IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

ICO chief warns ministers against ditching GDPR safeguards

Individual rights come before anything else, John Edwards insists, amid government plot to rip up data protection laws

The newly appointed Information Commissioner, John Edwards, has signalled a doubling down on privacy and individual rights as the government plans to overhaul GDPR and replace it with laws that “prioritise innovation”.

The government is in the throes of a public consultation on radically redrawing the UK’s data protection landscape in light of desires to “create a pro-growth” regime that favours “common sense” over “box-ticking”. Detractors have warned, though, these proposals will erode the integrity of the layer of individual rights and protections ushered in with GDPR. 

Edwards, who arrived from New Zealand in January to serve at the helm of the Information Commissioner’s Office (ICO), however, has doubled down on the need for any future regime to respect citizens’ fundamental right to privacy. 

This chief concern, he said in his first public outing as Information Commissioner, trumps all other considerations. 

“The deep, legal and cultural commitment to protect fundamental rights informs what comes next for us in the UK,” Edwards told delegates at the IAPP Data Protection Intensive. “I see the opportunities for the UK to shape its own laws, and see a desire in government to promote innovation. 

“I understand the entirely sensible goal of enabling business and government to derive a digital dividend and extract value from data – but all of this will be built on a foundation that prioritises privacy.

“That cultural value of privacy has been reflected as I’ve met with organisations across the UK. Different sectors face different challenges, but I’ve heard a consistent message of organisations understanding the importance of getting privacy right.”

Related Resource

Improve security and compliance

Adopting an effective security and compliance risk management approach

Whitepaper cover with image of a shield with red outline, red numbers 1s & 0s, red cubes and white cloud outlinesFree Download

In his long-anticipated speech, Edwards also repeatedly signalled the most important aspect of his approach would be preventing harm to individuals through illicit business practices, signalling, again, he would take seriously the “British obsession with privacy”. 

Edwards struck a more diplomatic tone in his first speech as Information Commissioner than previous comments may have paved expectations for. He once described Facebook, for instance, as “morally bankrupt pathological liars who enable genocide (Myanmar), facilitate foreign undermining of democratic institutions”.

His championing of privacy rights first and foremost, however, directly clashes with messaging from both ministers, and Department for Digital, Culture, Media and Sport (DCMS) officials, in recent months, who have branded the current regime unfit for purpose. 

In March last year, the then deputy director for data strategy implementation and evidence, Phil Earl, said the next Information Commissioner would need to correct the “imbalance” favouring privacy rights.

Ministers, too, have long seen GDPR as cumbersome for businesses and anti-innovation. A task force comprising hardline Conservative MPs last June presented a report to Boris Johnson urging him to ditch the need for consent to process data, as well as the need for human oversight on AI decision-making, for instance. 

Much of this work has informed the initial proposals DCMS has put out for consultation. Although the plans have been significantly watered down, they suggest removing the need to appoint a Data Protection Officer (DPO), and will also allow organisations to access personal data with greater ease.

Notably, the former New Zealand privacy commissioner refused to be drawn into whether he agreed with the need to overhaul GDPR in the first place, although elsewhere stressed while GDPR had its issues, he saw it as a “how-to”, not a “don’t do”.

Based on conversations with DCMS officials, Edwards, however, is confident the proposals won’t erode privacy in the way that was first feared, nor would the new regime jeopardise the UK’s adequacy agreement with the EU.

“Given DCMS has committed to maintaining high standards of protection, I struggle to see how legal protections will be less in Cardiff than is afforded to those in Copenhagen,” Edwards said. 

“We are expert advisers and DCMS listens closely to what we have to say, and calibrates advice to ministers as a result,” he continued. “There are aspects of the consultation paper that we’re continuing to engage with DCMS on, continuing to try to understand the policy issue that ministers are trying to address, and providing advice about the implications and alternatives to suggested approaches.”

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022