At a crossroads: what subsequent for knowledge safety regulation?

There was a time when knowledge safety was nearly a byword for one thing boring, boring and technical.

Not. The previous couple of years have seen knowledge safety points not often out of the headlines, from main safety breaches at family title corporations to current controversies over GP knowledge and vaccine passports.

There have additionally been two main upheavals within the legislation, with the brand new Common Knowledge Safety Regulation taking impact in 2018, adopted by the post-Brexit adjustments because the UK disentangles itself from EU legal guidelines.

However as knowledge safety has grown in significance and attracted wider curiosity, there was growing frustration on the approach knowledge safety legislation is enforced and controlled. Particularly, the Info Commissioner, Elizabeth Denham, has turn out to be the goal of criticism for failing to take extra strong motion to implement the legislation. This criticism reached the mainstream final week when the Telegraph printed an opinion piece entitled ‘The Info Commissioner’s Workplace is letting us down’ (£), arguing that the Commissioner had spent an excessive amount of time chasing headlines and never sufficient imposing the laws. This was adopted rapidly by a prolonged rebuttal on the ICO’s web site.

What ought to we make of all this? The context right here is vital, so maybe we shouldn’t be stunned by the timing of those public criticisms. Elizabeth Denham’s time period as Commissioner runs out in October, when a brand new Commissioner will take up the function. We don’t but know the id of her substitute, though the sturdy favorite is John Edwards, presently New Zealand’s Privateness Commissioner. A few of the public criticisms look like a not-so-subtle try at influencing the brand new Commissioner to take regulation in a brand new and completely different path.

Most of the criticisms raised by the Telegraph and elsewhere are effectively based. Elizabeth Denham has had a better public profile than any of her predecessors, repeatedly showing in public to debate knowledge safety points and making certain that the ICO has contributed to debates round synthetic intelligence and new applied sciences. However by way of regulation, the ICO has used its vital powers sparingly since 2018 and has most popular to offer recommendation and steering relatively than impose heavy fines or situation formal enforcement notices. While companies actually welcomed the Commissioner’s softly-softly method to start with, many are actually questioning whether or not it is just too lenient. My purchasers who work laborious to get it proper inform me that they’re annoyed to see rivals gaining a bonus by ignoring the principles with obvious impunity.

Within the EU, regulators have taken an altogether extra strong method. This week it was introduced that Amazon had been fined a report €746 million by the Luxembourg knowledge safety authority, whereas elsewhere regulators have already racked up a whole lot of smaller fines. In fact, efficient regulation shouldn’t be all about fines and we should always not underestimate the significance of the ICO’s advisory function. However demonstrating that non-compliance has penalties is likely one of the finest methods to steer reluctant organisations that knowledge safety issues.

n the opposite hand, there are clearly some inside the present UK authorities who don’t want to see the Commissioner taking a stronger method and would favor knowledge safety to return to its former low profile. There have been repeated statements from inside the UK authorities about the fee and perceived burden of information safety compliance, in addition to the potential to use the facility of information to drive financial progress. The Info Commissioner is unbiased of presidency however, in a post-Brexit world, the UK authorities now has a far higher function by way of setting the path of information safety coverage. These voices are going to be troublesome to disregard.

It appears like we’re at a crossroads, with the long run path of information safety regulation unclear. Will we wish to see the regulator as a largely advisory physique, providing recommendation and steering however leaving the difficult problems with enforcement to the courts? Or would we want an lively and interventionist regulator that isn’t afraid to problem the organisations it regulates (together with, after all, the federal government itself)?

Whoever takes on the function as the following Commissioner goes to want a thick pores and skin, professional diplomacy abilities and the steadiness and poise of an Olympic gymnast. Good luck!