Information Commissioner keen to bring certainty
As the new Information Commissioner, John Edwards, has recognised, UK DPOs have had a heavy workload in the last few years with the introduction of the GDPR, implications of Brexit and now some uncertainty over the UK’s future data protection framework. While we expect to see more concrete proposals from the DCMS any day now, the Commissioner reassures companies that he wants stability.
Edwards seems willing to be a strong enforcer. He now has some old cases to see through – for example the Experian appeal at the First Tier Tribunal (p.13).
The government has proposed some changes to the ICO’s enforcement powers; firstly the ICO would be able to commission an independent technical report to inform its investigations into an organisation’s activities. Secondly, Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) fines would go up to GDPR levels. Given the ICO’s previous focus in this area, this could be significant for companies.
Edwards is keen to cooperate with his EU counterparts but at the same time sees some benefit of being outside of the EU. In an interview with Politico, he said that ‘What we have at the ICO as our competitive advantage, I think, is an ability to move fast and fix things and not be mired down by the bureaucracy of needing to check with 20 colleagues on every bit of wording on every penalty.’
DPOs must be experts in data protection, but also independent and adequately resourced, and report to the highest management level. However, in some situations conflicts may arise.
The government proposed to scrap the mandatory DPO role. It remains to be seen whether this unpopular idea has now been abandoned. Join us on 25 May to hear the latest from the DCMS and give your views in a roundtable in London. We also welcome you once again to join in our wonderful summer school atmosphere at St John’s College, Cambridge, for a three-day information-packed PL&B Annual Conference 4-6 July (worth 12 CPE credits). See www.privacylaws.com/ic2022 for details.
Editor, Privacy Laws & Business