UK data protection chief calls for new body to regulate the internet

UK data protection chief calls for new body to regulate the internet

The UK’s information commissioner, speaking at a UK House of Lords communication committee inquiry on 11 September, said that there is space for a body that could “identify future gaps in the law” and help existing regulators get extra resources.

A new body, she said, could look into longer-term and more high-level issues. “We’re not necessarily looking at changes in consumer attitudes or behavioural changes or new societal risks or ethical considerations,” she said. “That’s not the job of the data protection regulator.”

The commissioner suggested that the newly created Centre for Data Ethics and Innovation, launched in June this year, could take on the role. The Department for Culture Media and Sport recently praised a report from the UK House of Commons science and technology committee which recommended the Centre look at the issue of algorithmic bias.

But Denham’s recommendation would take the role of the body much further, suggesting that it could bring together different regulators to work on future internet and data law more generally.

Answering questions from peers on the role played by different regulators and how the ICO works with sector-specific bodies like the Financial Conduct Authority and the Competition and Markets Authority, Denham said that though the various offices do work together, this is “probably not well known.”

But a new body could facilitate this much-needed cooperation, she said. “So many mergers and acquisitions ... are really about consolidating more and more personal data,” she said, noting that the 2014 Facebook/WhatsApp merger was, “really about data.”

Committee members also quizzed Denham on the possible need for standardised certification for terms and conditions. Denham admitted that “hardly anybody is reading terms and conditions”, and said that the GDPR gives the ICO the ability to certify and to develop a “kitemark”, which could assure consumers that what they are agreeing to is safe.

When questioned about the efficacy of the GDPR for dealing with modern data protection issues, she argued that the legislation is “fit for purpose”. But she later noted that on the issue of machine-made data, the wording of the legislation could be “problematic”, saying that a “whole other layer of oversight” might be needed in this area.

Since GDPR came into force, Denham said, consumers have come to the ICO far more than anticipated. “It has been a 100% increase in the first three months”, compared to the expected 40% rise, she said. But she also praised the government’s decision to add to the office’s budget and give it pay flexibility to compete with big tech companies.

On the European data protection ecosystem post-Brexit, Denham said that both the ICO and the UK government share an ambition to remain part of the European Data Protection Board. “If that doesn’t happen we’ll need bilateral agreements”, she said. “My mandate is to protect UK citizens and we will do whatever it takes.”