A revamped ICO

In a press release, the government announced an overhaul of the Information Commissioner’s Office (ICO) to “help drive economic growth and strengthen public trust in use of data”.

The Digital Secretary, Oliver Dowden, announced on 9 September 2021 that a consultation would open to consider the shape of the ICO in the wake of Brexit and the COVID-19 pandemic, saying that an approach “based on common sense, not box-ticking” was needed.

Back in August Dowden was reported to be against the “endless” cookie pop-ups that seek user consent to store personal data, as he announced the successor to Elizabeth Denham, John Edwards, as the expected new head of the ICO.

Edwards, currently the New Zealand Privacy Commissioner, was quite public with his opinions in relation to the Facebook/Cambridge Analytica data misuse issue in 2018, and before taking the role in NZ was a barrister focussing on information and privacy law.

Denham’s term expires on 31 October 2021, so we’ll know closer to the time whether Edwards is the new Information Commissioner.

What about the GDPR?

Back in June 2021 the ‘adequacy decision’ from the EU meant that, despite Brexit, personal data could continue to flow between the UK and the EU.

Any changes to the Data Protection Act in the UK, however, would need to maintain the standards required for the adequacy decision. If the UK goes too far in liberalising data protection legislation, the European Commission has the right to revoke the decision, making data transfers with the EU more complicated.

And what about Privacy?

The outline of the consultation states that the government wants to “simplify data use by researchers and developers of AI and other cutting-edge technologies” and “build on the unprecedented and life-saving use of data to tackle the COVID-19 pandemic”.

These suggest that the intention is to reduce some of the provisions in place that protect data from use unless certain conditions are met (for example, the person provides their consent for their data to be used).

There are numerous examples, with medicine and healthcare being good ones, where easier use of data could be beneficial for the ‘greater good’. It might make regulation more complex though; it’s OK for an ambulance to exceed the speed limit and run red lights when transporting a critically ill person to hospital, but not when it isn’t. How will distinctions be drawn where data is concerned? We’ll have to wait and see.