Predatory marketing calls will be data protection priority, says regulator

John Edwards said the ICO would focus on protecting vulnerable people and saving businesses money with a more focused approach.

Martyn Landi
Thursday 14 July 2022 00:01 BST
Information Commissioner John Edwards has set out the regulator’s priorities (PA)
Information Commissioner John Edwards has set out the regulator’s priorities (PA) (PA Archive)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The UK’s data protection regulator has made predatory marketing calls and supporting children’s privacy two of its key focuses over the next three years as part of a new action plan.

The Information Commissioner’s Office (ICO) will additionally look at how algorithms are used within the benefits systems and the impact the use of AI in recruitment is having on minority groups.

Information Commissioner John Edwards has set out the regulator’s priorities as part of the ICO25 plan, which includes a package of measures to help save businesses at least £100 million across the next three years.

“My office will focus our resources where we see data protection issues are disproportionately affecting already vulnerable or disadvantaged groups,” Mr Edwards said.

The more that we can take that uncertainty out of business decision-making, the more they can invest with confidence

Information Commissioner John Edwards

“The impact that we can have on people’s lives is the measure of our success. This is what modern data protection looks like, and it is what modern regulation looks like.”

To help firms save money and improve compliance, Mr Edwards said the ICO would publish internal data protection and freedom of information training materials, as well as create a database of the advice the ICO has previously provided to businesses and the public that could be referred to by anyone looking for data protection guidance.

The commissioner, who began in the role at the start of the year, told the PA news agency that rather than spreading the regulator and its resources thinly, a more focused approach meant it could “be more selective and try and apply our resources and regulatory tools so that they will have the greatest impact for the most people”.

In unveiling the plan, Mr Edwards said: “It is absolutely clear to me that in a world of increasing demand, and shrinking resources, we simply cannot keep doing what we’ve been doing and expect the system to improve.”

He added that publishing more internal materials from the ICO to help people and businesses with data protection decisions could reduce uncertainty.

In addition, the proposals will see an ICO-moderated platform created for organisations to discuss data protection law compliance and share their own information and advice.

“The more that we can take that uncertainty out of business decision-making, the more they can invest with confidence,” Mr Edwards said.

As part of this, he said the ICO would look to be more proactive in taking positions on issues of data protection rather than responding after a problem has arisen.

In addition, the ICO25 plan will see the regulator take a revised approach to public sector fines, with the first priority to be improving data protection standards in public sector organisations when a breach occurs.

Giving the example of fining an NHS trust for a law breach and how that could affect medical services within a community, Mr Edwards said he did not think fines were as good a “disincentive” in the public sector as they were in the private sector, saying he wanted the ICO to be “thinking more carefully” about why it issues fines and what it was trying to achieve.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in