Our chums at the MoJ are seeking our views on the ICO's performance. Evidently, as part of the UK Government's requirement to reform public bodies, all non departmental public bodies must be reviewed at least once every three years.
This review will examine whether there is a continuing need for the ICO to carry out its functions, and whether the organisation should continue to operate in its current form, considering whether services could be provided more effectively and efficiently.
We, the
people, have been asked to respond to the questions that are set out below:
1.
With regard to the ICO’s functions to enforce and
oversee the DPA and a range of a different regulations,
a.
Do you consider, in relation to any or all of
the above, that the provision of their services to individual users and to
organisations remains necessary? Please explain your reasons for your
answer.
b.
Do you consider that services provided by the ICO
in these areas could be improved? Please explain your reasons for your answer.
c.
Do you consider that services provided by the ICO
could be delivered differently? Please explain your reasons for your answer,
including any examples from other regulators or comparable international
bodies.
2.
Is the independence of the ICO best supported by
reporting to Parliament or to a government department such as the Ministry of
Justice? Please explain your reasons for your views.
3.
With continually changing technology, an increased
use of social media and the internet, do you believe the ICO will continue to
be fit for purpose?
4.
Do you have any additional comments you would like
to submit as evidence to the review?
The deadline
for responding is 16th January. Bearing in mind that the data
protection Xmas party season starts next week (with the Data Protection Forum’s
famous December meeting, which always ends with a marvelous festive lunch), we
actually haven’t got that long to think about our responses.
What are we
likely to say?
In response
to Q1, I expect respondents will be split between those who don’t think the ICO
is sufficiently effective, given its budgetary constraints, and those who are
pretty content with the current state of affairs, as the only time they usually
come into contact with the Information Commissioner and his team is when they
attend the ICO’s annual Data Protection Officer Conference in Manchester each
April, or when they attend other events where an ICO official is speaking. Or
perhaps when they pay their annual registration fee.
Many people
may well have heard of the ICO’s enforcement (and audit) teams, but much fewer
will have been visited by the ICO’s staff during the year, so they may not
fully appreciate just what all the 350-odd ICO employees really do all day.
This might,
however, prove to be a useful opportunity to compare the size of different
regulatory bodies, and to ask whether the ICO is appropriately resourced. Is it
sufficient to the ICO to be expected to spend some spend some £16 million on data protection work when the Financial
Ombudsman Service is likely to require an operating budget of over £250 million for 2014 / 15?
That
statistic tells me a lot about the problem at hand. If the Government really
wanted to properly enforce the laws it has passed, it needs to ensure that the
right resources are available. Perhaps “data protection compliance” is similar
to the “right to be forgotten” or “a fundamental right” – a soundbite that trips easily off the
tongue, but is really hard to pin down in practice.
In response
to Q2, I expect that the balance of views will be for the ICO to report to, and
be funded by, Parliament, rather than a Government Department. If the
Parliamentary and Health Services Ombudsman (with an operating budget of some
£33 million) can report directly to Parliament, then so should the ICO.
In response
to Q3, I’m not sure how many people can answer this. Does the question invite
us to ponder how effective the ICO will be in a world where many huge data
controllers will operate from countries outside the ICO’s ambit? If so, perhaps
this is where we need to put a word in for the Global Enforcement Network, and
hope that the ICO has enough funds in the kitty for its staff to travel to all
corners of the earth and liaise with local regulators.
In response
to Q4, I wonder how many respondents will point out that should the UK vote to
weaken our links with countries that remain within the EU, then it will be even
more important for a suitably equipped ICO to be able to deal with data
protection standards and opinions emerging from European data protection regulators,
and make sure that the standards can be interpreted in ways that meet the needs
of pragmatic Brits.
As well as
advising on rules that are sufficiently robust to persuade the EU that the UK
has affords its citizens an adequate level of protection.
Sources:
https://consult.justice.gov.uk/digital-communications/ico-triennial-review
https://ico.org.uk/about_us/performance/~/media/documents/library/Corporate/Research_and_reports/annual-report-2013-14.pdf
http://www.financial-ombudsman.org.uk/publications/2014-ourplans.pdf
https://ico.org.uk/about_us/performance/~/media/documents/library/Corporate/Research_and_reports/annual-report-2013-14.pdf
http://www.financial-ombudsman.org.uk/publications/2014-ourplans.pdf
.
Posts
