The Department for Digital, Culture, Media and Sport (DCMS) has launched a consultation on a revamped data regime including proposals for reform of the Information Commissioner’s Office.
The DCMS said the Government wanted the new data regime to be “based on common sense, not box ticking”.
The consultation, Data: A new direction, covers:
- Plans for tougher penalties for nuisance calls and text messages;
- Consideration of what more can be done to mitigate algorithmic bias;
- Introduction of a new governance model for the ICO. This would include an independent board and chief executive structure to mirror the governance structures of other regulators such as the Competition and Markets Authority, the Financial Conduct Authority and Ofcom;
- Removal of the existing requirements to designate a data protection officer. “The new proposed requirement to designate a suitable individual, or individuals, to be responsible for the privacy management programme and for overseeing the organisation’s data protection compliance…..would place different obligations on organisations, potentially driving more effective data protection outcomes";
- Removal of the requirement for organisations to undertake a data protection impact assessment, “so that organisations may adopt different approaches to identify and minimise data protection risks that better reflect their specific circumstances”.
- Consideration of a change in the threshold for reporting a data breach to the ICO “so that organisations must report a breach unless the risk to individuals is not material”. The ICO would be encouraged to produce guidance and examples of what constitutes a ‘non material’ risk, as well as to produce examples of what is and what is not reportable.
- Reforms to help reduce complexity for organisations conducting research.
The consultation will close on 19 November.
The DCMS said the reforms would “ensure that the ICO remains a world-leading regulator, enabling people to use data responsibly to achieve economic and social goals” and “broaden the remit of the ICO and empower the Information Commissioner to champion sectors and businesses that are using personal data in new, innovative and responsible ways to benefit people’s lives in areas such as healthcare - building on the use of data in tackling Covid-19 - and financial services”.
It also said the government wanted to remove unnecessary barriers to responsible data use. “This can help deliver more agile, effective and efficient public services and further strengthen the UK’s position as a science and technology superpower.”
Digital Secretary Oliver Dowden said: “Data is one of the most important resources in the world and we want our laws to be based on common sense, not box-ticking.
“Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society.
“These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic.”
The DCMS said the proposals would be built on key elements of the current UK data protection regime (General Data Protection Regulation (UK GDPR) and Data Protection Act 2018), such as principles around data processing, people’s data rights and mechanisms for supervision and enforcement.
“However, the government recognises that the current regime places disproportionate burdens on many organisations. For example, a small hairdressing business should not have the same data protection processes as a multi-million-pound tech firm. Our reforms would move away from the ‘one-size-fits-all’ approach and allow organisations to demonstrate compliance in ways more appropriate to their circumstances, while still protecting citizens’ personal data to a high standard.”
The Department also predicted that the use of algorithmic or automated decision-making was likely to increase substantially in coming years, and said it wanted organisations to be confident that their AI-powered services were “a force for good and will not inadvertently harm consumers”.
It added: “Reforms to our data regime can also help ensure that organisations can better understand and mitigate the risk of bias in their algorithmic systems. These aim to help organisations identify what is driving bias, so that they can take steps to make sure their services are not inadvertently biased or replicating societal and historic discrimination, or drawing inferences that could be deemed unfair.”
Responding to the consultation launch, outgoing Information Commissioner Elizabeth Denham said: “People’s personal data is used in ever more novel ways; it is right that government looks to ensure a legislative framework that is fit for the future. A framework that continues to be independently regulated to maintain high standards of protection for people while delivering social and economic benefits.
“My office will provide constructive input and feedback as the work progresses, including through our public response to the consultation, ensuring that the ICO can effectively regulate this legislation.
“We will be considering the detail of the proposals and intend to publish our response as soon as possible.”