- Data Protection
- Intellectual property
Shorter Reads
The Information Commissioner has published a response to the DUAB that was introduced to Parliament on 24 October 2024. In summary, it regards the Bill as a welcome reform of data protection laws, improving the way in which the ICO can now regulate.
1 minute read
Published 6 November 2024
The Information Commissioner has published a response to the DUAB that was introduced to Parliament on 24 October 2024. In summary, it regards the Bill as a welcome reform of data protection laws, improving the way in which the ICO can now regulate.
The ICO sees the changes proposed by the Bill as pragmatic and necessary amendments to UK Data Protection legislation, aligning with the ICO’s objectives and ensuring flexibility to evolve. They point out the vital importance retaining adequacy status with the EU, that is, confirmation that UK GDPR remains aligned with EU GDPR, which is due to be reviewed in 2025. The ICO believes that the Bill does not put this in jeopardy.
They applaud the ambitious introduction of smart data schemes, aimed at enabling people to access their personal information more easily, and are optimistic that this will stimulate economic growth, in addition to establishing and maintaining people’s trust, which is vital to ensuring the success of these projects. They highlight that such schemes should be focussed on a privacy-by-design approach to personal information processing, so that data protection principles are embedded from the outset. They also supportive of the planned digital verification services.
The ICO also welcomes the proposed changes to the requirements for automated decision making (ADM), as aside from situations involving special category data, ADM will no longer be expressed as a prohibition (with exceptions) and businesses will be able to rely on legitimate interests. They highlight benefits such as increased efficiency, and consider this change strikes a good balance between facilitating the benefits of automation & maintaining additional protection for special category data.
The proposed changes to consent requirements for cookies, reducing the circumstances where consent will be needed if the purpose is for statistical analysis or to improve website performance, are seen as positive.
The ICO approves of the changes relating to processing of data within the healthcare sector but because such data will invariably be special category, they highlight the need for organisations to share such personal information responsibly. Organisations must be clear and transparent about how they will use people’s personal information, and are encouraged to prioritise inputting initiatives from the start to ensure the safe and secure collection and storage of data
Despite the concerns expressed by businesses and public bodies that the reforms do not go far enough, the ICO welcome the modest changes to the rights of individuals. The Bill will require organisations to put a complaints process in place before they are escalated to the ICO. This is intended to achieve more direct and swift resolution of people’s complaints and concerns, instead of involving the ICO, but that remains to be seen.
The increase in fines under PECR (to the same level as GDPR fines) in relation to direct marketing abuses of personal data should enable the ICO to take more effective action against predatory marketing calls which often target vulnerable people.
Finally, the ICO appear to be happy with the proposal to restructure their organisation. They will have new obligations to establish stakeholder panels to inform the content of our codes of practice and to develop and publish impact assessments on their key regulatory products and interventions. Their governance structure will be modernised to a Board and chief executive model. The Chair of the Board will be appointed by the Crown, and the Board will appoint the CEO. This is seen to address the ICOs concerns (under the previous proposals) that their independence could be potential compromised by Government intervention.
Related content
Shorter Reads
The Information Commissioner has published a response to the DUAB that was introduced to Parliament on 24 October 2024. In summary, it regards the Bill as a welcome reform of data protection laws, improving the way in which the ICO can now regulate.
Published 6 November 2024
The Information Commissioner has published a response to the DUAB that was introduced to Parliament on 24 October 2024. In summary, it regards the Bill as a welcome reform of data protection laws, improving the way in which the ICO can now regulate.
The ICO sees the changes proposed by the Bill as pragmatic and necessary amendments to UK Data Protection legislation, aligning with the ICO’s objectives and ensuring flexibility to evolve. They point out the vital importance retaining adequacy status with the EU, that is, confirmation that UK GDPR remains aligned with EU GDPR, which is due to be reviewed in 2025. The ICO believes that the Bill does not put this in jeopardy.
They applaud the ambitious introduction of smart data schemes, aimed at enabling people to access their personal information more easily, and are optimistic that this will stimulate economic growth, in addition to establishing and maintaining people’s trust, which is vital to ensuring the success of these projects. They highlight that such schemes should be focussed on a privacy-by-design approach to personal information processing, so that data protection principles are embedded from the outset. They also supportive of the planned digital verification services.
The ICO also welcomes the proposed changes to the requirements for automated decision making (ADM), as aside from situations involving special category data, ADM will no longer be expressed as a prohibition (with exceptions) and businesses will be able to rely on legitimate interests. They highlight benefits such as increased efficiency, and consider this change strikes a good balance between facilitating the benefits of automation & maintaining additional protection for special category data.
The proposed changes to consent requirements for cookies, reducing the circumstances where consent will be needed if the purpose is for statistical analysis or to improve website performance, are seen as positive.
The ICO approves of the changes relating to processing of data within the healthcare sector but because such data will invariably be special category, they highlight the need for organisations to share such personal information responsibly. Organisations must be clear and transparent about how they will use people’s personal information, and are encouraged to prioritise inputting initiatives from the start to ensure the safe and secure collection and storage of data
Despite the concerns expressed by businesses and public bodies that the reforms do not go far enough, the ICO welcome the modest changes to the rights of individuals. The Bill will require organisations to put a complaints process in place before they are escalated to the ICO. This is intended to achieve more direct and swift resolution of people’s complaints and concerns, instead of involving the ICO, but that remains to be seen.
The increase in fines under PECR (to the same level as GDPR fines) in relation to direct marketing abuses of personal data should enable the ICO to take more effective action against predatory marketing calls which often target vulnerable people.
Finally, the ICO appear to be happy with the proposal to restructure their organisation. They will have new obligations to establish stakeholder panels to inform the content of our codes of practice and to develop and publish impact assessments on their key regulatory products and interventions. Their governance structure will be modernised to a Board and chief executive model. The Chair of the Board will be appointed by the Crown, and the Board will appoint the CEO. This is seen to address the ICOs concerns (under the previous proposals) that their independence could be potential compromised by Government intervention.
Need some more information? Make an enquiry below.
Subscribe
Please add your details and your areas of interest below
Article contributors
Partner - Head of IP & Data Protection
Specialising in Intellectual property disputes, Data protection, Digital, Intellectual property and Manufacturing
Trainee Solicitor
Specialising in Training
Enjoy reading our articles? why not subscribe to notifications so you’ll never miss one?
Subscribe to our articlesPlease note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.
Close