many of the working groups. If Brexit happens (p.14), this leadership role will have to be vacated because after that point, the UK will be represented only where an issue is discussed which relates specifically to the UK. How flexibly this rule will be interpreted by this independent body remains to be seen.

The ICO continues to expand both in terms of its scope and staff, now 700+. It is seeking to attract not only permanent staff but also people on secondment from a few months to one or two years. The objective is to bring to the organisation fresh perspectives and experience from people who would not necessarily want a long-term career there. The secondees learn of the ICO’s culture and ways of working to bring back to their organisations.

Data protection and industrial strategy

I have never before seen data protection and industrial strategy in the same policy statement. However, the outgoing UK government wants to be seen to be living up to its ambition to make the UK the safest place in the world to live and work online and for the UK to be at the heart of a global, and safe, digital economy. To help achieve this goal, the Business Secretary, Greg Clark, announced on 5 October a £10 million fund to establish a Regulators’ Pioneer Fund to support the government’s industrial strategy. Its number one objective is putting the UK at the forefront of the Artificial Intelligence (AI) and data revolutions (p.16).

Regulators’ Business Privacy Innovation Hub

As a result, the ICO has benefitted from this government ambition as one of the 15 fund recipients.

Greg Clark’s official announcement stated: “The new hub will work in partnership with other regulators to provide expert support to businesses on ensuring information privacy and data protection – helping them build the confidence to create innovative products and services. A pool of ICO experts will work with other regulators to enable innovation in sectors and develop approaches based on privacy by design.”

Of course, Privacy by Design is familiar to the data protection law community, established in the 1990s in Canada, and more recently as Data Protection by Design in the GDPR. However, I expect that it was something of a surprise for the wider business community that this concept is part of the government’s industrial strategy.

The ICO explained “The £537,000 grant to the ICO will establish a Regulators’ Business and Privacy Innovation Hub this month, which will work in partnership with other regulators to provide expert support to businesses in information privacy and data protection – helping them build-in data protection by design and have the confidence to create innovative products and services.”

Chris Taylor, an ICO Head of Assurance, who is leading the hub project said: “Privacy and innovation go hand in hand. The hub will reflect the ICO's own enhanced focus on innovation and desire to support business innovation and ultimately help us achieve our fundamental strategic goal which is to increase the public's trust and confidence in how their personal data is used.” The announcement continued “The Hub will work alongside the ICO’s Regulatory Sandbox a place where organisations and businesses will be supported to develop innovative products and services using personal data in different ways.”

The ICO’s increase in resources enables it to both continue its traditional legal/enforcement work while at the same time embrace its forward-looking privacy and innovation themes across the field of AI and facial recognition (p.8). Privacy Laws & Business is doing likewise as shown by our Roundtable on 29 January, just after European Data Protection Day, when we are organising a Roundtable Balancing privacy with biometric techniques in a commercial context, to be hosted by the Macquarie Group in London.

Facial recognition is just one example of biometric identification which we will cover with the help of at least one company, Onfido, currently working in the ICO’s sandbox (PL&B UK Report September 2019 p.1). We welcome your active participation in this event so contact us if you would like to discuss with your peers your experience in this new field.

Laura Linkomies, Editor, and the rest of our PL&B editorial team look forward to keeping you actively informed of this ever-developing area in the years ahead.

Regards,

Stewart Dresner, Publisher