UK data protection ‘overhaul’ to boost fines for nuisance calls

Following last year’s National Data Strategy, the government has now launched a 10-week consultation on proposed changes to the UK’s regulatory framework for data.

John Edwards, who serves as New Zealand’s Privacy Commissioner, has been approved as the government’s preferred candidate as the new Information Commissioner. The government plans a new model for the ICO, including an independent board and chief executive to mirror the structure of regulators such as the Competition and Markets Authority, Ofcom, and the Financial Conduct Authority.

The changes appear to largely loosen data protections, with the government calling it “based on common sense”. It says it wants to remove unnecessary barriers to responsible data use, to help deliver more efficient public services and boost the UK’s reputation in science and technology, such as by simplifying access data for work on medical AI applications and with greater lenience for small organisations with fewer resources to protect data.

The government also said it planned to toughen penalties for nuisance calls and SMS messages. At present, the ICO can fine companies up to £500,000; the government plans to bring this in line with GDPR, which carries a maximum penalty of £17.5m or 4 per cent of annual global turnover. The move comes amid a spike in unwanted marketing communications during the coronavirus pandemic.

Among other changes, the government said it wants to cut the 65,000 data protection complaints the ICO manages every year, in order for it to focus on bigger cases which represent serious harm. Other issues mentioned include considering approaches to mitigating algorithmic bias.

Earlier this week, the outgoing Information Commissioner Elizabeth Denham asked her G7 counterparts to work together to simplify tracking permissions online. This would involve an unspecified mechanism that would allow people to set lasting data privacy preferences within their browsers, apps and device settings, rather than having to manage pop-up cookie banners for every website they visit.

“Data is one of the most important resources in the world and we want our laws to be based on common sense, not box-ticking,” said Oliver Dowden, the digital secretary. “Now that we have left the EU, we have the freedom to create a new world-leading data regime that unleashes the power of data across the economy and society.

“These reforms will keep people’s data safe and secure, while ushering in a new golden age of growth and innovation right across the UK, as we build back better from the pandemic. The protection of people’s personal data will be at the heart of the planned data reform. Far from being a barrier to innovation or trade, regulatory certainty and high data protection standards allow businesses and consumers to thrive.”

Sue Daley, director of tech and innovation at techUK, said: “The data reform consultation is the start of an important conversation that must include a wide range of stakeholders to explore how we could make the UK’s data protection framework work better for citizens and businesses. The National Data Strategy Forum has a key role to play to make this happen as well as supporting the other activities announced today to deliver the missions of the National Data Strategy.”