back to article John Edwards takes the reins at the UK's data protection watchdog

The Information Commissioner's Office has confirmed that former New Zealand privacy commissioner John Edwards has started his new role as the UK's Information Commissioner. Top of his in-tray will be helping the government square the EU's data protection rules with its desire to create a new, more "pro-innovation" regime. …

  1. alain williams Silver badge

    ''more "pro-innovation" regime.''

    That often seems to mean "getting rid of pesky red tape" while glossing over why the red tape was there in the first place.

    Red tape is often brought in after something bad has happened to prevent reoccurrence ... then, decades later, it is denounced as slowing business. But all those who were alive when the original bad thing happened are dead, so the red tape is removed and a few years later history repeats itself when bad thing happens again.

    1. Anonymous Coward
      Anonymous Coward

      Re: ''more "pro-innovation" regime.''

      You're absolutely right, but for what it's worth Edwards has a pretty decent rep for taking a much more balanced approach than you might expect given which government has appointed him and the conditions under which he has been appointed.

      Ultimately the person running ICO is moot. Denham was a true privacy crusader but her hands were tied by weak laws and no capacity to enforce them - having someone more or less intent on saying the right things won't change that. Whatever compliance with the UK's Data Protection Act 2018 (née GDPR) exists does so largely by consent and voluntary compliance.

      Our main worry should be what changes are going to be made to it, not the attitudes of the man running the organisation that enforces it.

      1. Anonymous Coward
        Anonymous Coward

        Re: ''more "pro-innovation" regime.''

        Denham was not a privacy crusader at all and after the 2018 revision of the DPA, her office did in fact have the powers it has been 'asking' for for so long. She just chose never to enforce them for ... reasons (insert appropriate justification here later).

        For example, look up how many public sector organisations *have ever* received enforcement action for breaches of the DPA 2018 or DPA 1998 (I'll give you a clue - it's a nice round number!)

        I personally complained a number of times, with evidence that organisations were in material breach of the DPA2018 (and not just trivial breaches, but very serious ones affecting multiple individuals), but the ICO in her infinite wisdom never took any action, citing that the ICO only takes action on the back of 'intelligence led' investigations. Of course, 99% of investigations are concluded with "insufficient evidence" (even when there is) or "no action taken". Hmmm.

        In addition, I found that decisions between the ICO and alleged breaching organisations were decided without paper trails (verbally in off-the-record telephone meetings), meaning that not only were the reasons for a decision (which was inevitably 'take no action') not available, there was absolutely no scrutiny of how they were reached. Wine and cheese hampers or £3,000 chocolates in the mail perhaps?

        Top this all off, of the mutiple public breaches that the ICO did actually investigate (when there was an interesting media angle to them), no conclusion was reached (still waiting for my Equifax, Google/Cambeidge Analytica, IAG payouts - any day now, right?). The only companies they seem to actually fine are the SMEs that are already technically bankrupt so will not pay the fine anyway.

        The ICO has turned into a chocolate fireguard because it's always easier to ensure your future role by allowing a degree of non-compliance. They are not set up to police the DPA, so don't. But here's the rub - many years ago they did police it and people did get legal remedy from them. I did with the ICO's help in the late 1990s - from Equifax of all people!

        1. Anonymous Coward
          Anonymous Coward

          Re: ''more "pro-innovation" regime.''

          I agree with pretty much everything you said.

          > For example, look up how many public sector organisations *have ever* received enforcement action for breaches of the DPA 2018 or DPA 1998 (I'll give you a clue - it's a nice round number!)

          In my own limited experience regarding the Northern Ireland Census last year the ICO case officer *did* agree that NISRA had not complied with their data protection obligations (failure to adequately fulfil the GDPR transparency requirements & failure to comply with PECR regarding cookies).

          However, so far, the ICO have ignored the portion of my complaint regarding NISRA's DPO failure to adequately fulfil their legal duties - when I complained to NISRA's DPO she claimed PECR was nothing to do with her, only GDPR, and she also "forwarded my complaint to the relevant team" and did not get involved herself at all. All ICO appear to have done is "ordered" NISRA to give all staff mandatory training, update their procedures, and update their website. As the census only occurs every 10 years then it's irrelevant if they update their Privacy Notice now, after the Census as already occurred.

          With regard to my other case against the HSC NI (aka NHS Northern Ireland) for large scale multiple breaches of Data Protection law since 2011 to the present day the ICO case officer is apparently due to deliver a decision in the next few days. Based on the number of distinct types of breaches of the law and the scale of affected individuals (almost 2 million) and that it involves Special Category personal data I cannot see how ICO can avoid taking enforcement action, but I'm unfortunately expecting them to find some way to actually only take minor (if any) action.

  2. tiggity Silver badge

    Fleetwood Mac

    Not sure Fleetwood Mac "Go your own way" reference inspires confidence, given how the band was renowned for internal conflict / splits and for going TITSUP*

    *Total inability to support unchanging personnel

    1. Eclectic Man Silver badge

      Re: Fleetwood Mac

      I wonder whether he will take the advice of any other 'popular beat combos'.

      Will he 'Relax'*, and 'Sit down'**, or 'Get off of my cloud'***, and possibly 'Paint it Black'***? Maybe he'll turn out to be a 'Hero (just for one day)'**** or look for a girl with Faraway Eyes***.

      Any other suggestions?

      I'll get my coat, it's the one with a compact cassette in the pocket.

      *Frankie Goes to Hollywood


      ***Rolling Stones


      1. Potemkine! Silver badge

        Re: Fleetwood Mac

        Never Mind the Bollocks *

        * Sex Pistols

  3. spold Silver badge

    Don't risk a breach....

    ...or the gang will be 'round giving you the Haka.

    1. spold Silver badge

      Re: Don't risk a breach....

      I have no idea why anyone would think that merited a downvote - I have over 20 years of privacy experience, and anyone incoming giving a Haka to companies processing sensitive Personal Information will get my support!

  4. Scott Broukell

    In this country (UK), I fully expect that the term " Data Privacy is a right" does in fact mean that all your (our) data will be harvested and put into Private Hands, where it will be traded, exploited and mis-used in all manner of ways imaginable and great riches will be made by a select few - right!

    1. Cederic Silver badge

      Oh, no. Not put into 'Private Hands' at all.

      Sold. Your data will be sold. You will be sold.

  5. Fruit and Nutcase Silver badge

    Yes Minister

    In 2022, the ICO said it is due to "actively engage" with the government over the proposed reforms to the Data Protection Act.

    ICO: This is a draft of the proposed reforms to the Data Protection Act.

    Minister: Actually, I have prepared a draft myself. Here, I think you will find it covers all the points that need attention.

    ICO: Yes, Minister. Thank you Minister

  6. deive

    "don't stop believing" - That's worked out well so far for Brexit and Covid...

  7. Potemkine! Silver badge

    If the UK government believes it can establish a new rule which contradicts just a little bit the GPDR and still makes data-related business with the EU, then this government is living in a fantasy world.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like