ICO chief warns ministers against ditching GDPR safeguards

Information Commissioner John Edwards
(Image credit: Keumars Afifi-Sabet/IT Pro)

The newly appointed Information Commissioner, John Edwards, has signalled a doubling down on privacy and individual rights as the government plans to overhaul GDPR and replace it with laws that “prioritise innovation”.

The government is in the throes of a public consultation on radically redrawing the UK’s data protection landscape in light of desires to “create a pro-growth” regime that favours “common sense” over “box-ticking”. Detractors have warned, though, these proposals will erode the integrity of the layer of individual rights and protections ushered in with GDPR.

Edwards, who arrived from New Zealand in January to serve at the helm of the Information Commissioner’s Office (ICO), however, has doubled down on the need for any future regime to respect citizens’ fundamental right to privacy.

This chief concern, he said in his first public outing as Information Commissioner, trumps all other considerations.

“The deep, legal and cultural commitment to protect fundamental rights informs what comes next for us in the UK,” Edwards told delegates at the IAPP Data Protection Intensive. “I see the opportunities for the UK to shape its own laws, and see a desire in government to promote innovation.

“I understand the entirely sensible goal of enabling business and government to derive a digital dividend and extract value from data – but all of this will be built on a foundation that prioritises privacy.

“That cultural value of privacy has been reflected as I’ve met with organisations across the UK. Different sectors face different challenges, but I’ve heard a consistent message of organisations understanding the importance of getting privacy right.”

In his long-anticipated speech, Edwards also repeatedly signalled the most important aspect of his approach would be preventing harm to individuals through illicit business practices, signalling, again, he would take seriously the “British obsession with privacy”.

Edwards struck a more diplomatic tone in his first speech as Information Commissioner than previous comments may have paved expectations for. He once described Facebook, for instance, as “morally bankrupt pathological liars who enable genocide (Myanmar), facilitate foreign undermining of democratic institutions”.

His championing of privacy rights first and foremost, however, directly clashes with messaging from both ministers, and Department for Digital, Culture, Media and Sport (DCMS) officials, in recent months, who have branded the current regime unfit for purpose.

In March last year, the then deputy director for data strategy implementation and evidence, Phil Earl, said the next Information Commissioner would need to correct the “imbalance” favouring privacy rights.

Ministers, too, have long seen GDPR as cumbersome for businesses and anti-innovation. A task force comprising hardline Conservative MPs last June presented a report to Boris Johnson urging him to ditch the need for consent to process data, as well as the need for human oversight on AI decision-making, for instance.

Much of this work has informed the initial proposals DCMS has put out for consultation. Although the plans have been significantly watered down, they suggest removing the need to appoint a Data Protection Officer (DPO), and will also allow organisations to access personal data with greater ease.

Notably, the former New Zealand privacy commissioner refused to be drawn into whether he agreed with the need to overhaul GDPR in the first place, although elsewhere stressed while GDPR had its issues, he saw it as a “how-to”, not a “don’t do”.

Based on conversations with DCMS officials, Edwards, however, is confident the proposals won’t erode privacy in the way that was first feared, nor would the new regime jeopardise the UK’s adequacy agreement with the EU.

“Given DCMS has committed to maintaining high standards of protection, I struggle to see how legal protections will be less in Cardiff than is afforded to those in Copenhagen,” Edwards said.

“We are expert advisers and DCMS listens closely to what we have to say, and calibrates advice to ministers as a result,” he continued. “There are aspects of the consultation paper that we’re continuing to engage with DCMS on, continuing to try to understand the policy issue that ministers are trying to address, and providing advice about the implications and alternatives to suggested approaches.”

Keumars Afifi-Sabet
Features Editor

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.