The UK’s data protection regulator has made predatory marketing calls and supporting children’s privacy two of its key focuses over the next three years as part of a new action plan.
The Information Commissioner’s Office (ICO) will additionally look at how algorithms are used within the benefits systems and the impact the use of AI in recruitment is having on minority groups.
Information Commissioner John Edwards has set out the regulator’s priorities as part of the ICO25 plan, which includes a package of measures to help save businesses at least £100 million across the next three years.
“My office will focus our resources where we see data protection issues are disproportionately affecting already vulnerable or disadvantaged groups,” Mr Edwards said.
The more that we can take that uncertainty out of business decision-making, the more they can invest with confidence
Information Commissioner John Edwards
“The impact that we can have on people’s lives is the measure of our success. This is what modern data protection looks like, and it is what modern regulation looks like.”
To help firms save money and improve compliance, Mr Edwards said the ICO would publish internal data protection and freedom of information training materials, as well as create a database of the advice the ICO has previously provided to businesses and the public that could be referred to by anyone looking for data protection guidance.
The commissioner, who began in the role at the start of the year, told the PA news agency that rather than spreading the regulator and its resources thinly, a more focused approach meant it could “be more selective and try and apply our resources and regulatory tools so that they will have the greatest impact for the most people”.
In unveiling the plan, Mr Edwards said: “It is absolutely clear to me that in a world of increasing demand, and shrinking resources, we simply cannot keep doing what we’ve been doing and expect the system to improve.”
He added that publishing more internal materials from the ICO to help people and businesses with data protection decisions could reduce uncertainty.
In addition, the proposals will see an ICO-moderated platform created for organisations to discuss data protection law compliance and share their own information and advice.
“The more that we can take that uncertainty out of business decision-making, the more they can invest with confidence,” Mr Edwards said.
As part of this, he said the ICO would look to be more proactive in taking positions on issues of data protection rather than responding after a problem has arisen.
In addition, the ICO25 plan will see the regulator take a revised approach to public sector fines, with the first priority to be improving data protection standards in public sector organisations when a breach occurs.
Giving the example of fining an NHS trust for a law breach and how that could affect medical services within a community, Mr Edwards said he did not think fines were as good a “disincentive” in the public sector as they were in the private sector, saying he wanted the ICO to be “thinking more carefully” about why it issues fines and what it was trying to achieve.