The Information Commissioner’s Office (ICO) is set for an overhaul to drive greater innovation and growth in the UK’s data sector and better protect the public from major data threats, under planned reforms announced by the Digital Secretary Oliver Dowden.
One year on from the publication of the National Data Strategy, the government has launched a wide-ranging consultation on proposed changes to the UK’s data landscape. As part of this, a new governance model is planned for the ICO, including an independent board and chief executive to mirror the governance structures of other regulators such as the Competition and Markets Authority (CMA), Financial Conduct Authority (FCA) and Ofcom.
This follows the selection of John Edwards as the government’s preferred candidate as the new Information Commissioner, who is currently serving as the New Zealand Privacy Commissioner.
Now that we have left the EU, the government wants to create a pro-growth and trusted data regime that unleashes data’s power across the economy and society, for the benefit of British citizens and British businesses.
The reforms outlined in this consultation will:
- Cement our position as a science superpower, simplifying data use by researchers and developers of AI and other cutting edge technologies.
- Build on the unprecedented and life-saving use of data to tackle the COVID-19 pandemic.
- Secure the UK’s status as a global hub for the free and responsible flow of personal data – complementing our ambitious agenda for new trade deals and data partnerships with some of the world’s fastest growing economies.
- Reinforce the responsibility of businesses to keep personal information safe, while empowering them to grow and innovate.
- Ensure that the ICO remains a world-leading regulator, enabling people to use data responsibly to achieve economic and social goals.
Reforms will broaden the remit of the ICO and empower the Information Commissioner to champion sectors and businesses that are using personal data in new, innovative and responsible ways to benefit people’s lives in areas such as healthcare – building on the use of data in tackling Covid-19 – and financial services.
The government wants to remove unnecessary barriers to responsible data use. This can help deliver more agile, effective and efficient public services and further strengthen the UK’s position as a science and technology superpower.
A recent example is researchers from Moorfields Eye Hospital and the University College London Institute of Ophthalmology making a breakthrough in patient care using AI technology. The researchers successfully trained machine learning technology on thousands of historic de-personalised eye scans to identify signs of eye disease and recommend how patients should be referred for care. This new way of using data has the potential to revolutionise the way professionals carry out eye tests. The government’s data reforms will provide clarity around the rules for the use of personal data for research purposes, laying the groundwork for more scientific and medical breakthroughs.
Digital Secretary Oliver Dowden says: “Data is one of the most important resources in the world and we want our laws to be based on common sense, not box-ticking.
“Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society.”
These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic.
The protection of people’s personal data will be at the heart of the planned data reform. Far from being a barrier to innovation or trade, regulatory certainty and high data protection standards allow businesses and consumers to thrive.
The consultation sets out plans to impose tougher penalties and fines for nuisance calls and text messages. These sanctions would be overseen by the ICO and build on government action in recent years that has included holding individual directors liable for nuisance calls made by their respective companies.
The government will maintain the UK’s world-leading data protection standards and proposals will be built on key elements of the current UK data protection regime (General Data Protection Regulation (UK GDPR) and Data Protection Act 2018), such as principles around data processing, people’s data rights and mechanisms for supervision and enforcement.
However, the government recognises that the current regime places disproportionate burdens on many organisations. For example, a small hairdressing business should not have the same data protection processes as a multimillion pound tech firm. Our reforms would move away from the “one-size-fits-all” approach and allow organisations to demonstrate compliance in ways more appropriate to their circumstances, while still protecting citizens’ personal data to a high standard.
The use of algorithmic or automated decision-making is likely to increase substantially in coming years. We want organisations to be confident that their AI-powered services are a force for good and will not inadvertently harm consumers.
Reforms to our data regime can also help ensure that organisations can better understand and mitigate the risk of bias in their algorithmic systems. These aim to help organisations identify what is driving bias, so that they can take steps to make sure their services are not inadvertently biased or replicating societal and historic discrimination, or drawing inferences that could be deemed unfair (for example, insurers predicting someone’s fitness levels from their purchasing habits).