Amid the introduction of a new data protection reform bill Wednesday, U.K. Information Commissioner John Edwards said the goals within the ICO25 strategic plan "are not predicated or dependent on law reform."
"We can still achieve everything we’ve set out to achieve regardless of the direction the law goes in, within certain limits, but I’m very confident of those limits," Edwards said in a keynote address at the IAPP Data Protection Intensive: U.K. in London, reflecting on his first year in office and looking at what’s ahead. "There are positives to law reform and advantages to our independent practices. We can be, to borrow a key phrase from my first year, more fleet of foot than many of our European counterparts. We can identify harms and focus on where we can be the most effective to bring the most benefit to the people and organizations of the United Kingdom."
U.K. Secretary of State for Science, Innovation and Technology Michelle Donelan introduced Wednesday the Data protection and Digital Information Bill, described as a "common-sense-led UK version" of the EU’s General Data Protection Regulation that will save the U.K. economy more than £4 billion over the next 10 years and "ensure privacy and data protection are securely protected."
Liberal Democrat House of Lords spokesperson for Science, Innovation and Technology Tim Clement-Jones, who spoke in a separate keynote conversation with Centre for Information Policy Leadership President Bojana Bellamy, said he’s a fan of the U.K.’s current data protection regime and is "not wholly on board with tinkering with it," while he does support incorporating components of the EU GDPR not currently in the U.K. law for clarification on legitimate interests and research aspects.
"But I’m not a great fan of tinkering with something where God knows how many training hours people have spent learning how to apply the GDPR," he said.
Bellamy noted the U.K.’s goal of simplifying its data protection regime to enable more effective protections and clearer rules and asked Clement-Jones whether he believes the new reform will succeed in those areas.
In instances of ambiguity, Clement-Jones said the ICO can produce guidance, codes and other measures "to clarify the duties of various operators in the whole data space." So, he asked, "why go through a whole bunch of primary legislation just to clarify stuff."
In his keynote, Edwards spoke of an ICO that has been more conscious in its decisions and investigations over the past year, "constantly evaluating our value proposition" and "moving resources to places where they can have the greatest effect at all times." He said an "extraordinary amount" has been achieved over the past year, including specific guidance tailored for small businesses and gaming designers, engagement with marginalized groups and communities of unmet need, and work to ensure the ICO is accessible.
"We want to be approachable and open both to organizations and to the public, as well as to our DPO network across the U.K.," he said, adding a key role of regulators is providing people with "confidence in the digital economy."
"Regulators are not just there to chase around after the malcontents, the bad behavior, those wanting to exploit weaknesses or uncertainty," he said.
"We are taking action in creating the ICO we want to be, one that empowers you through information, one that is empathetic and transparent and one that supports the whole economy to thrive. Regulation can be a force for good and we want to ensure all the people we serve understand the ICO is there to empower them and to look out for their interests," he said.
Edwards said the ICO has adapted its approach to move at the same pace as the "fast moving, dynamic digital economy," which Bellamy and Clement-Jones noted includes artificial intelligence. Clement-Jones, Chairman of the Select Committee on Artificial Intelligence in the House of Lords, said data is the essence of AI technologies and discussed support for a risk-based approach to regulation.
"The more life moves on and the more we compare ourselves to what they are doing in the EU, the more I think we’re going to have to have a horizontal layer of regulation," he said, referring to the EU’s proposed AI Act. "At the end of the day, we’re going to have an AI governance adequacy aspect. We’re going to have to not just have this sectoral approach, we’re going to have to have something that conforms rather more to a risk-based approach, which is more holistic."