Next month the entire EU, which still includes us, will implement the General Data Protection Regulation, which will bolster existing data protection laws and give users more control over what data is stored on them. These rules are going to affect the job of the Information Commissioner's Office, which is responsible for upholding public information rights, but the Commissioner herself feels current rules are slowly down her office's progress.
Elizabeth Denham, the current commissioner, is apparently in "intense" discussion with the government on the topic of broadening data protection laws, with the goal of giving her office new powers to access data more quickly.
This news comes right on the heels of the Cambridge Analytica scandal, with the ICO leading the EU investigation into how the company allegedly misused Facebook user data. It was widely reported that the ICO had sought a warrant to raid the Cambridge Analytica office in London, with the commissioner herself announcing those intentions on Monday 19th March. The actual warrant wasn't issued until Friday 23rd, with the seven hour raid commencing shortly afterwards.
She spoke about a number of topics at a press conference at the IAPP data protection conference in London, addressing the ongoing investigation, the importance of data protection, and the need for legislation that will ensure her office's powers don't become obsolete by the quickening advancement of technology:
“But, in the context of this particular investigation, the GDPR audit power is already being outpaced by technological advances in data analytics. I want to see this addressed.
I’m in intense discussion with government to ensure that as part of the data protection bill, the ICO has the ability to move more quickly to obtain information that we need to carry out our investigations in the public interest. As society moves increasingly online, data protection law needs to have the comprehensive reach that people would expect of laws in a physical world.”
It's worth emphasising that the ICO, which is responsible for investigating data protection abuses and dishing out fines, isn't anti-data protection. Quite the opposite, in fact, with the commissioner wanting the increased powers to ensure data crimes are taken as seriously as real world crimes that you'd typically associate with the police.
“Of course, we need to respect the rights of companies, but we also need streamlined warrant processes with a lower threshold than we currently have in the law. We need the regime to reflect the reality that data crimes are real crimes.”
The ICO is expecting a big increase in its workload once the GDPR comes into effect, which is why it's currently in the middle of recruiting new staff for offices across the UK. With that in mind, and considering the delay in its ability to raid Cambridge Analytica, it's understandable that the Commissioner wants to reduce the amount of red tape preventing her from doing her job quickly. Just as long as those powers can't be abused more easily. [Bloomberg | Computer Weekly]