Nine months into his post as the UK’s data watchdog, John Edwards tells PublicTechnology that he wants to reach all parts of the citizenry
Credit: Ch AFleks/Pixabay Image has been cropped
The information commissioner has outlined his intent for his office to do more to ensure it serves the breadth of the citizenry.
John Edwards began his term at the UK’s data-protection watchdog at the start of this year. He joined from an equivalent role in his native New Zealand, and replaced Elizabeth Denham who was in post for more than five years.
Edwards arrived at something of a time of uncertainty for the Information Commissioner’s Office and the UK’s data-protection regime more widely, with ministers having previously outlined an intent to revamp legislation and “break down the barriers” of EU law that have prevented businesses from being able to use data in innovative ways. A consultation launched on these ambitions last year also included examination of the future role of the ICO.
Nine months into his work at the regulator, Edwards has already put his own stamp on the organisation, including the publication in July of a plan setting out the strategy and objectives for the coming three years.
The document summarises the ICO’s aim as: “to empower you through information”.
Speaking last week, PublicTechnology asked Edwards what his priorities are for the regulator’s work over the coming months.
The commissioner reinforced the ethos set out in the three-year strategy to support individuals in exercising their rights – as well as helping organisations in complying with them. He added that he wants this work – which he said is especially important in the current challenging economic climate – should extend to all parts of society.
“The ICO needs to be an organisation that is agile and responsive to changing economic conditions; we need to be able to empower people to exercise their own rights and provide the tools for organisations to comply with their obligations,” he said. “We have to give people information about their own rights and access where they are not able to do so.”
Edwards added: “I want us to be doing better in being out there for the full spectrum of society, rather than just those with the resources to access data protection.”
Standards and SARs
Alongside the aims of the long-term strategy, in an open letter published shortly beforehand, the commissioner also set out a “revised approach” to working with public bodies.
This will involve a focus on raising standards by “working proactively with senior leaders across the public sector to encourage compliance, prevent harms before they occur and learn lessons when things have gone wrong”, as well as an effort to “reduce the impact of fines… [which] will mean an increase in public reprimands… with fines only issued in the most egregious cases”, Edwards wrote in the letter.
Both the new approach to the public sector and the focus on empowering individuals were exemplified in an announcement made by the ICO last week, in which a range of local and central government entities were publicly reprimanded for failing to meet their obligations in responding to subject access requests (SARs).
Such requests – which must typically be responded to within a month – allow individuals to demand from organisations information on what personal data is held about them and how it is used, and a copy of all personal details kept on file.
Edwards, who was speaking to PublicTechnology in conjunction with the announcement of the reprimands, said that SARs “are absolutely fundamental in empowering individuals, and they provide the foundations for accessing many other rights – not just data protection.”
“They are a gateway to evening out the power imbalances: it is the one tool people have where they can demand equality,” he added.