The Information Commissioner’s Office (ICO) is seeking views on how it regulates the 11 pieces of legislation it currently monitors and enforces as the government ponders changing the watchdog’s role under a new data protection regime. A consultation opened this week covers three draft documents 'designed to give direction and focus to the organisation'.
According to the ICO, a Regulatory Action Policy (RAP) reinforces the commitment to a 'proportionate and risk-based approach to enforcement'. It covers all 11 pieces of legislation that the ICO is responsible for, including the UK GDPR, the Freedom of Information Act and the Privacy and Electronic Communications Regulations. The aim is 'to help create an environment that protects data subjects and supports access to information, while ensuring that businesses, charities and public services are able to operate and innovate efficiently in the digital age'.
Draft Statutory Guidance on Regulatory Action focusses on the sections in the Data Protection Act 2018 that set out legal obligations to publish guidance to help organisations navigate the law.
Draft Statutory Guidance on PECR Powers explains how the ICO uses its statutory powers to enforce the data protection legislation relating to electronic communications such as nuisance calls, emails and texts.
Chief regulatory officer James Dipple-Johnstone said: 'Information rights have never been more important or impactful. Now more than ever, we support innovation and economic growth, but both require the public to have trust in the way their personal information is used. We are focussed on promoting best practice and compliance but, where it is necessary, we will exercise a fair and proportionate approach to enforcement action.’
Although the documents cover the existing law, the emphasis on ‘innovation and economic growth’ is significant given the government's stated ambition to add these to the ICO's priorities under proposals to reform data protection law. The ICO said that, pending the reforms, it will 'continue to update its policies when it is both necessary and appropriate'.
The new information commissioner, New Zealand lawyer John Edwards, assumes the role on 3 January, the government confirmed this week.