Proposed reforms in the government’s bonfire of European data protection rules could threaten the independence of the Information Commissioner’s Office, the outgoing commissioner warned yesterday. In a foreword to the ICO’s response to the proposals in a consultation document ‘Data: a new direction’, published last month, Elizabeth Denham states that proposals for the government to approve ICO guidance and to appoint the chief executive do not sufficiently safeguard its independence.
'I urge government to reconsider these proposals to ensure the independence of the regulator is preserved,' she states.
The ICO is currently an independent public body answerable to parliament, though sponsored by the Department for Digital, Culture Media and Sport. Denham is due to complete her five-year term of office this month.
Overall, the ICO’s 89-page response cautiously approves of many of the government’s reform proposals for an independent data protection regime, while several times calling for more detail. For example it agrees that the proposed requirement for the ICO’s remit to include economic growth and competition would help to support the use of data to create economic benefits. However this would require ‘appropriate protections’.
The ICO also agrees that the current approach to consent for web cookies 'does not work for people or businesses', observing that current consent mechanisms 'do not provide effective transparency or meaningful control'. It welcomes the government’s ambition to create a 'friction-free online experience… in which users’ preferences about how their information is used and shared are respected'.
On a more critical note, the ICO is 'concerned' by the government’s intention to remove the right to a human review of automated decision-making. It notes that the right to review 'is intended to protect people where an organisation is carrying out decision-making solely by automated means, without any human involvement, where that decision-making has legal or similarly significant effects on them'.
On the controversy over whether the reformed data protection regime will meet international 'adequacy' standards, the ICO says more information is needed about the government’s proposed 'risk-based approach'.
'It would also be helpful to understand more detail about the proposals for future adequacy decisions to “take into account the different legal and cultural traditions which inform how other countries achieve high standards of data protection”. We look forward to seeing more detail about how these changes would work in practice.'
In her foreword, Denham notes: 'As the proposals are developed, the devil will be in the detail. It will be important that government ensures the final package of reforms clearly maintain rights for individuals, minimise burdens for business and safeguard the independence of the regulator.'