NEWS – “without comment”

Oct 11, 2021,

UK’s Data Regulator Claims Government Plans Threaten ICO Independence Emma Woollacott – Senior Contributor – Cybersecurity


The UK’s data regulator, information commissioner Elizabeth Denham, has fired a parting shot against the government, saying its new regulatory framework jeopardises her office’s independence.

Denham, who has held the role since 2016, is shortly to leave, to be replaced by New Zealand’s privacy commissioner, John Edwards.

Last month, in the wake of Brexit, the government launched a consultation into a new regulatory framework for data protection that could see it diverge from GDPR. This caused some consternation, given that only weeks earlier the UK had persuaded the EU to grant it data adequacy on the grounds that it was largely aligned with GDPR.

And now, in a consultation document responding to the proposals, Denham has expressed concerns that the proposals could jeopardise the independence of the Information Commissioner’s Office (ICO).

While the office is sponsored by the Department for Digital, Culture Media and Sport (DCMS), it is currently a public body independent of the government. However, in a new governance model that forms part of the government proposals, the secretary of state would gain powers to approve ICO guidance and to appoint its CEO. And while the ICO is broadly in favour of the changes in governance, this is where it takes issue.

The proposals would allow the secretary of state to approve codes of practice and novel or complex guidance. These, says the ICO, are key mechanisms whereby it carries out its functions, and that giving government a veto would undermine its role.

“The current proposals for the secretary of state to approve ICO guidance and to appoint the CEO do not sufficiently safeguard this independence. I urge government to reconsider these proposals to ensure the independence of the regulator is preserved.”

She points out that independence allows the ICO to regulate without fear or favor, and helps to maintain public trust in the organization. Meanwhile, there’s the question of how the UK is seen abroad, particularly as other jurisdictions move towards tighter, rather than looser, data protection standards.

“As chair of the Global Privacy Assembly, I have seen first-hand a clear trend towards high standards of data protection around the world. I welcome the recognition of the value of our high data protection standards in international trade,” says Denham.

“These standards make it easier to sell products and services. This is good for the public and good for business. Any reforms to the UK data protection regime should therefore always be weighed in terms of their impact on the ease with which data is able to flow between international jurisdictions.”

The ICO is also concerned about various other elements of the proposals, such as the scrapping of the requirement to consider whether legitimate interests in processing data are outweighed by the fundamental rights and freedoms of individuals, the removal of the right to a human review of automated decision-making, and the introduction of a small fee for making a subject access request.

Emma Woollacott =