What are some of the plans?
Notably the ICO is going to focus its efforts on where it can have the most impact. Key project areas include supporting the most vulnerable communities, work on children’s online privacy, addressing AI-driven discrimination, setting expectations for the use of biometric technologies, influencing the future of online tracking, and an examination of how CCTV is being used, including in care homes. A shake-up of Freedom of Information processes is also promised.
What does this mean for individuals and businesses?
The ICO wants to make it easier for individuals to see how it is working in the public interest. It will do more to understand the concerns of the diverse UK public, and then use these concerns to drive its priorities. ICO25 aims to lower the cost of regulatory compliance for businesses, and to provide both certainty and flexibility so they can confidently invest in new, responsible innovations that will drive economic growth. A new iAdvice service will allow innovative businesses to seek early clarity about if they are compliant, while binding rulings will provide certainty around the ICO’s position on business practice in advance, rather than after the fact.
The strategy also outlines a change in tack on dealing with poor privacy practices in the public sector, revising its approach to public sector fines so that money is not diverted away from where people need it most.
The ICO will do everything to help organisations to comply, but those that don’t will be in trouble. Underlining this point, Edwards said: “I have a message for those who choose not to play by the rules. To those who seek to target and exploit vulnerable communities, who seek an advantage over law-abiding competitors by misusing personal information: you will find yourselves on the receiving end of our most punitive regulatory tools.”
What does the Privacy Compliance Hub think about the plans?
We welcome much of the ICO’s strategy, which strikes us as having a good balance of idealism and pragmatism. The focus on using good information practices to drive economic growth is particularly welcome, as is the publishing of a serious, robust set of KPIs against which ICO activity can be judged.
However, although ICO25 signifies the ICO’s willingness to listen to sector-specific feedback from organisations, we feel it could have been stronger on how partners, consultants and privacy businesses could work with it to achieve lasting change – particularly as Edwards admitted its resources are limited. Privacy is a huge issue, and as such we need the entire ecosystem working harmoniously together, rather than the current siloed approach. We all have a responsibility to ensure those organisations that process information do so responsibly.
ICO25 is now out for public consultation. The plan is available online and members of the public and interested parties have been invited to submit feedback anonymously until 22 September. The finalised strategy is expected in the Autumn and we will of course update our customers and followers via the Hub and on our blog and social media channels.